Mercurial > defr > drupal > core
diff update.php @ 15:4347c45bb494 6.7
Drupal 6.7
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:32:44 +0100 |
| parents | c1f4ac30525a |
| children |
line wrap: on
line diff
--- a/update.php Tue Dec 23 14:32:33 2008 +0100 +++ b/update.php Tue Dec 23 14:32:44 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: update.php,v 1.252 2008/02/03 18:41:16 goba Exp $ +// $Id: update.php,v 1.252.2.2 2008/12/10 22:30:13 goba Exp $ /** * @file @@ -369,6 +369,7 @@ update_task_list('info'); drupal_set_title('Drupal database update'); + $token = drupal_get_token('update'); $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>'; $output .= "<ol>\n"; $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n"; @@ -377,7 +378,7 @@ $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n"; $output .= "</ol>\n"; $output .= "<p>When you have performed the steps above, you may proceed.</p>\n"; - $output .= '<form method="post" action="update.php?op=selection"><input type="submit" value="Continue" /></form>'; + $output .= '<form method="post" action="update.php?op=selection&token='. $token .'"><input type="submit" value="Continue" /></form>'; $output .= "\n"; return $output; } @@ -448,7 +449,7 @@ // Store values of expensive functions for future use. if (empty($themes) || empty($modules)) { - $themes = system_theme_data(); + $themes = _system_theme_data(); $modules = module_rebuild_cache(); } @@ -627,19 +628,23 @@ $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : ''; switch ($op) { + case 'selection': + if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) { + $output = update_selection_page(); + break; + } + + case 'Update': + if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) { + update_batch(); + break; + } + // update.php ops case 'info': $output = update_info_page(); break; - case 'selection': - $output = update_selection_page(); - break; - - case 'Update': - update_batch(); - break; - case 'results': $output = update_results_page(); break;