Chris@0: authenticate($request); Chris@0: if ($account) { Chris@0: \Drupal::currentUser()->setAccount($account); Chris@0: } Chris@0: return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates'); Chris@0: } Chris@0: Chris@0: try { Chris@0: $request = Request::createFromGlobals(); Chris@0: $kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod'); Chris@0: $kernel->prepareLegacyRequest($request); Chris@0: } Chris@0: catch (HttpExceptionInterface $e) { Chris@0: $response = new Response('', $e->getStatusCode()); Chris@0: $response->prepare($request)->send(); Chris@0: exit; Chris@0: } Chris@0: Chris@0: // We have to enable the user and system modules, even to check access and Chris@0: // display errors via the maintenance theme. Chris@0: \Drupal::moduleHandler()->addModule('system', 'core/modules/system'); Chris@0: \Drupal::moduleHandler()->addModule('user', 'core/modules/user'); Chris@0: \Drupal::moduleHandler()->load('system'); Chris@0: \Drupal::moduleHandler()->load('user'); Chris@0: Chris@0: // Initialize the maintenance theme for this administrative script. Chris@0: drupal_maintenance_theme(); Chris@0: Chris@0: $content = []; Chris@0: $show_messages = TRUE; Chris@0: Chris@0: $is_allowed = authorize_access_allowed($request); Chris@0: Chris@0: // Build content. Chris@0: if ($is_allowed) { Chris@0: // Load both the Form API and Batch API. Chris@0: require_once __DIR__ . '/includes/form.inc'; Chris@0: require_once __DIR__ . '/includes/batch.inc'; Chris@0: Chris@0: if (isset($_SESSION['authorize_page_title'])) { Chris@0: $page_title = $_SESSION['authorize_page_title']; Chris@0: } Chris@0: else { Chris@0: $page_title = t('Authorize file system changes'); Chris@0: } Chris@0: Chris@0: // See if we've run the operation and need to display a report. Chris@0: if (isset($_SESSION['authorize_results']) && $results = $_SESSION['authorize_results']) { Chris@0: Chris@0: // Clear the session out. Chris@0: unset($_SESSION['authorize_results']); Chris@0: unset($_SESSION['authorize_operation']); Chris@0: unset($_SESSION['authorize_filetransfer_info']); Chris@0: Chris@0: if (!empty($results['page_title'])) { Chris@0: $page_title = $results['page_title']; Chris@0: } Chris@0: if (!empty($results['page_message'])) { Chris@17: \Drupal::messenger()->addMessage($results['page_message']['message'], $results['page_message']['type']); Chris@0: } Chris@0: Chris@0: $content['authorize_report'] = [ Chris@0: '#theme' => 'authorize_report', Chris@0: '#messages' => $results['messages'], Chris@0: ]; Chris@0: Chris@0: if (is_array($results['tasks'])) { Chris@0: $links = $results['tasks']; Chris@0: } Chris@0: else { Chris@17: // Since this is being called outside of the primary front controller, Chris@0: // the base_url needs to be set explicitly to ensure that links are Chris@0: // relative to the site root. Chris@0: // @todo Simplify with https://www.drupal.org/node/2548095 Chris@0: $default_options = [ Chris@0: '#type' => 'link', Chris@0: '#options' => [ Chris@0: 'absolute' => TRUE, Chris@0: 'base_url' => $GLOBALS['base_url'], Chris@0: ], Chris@0: ]; Chris@0: $links = [ Chris@0: $default_options + [ Chris@0: '#url' => Url::fromRoute('system.admin'), Chris@0: '#title' => t('Administration pages'), Chris@0: ], Chris@0: $default_options + [ Chris@0: '#url' => Url::fromRoute(''), Chris@0: '#title' => t('Front page'), Chris@0: ], Chris@0: ]; Chris@0: } Chris@0: Chris@0: $content['next_steps'] = [ Chris@0: '#theme' => 'item_list', Chris@0: '#items' => $links, Chris@0: '#title' => t('Next steps'), Chris@0: ]; Chris@0: } Chris@0: // If a batch is running, let it run. Chris@0: elseif ($request->query->has('batch')) { Chris@0: $content = _batch_page($request); Chris@0: // If _batch_page() returns a response object (likely a JsonResponse for Chris@0: // JavaScript-based batch processing), send it immediately. Chris@0: if ($content instanceof Response) { Chris@0: $content->send(); Chris@0: exit; Chris@0: } Chris@0: } Chris@0: else { Chris@0: if (empty($_SESSION['authorize_operation']) || empty($_SESSION['authorize_filetransfer_info'])) { Chris@0: $content = ['#markup' => t('It appears you have reached this page in error.')]; Chris@0: } Chris@0: elseif (!$batch = batch_get()) { Chris@0: // We have a batch to process, show the filetransfer form. Chris@0: try { Chris@0: $content = \Drupal::formBuilder()->getForm('Drupal\Core\FileTransfer\Form\FileTransferAuthorizeForm'); Chris@0: } Chris@0: catch (EnforcedResponseException $e) { Chris@0: $e->getResponse()->send(); Chris@0: exit; Chris@0: } Chris@0: } Chris@0: } Chris@0: // We defer the display of messages until all operations are done. Chris@0: $show_messages = !(($batch = batch_get()) && isset($batch['running'])); Chris@0: } Chris@0: else { Chris@0: \Drupal::logger('access denied')->warning('authorize.php'); Chris@0: $page_title = t('Access denied'); Chris@0: $content = ['#markup' => t('You are not allowed to access this page.')]; Chris@0: } Chris@0: Chris@0: $bare_html_page_renderer = \Drupal::service('bare_html_page_renderer'); Chris@0: $response = $bare_html_page_renderer->renderBarePage($content, $page_title, 'maintenance_page', [ Chris@0: '#show_messages' => $show_messages, Chris@0: ]); Chris@0: if (!$is_allowed) { Chris@0: $response->setStatusCode(403); Chris@0: } Chris@0: $response->send();