diff --git a/core/authorize.php b/core/authorize.php index 7f80850..46c6a29 100644 --- a/core/authorize.php +++ b/core/authorize.php @@ -12,7 +12,7 @@ * a multistep process. This script actually performs the selected operations * without loading all of Drupal, to be able to more gracefully recover from * errors. Access to the script is controlled by a global killswitch in - * settings.php ('allow_operations') and via the 'administer software + * settings.php ('allow_authorize_operations') and via the 'administer software * updates' permission. * * There are helper functions for setting up an operation to run via this @@ -58,7 +58,7 @@ function authorize_access_denied_page() { * TRUE if the current user can run authorize.php, and FALSE if not. */ function authorize_access_allowed() { - return config('system.authorize')->get('allow_operations') && user_access('administer software updates'); + return settings()->get('allow_authorize_operations', TRUE) && user_access('administer software updates'); } // *** Real work of the script begins here. *** diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index 12ab6e9..353714e 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -1,6 +1,7 @@ get('cache.page.omit_vary_cookie')) { + if (!isset($hook_boot_headers['vary']) && !settings()->get('omit_vary_cookie')) { header('Vary: Cookie'); } @@ -2120,7 +2137,7 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) { break; case DRUPAL_BOOTSTRAP_SESSION: - require_once DRUPAL_ROOT . '/' . variable_get('session_inc', 'core/includes/session.inc'); + require_once DRUPAL_ROOT . '/' . settings()->get('session_inc', 'core/includes/session.inc'); drupal_session_initialize(); break; @@ -2311,7 +2328,7 @@ function _drupal_bootstrap_page_cache() { require_once DRUPAL_ROOT . '/' . $include; } // Check for a cache mode force from settings.php. - if (variable_get('page_cache_without_database')) { + if (settings()->get('page_cache_without_database')) { $cache_enabled = TRUE; } else { @@ -3016,12 +3033,12 @@ function ip_address() { if (!isset($ip_address)) { $ip_address = $_SERVER['REMOTE_ADDR']; - if (variable_get('reverse_proxy', 0)) { - $reverse_proxy_header = variable_get('reverse_proxy_header', 'HTTP_X_FORWARDED_FOR'); + if (settings()->get('reverse_proxy', 0)) { + $reverse_proxy_header = settings()->get('reverse_proxy_header', 'HTTP_X_FORWARDED_FOR'); if (!empty($_SERVER[$reverse_proxy_header])) { // If an array of known reverse proxy IPs is provided, then trust // the XFF header if request really comes from one of them. - $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array()); + $reverse_proxy_addresses = settings()->get('reverse_proxy_addresses', array()); // Turn XFF header into an array. $forwarded = explode(',', $_SERVER[$reverse_proxy_header]); @@ -3051,20 +3068,27 @@ function ip_address() { * classes, interfaces, and traits (PHP 5.4 and later). It's only dependency * is DRUPAL_ROOT. Otherwise it may be called as early as possible. * + * @param $class_loader + * The name of class loader to use. This can be used to change the class + * loader class when calling drupal_classloader() from settings.php. It is + * ignored otherwise. + * * @return Symfony\Component\ClassLoader\UniversalClassLoader * A UniversalClassLoader class instance (or extension thereof). */ -function drupal_classloader() { +function drupal_classloader($class_loader = NULL) { // By default, use the UniversalClassLoader which is best for development, // as it does not break when code is moved on the file system. However, as it // is slow, allow to use the APC class loader in production. static $loader; if (!isset($loader)) { - global $class_loader; // Include the Symfony ClassLoader for loading PSR-0-compatible classes. require_once DRUPAL_ROOT . '/core/vendor/symfony/class-loader/Symfony/Component/ClassLoader/UniversalClassLoader.php'; + if (!isset($class_loader) && class_exists('Drupal\Component\Utility\Settings', FALSE)) { + $class_loader = settings()->get('class_loader'); + } switch ($class_loader) { case 'apc': diff --git a/core/includes/common.inc b/core/includes/common.inc index a8ba090..bd263ec 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -809,7 +809,7 @@ function drupal_http_request($url, array $options = array()) { $options['timeout'] = (float) $options['timeout']; // Use a proxy if one is defined and the host is not on the excluded list. - $proxy_server = variable_get('proxy_server', ''); + $proxy_server = settings()->get('proxy_server', ''); if ($proxy_server && _drupal_http_use_proxy($uri['host'])) { // Set the scheme so we open a socket to the proxy server. $uri['scheme'] = 'proxy'; @@ -819,13 +819,13 @@ function drupal_http_request($url, array $options = array()) { unset($uri['query']); // Add in username and password to Proxy-Authorization header if needed. - if ($proxy_username = variable_get('proxy_username', '')) { - $proxy_password = variable_get('proxy_password', ''); + if ($proxy_username = settings()->get('proxy_username', '')) { + $proxy_password = settings()->get('proxy_password', ''); $options['headers']['Proxy-Authorization'] = 'Basic ' . base64_encode($proxy_username . (!empty($proxy_password) ? ":" . $proxy_password : '')); } // Some proxies reject requests with any User-Agent headers, while others // require a specific one. - $proxy_user_agent = variable_get('proxy_user_agent', ''); + $proxy_user_agent = settings()->get('proxy_user_agent', ''); // The default value matches neither condition. if ($proxy_user_agent === NULL) { unset($options['headers']['User-Agent']); @@ -838,7 +838,7 @@ function drupal_http_request($url, array $options = array()) { switch ($uri['scheme']) { case 'proxy': // Make the socket connection to a proxy server. - $socket = 'tcp://' . $proxy_server . ':' . variable_get('proxy_port', 8080); + $socket = 'tcp://' . $proxy_server . ':' . settings()->get('proxy_port', 8080); // The Host header still needs to match the real request. $options['headers']['Host'] = $uri['host']; $options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : ''; @@ -1068,7 +1068,7 @@ function drupal_http_request($url, array $options = array()) { * TRUE if a proxy should be used for this host. */ function _drupal_http_use_proxy($host) { - $proxy_exceptions = variable_get('proxy_exceptions', array('localhost', '127.0.0.1')); + $proxy_exceptions = settings()->get('proxy_exceptions', array('localhost', '127.0.0.1')); return !in_array(strtolower($host), $proxy_exceptions, TRUE); } @@ -4757,10 +4757,10 @@ function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) { * Loads code for subsystems and modules, and registers stream wrappers. */ function _drupal_bootstrap_code() { - require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'core/includes/path.inc'); + require_once DRUPAL_ROOT . '/' . settings()->get('path_inc', 'core/includes/path.inc'); require_once DRUPAL_ROOT . '/core/includes/theme.inc'; require_once DRUPAL_ROOT . '/core/includes/pager.inc'; - require_once DRUPAL_ROOT . '/' . variable_get('menu_inc', 'core/includes/menu.inc'); + require_once DRUPAL_ROOT . '/' . settings()->get('menu_inc', 'core/includes/menu.inc'); require_once DRUPAL_ROOT . '/core/includes/tablesort.inc'; require_once DRUPAL_ROOT . '/core/includes/file.inc'; require_once DRUPAL_ROOT . '/core/includes/unicode.inc'; diff --git a/core/includes/database.inc b/core/includes/database.inc index 0cbaaa6..15ffcc3 100644 --- a/core/includes/database.inc +++ b/core/includes/database.inc @@ -905,7 +905,7 @@ function db_ignore_slave() { // Five minutes is long enough to allow the slave to break and resume // interrupted replication without causing problems on the Drupal site from // the old data. - $duration = variable_get('maximum_replication_lag', 300); + $duration = settings()->get('maximum_replication_lag', 300); // Set session variable with amount of time to delay before using slave. $_SESSION['ignore_slave_server'] = REQUEST_TIME + $duration; } diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc index 755c2c1..5223cc5 100644 --- a/core/includes/install.core.inc +++ b/core/includes/install.core.inc @@ -279,7 +279,7 @@ function install_begin_request(&$install_state) { require_once DRUPAL_ROOT . '/core/includes/file.inc'; require_once DRUPAL_ROOT . '/core/includes/install.inc'; require_once DRUPAL_ROOT . '/core/includes/schema.inc'; - require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'core/includes/path.inc'); + require_once DRUPAL_ROOT . '/' . settings()->get('path_inc', 'core/includes/path.inc'); // Load module basics (needed for hook invokes). include_once DRUPAL_ROOT . '/core/includes/module.inc'; diff --git a/core/includes/theme.maintenance.inc b/core/includes/theme.maintenance.inc index 4b3e80c..4aa0a13 100644 --- a/core/includes/theme.maintenance.inc +++ b/core/includes/theme.maintenance.inc @@ -22,7 +22,7 @@ function _drupal_maintenance_theme() { return; } - require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'core/includes/path.inc'); + require_once DRUPAL_ROOT . '/' . settings()->get('path_inc', 'core/includes/path.inc'); require_once DRUPAL_ROOT . '/core/includes/theme.inc'; require_once DRUPAL_ROOT . '/core/includes/common.inc'; require_once DRUPAL_ROOT . '/core/includes/unicode.inc'; diff --git a/core/lib/Drupal/Component/Utility/Settings.php b/core/lib/Drupal/Component/Utility/Settings.php new file mode 100644 index 0000000..3f804ad --- /dev/null +++ b/core/lib/Drupal/Component/Utility/Settings.php @@ -0,0 +1,59 @@ +storage = $settings; + self::$singleton = $this; + } + + /** + * Returns a setting. + * + * Settings can be set in settings.php in the $settings array and requested + * by this function. Settings should be used over configuration for read-only, + * possibly low bootstrap configuration that is environment specific. + * + * @param string $name + * The name of the setting to return. + * @param mixed $default + * (optional) The default value to use if this setting is not set. + * + * @return mixed + * The value of the setting, the provided default if not set. + */ + public function get($name, $default = NULL) { + return isset($this->storage[$name]) ? $this->storage[$name] : $default; + } + + /** + * Returns all the settings. This is only used for testing purposes. + * + * @return array + * All the settings. + */ + public function getAll() { + return $this->storage; + } + +} diff --git a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php index 0fb4e39..4d72998 100644 --- a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php +++ b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php @@ -8,6 +8,7 @@ namespace Drupal\simpletest; use Drupal\Core\Database\Database; +use Drupal\Component\Utility\Settings; use Drupal\Core\DependencyInjection\ContainerBuilder; use Drupal\Core\Database\ConnectionNotDefinedException; use Drupal\Core\DrupalKernel; @@ -138,6 +139,11 @@ protected $verboseDirectoryUrl; /** + * The settings array. + */ + protected $originalSettings; + + /** * Constructor for Test. * * @param $test_id @@ -814,6 +820,7 @@ protected function prepareEnvironment() { } // Backup current in-memory configuration. + $this->originalSettings = settings()->getAll(); $this->originalConf = $conf; // Backup statics and globals. @@ -1012,6 +1019,7 @@ protected function tearDown() { // Restore original in-memory configuration. $conf = $this->originalConf; + new Settings($this->originalSettings); // Restore original statics and globals. drupal_container($this->originalContainer); @@ -1092,6 +1100,22 @@ protected function exceptionHandler($exception) { } /** + * Changes in memory settings. + * + * @param $name + * The name of the setting to return. + * @param $value + * The value of the setting. + * + * @see \Drupal\Component\Utility\Settings::get() + */ + protected function settingsSet($name, $value) { + $settings = settings()->getAll(); + $settings[$name] = $value; + new Settings($settings); + } + + /** * Generates a random string of ASCII characters of codes 32 to 126. * * The generated string includes alpha-numeric characters and common diff --git a/core/modules/system/config/system.performance.yml b/core/modules/system/config/system.performance.yml index 61adb18..d508591 100644 --- a/core/modules/system/config/system.performance.yml +++ b/core/modules/system/config/system.performance.yml @@ -1,7 +1,6 @@ cache: page: enabled: '0' - omit_vary_cookie: '' max_age: '0' css: preprocess: '0' diff --git a/core/modules/system/lib/Drupal/system/Tests/Bootstrap/IpAddressTest.php b/core/modules/system/lib/Drupal/system/Tests/Bootstrap/IpAddressTest.php index a6f87ef..c062aa6 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Bootstrap/IpAddressTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Bootstrap/IpAddressTest.php @@ -58,14 +58,14 @@ function testIPAddressHost() { ); // Proxy forwarding on but no proxy addresses defined. - variable_set('reverse_proxy', 1); + $this->settingsSet('reverse_proxy', 1); $this->assertTrue( ip_address() == $this->remote_ip, 'Proxy forwarding without trusted proxies got remote IP address.' ); // Proxy forwarding on and proxy address not trusted. - variable_set('reverse_proxy_addresses', array($this->proxy_ip, $this->proxy2_ip)); + $this->settingsSet('reverse_proxy_addresses', array($this->proxy_ip, $this->proxy2_ip)); drupal_static_reset('ip_address'); $_SERVER['REMOTE_ADDR'] = $this->untrusted_ip; $this->assertTrue( @@ -92,7 +92,7 @@ function testIPAddressHost() { ); // Custom client-IP header. - variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP'); + $this->settingsSet('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP'); $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip; drupal_static_reset('ip_address'); $this->assertTrue( diff --git a/core/modules/system/lib/Drupal/system/Tests/System/SystemAuthorizeTest.php b/core/modules/system/lib/Drupal/system/Tests/System/SystemAuthorizeTest.php index 730886d..3b2dc19 100644 --- a/core/modules/system/lib/Drupal/system/Tests/System/SystemAuthorizeTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/System/SystemAuthorizeTest.php @@ -32,8 +32,6 @@ public static function getInfo() { function setUp() { parent::setUp(); - variable_set('allow_authorize_operations', TRUE); - // Create an administrator user. $this->admin_user = $this->drupalCreateUser(array('administer software updates')); $this->drupalLogin($this->admin_user); diff --git a/core/modules/system/system.install b/core/modules/system/system.install index 8c7d72a..b632a2f 100644 --- a/core/modules/system/system.install +++ b/core/modules/system/system.install @@ -416,11 +416,11 @@ function system_requirements($phase) { // Verify the update.php access setting if ($phase == 'runtime') { - if (!empty($GLOBALS['update_free_access'])) { + if (settings()->get('update_free_access')) { $requirements['update access'] = array( 'value' => $t('Not protected'), 'severity' => REQUIREMENT_ERROR, - 'description' => $t('The update.php script is accessible to everyone without authentication check, which is a security risk. You must change the $update_free_access value in your settings.php back to FALSE.'), + 'description' => $t('The update.php script is accessible to everyone without authentication check, which is a security risk. You must change the @settings_name value in your settings.php back to FALSE.', array('@settings_name' => '$settings[\'update_free_access\']')), ); } else { @@ -1873,7 +1873,6 @@ function system_update_8017() { 'page_compression' => 'response.gzip', 'preprocess_css' => 'css.preprocess', 'preprocess_js' => 'js.preprocess', - 'omit_vary_cookie' => 'omit_vary_cookie', 'stale_file_threshold' => 'stale_file_threshold', )); } @@ -2118,7 +2117,6 @@ function system_update_8029() { */ function system_update_8030() { update_variables_to_config('system.authorize', array( - 'allow_authorize_operations' => 'allow_operations', 'authorize_filetransfer_default' => 'filetransfer_default', )); } diff --git a/core/modules/update/lib/Drupal/update/Tests/UpdateContribTest.php b/core/modules/update/lib/Drupal/update/Tests/UpdateContribTest.php index af7d035..2817c86 100644 --- a/core/modules/update/lib/Drupal/update/Tests/UpdateContribTest.php +++ b/core/modules/update/lib/Drupal/update/Tests/UpdateContribTest.php @@ -327,7 +327,6 @@ function testUpdateBrokenFetchURL() { * update, then assert if we see the appropriate warnings on the right pages. */ function testHookUpdateStatusAlter() { - variable_set('allow_authorize_operations', TRUE); $update_test_config = config('update_test.settings'); $update_admin_user = $this->drupalCreateUser(array('administer site configuration', 'administer software updates')); $this->drupalLogin($update_admin_user); diff --git a/core/modules/update/lib/Drupal/update/Tests/UpdateUploadTest.php b/core/modules/update/lib/Drupal/update/Tests/UpdateUploadTest.php index 4917630..d3bcdb8 100644 --- a/core/modules/update/lib/Drupal/update/Tests/UpdateUploadTest.php +++ b/core/modules/update/lib/Drupal/update/Tests/UpdateUploadTest.php @@ -29,7 +29,6 @@ public static function getInfo() { public function setUp() { parent::setUp(); - variable_set('allow_authorize_operations', TRUE); $admin_user = $this->drupalCreateUser(array('administer software updates', 'administer site configuration')); $this->drupalLogin($admin_user); } diff --git a/core/modules/update/update.manager.inc b/core/modules/update/update.manager.inc index 062ffca..0047a52 100644 --- a/core/modules/update/update.manager.inc +++ b/core/modules/update/update.manager.inc @@ -7,7 +7,7 @@ * This allows site administrators with the 'administer software updates' * permission to either upgrade existing projects, or download and install new * ones, so long as the killswitch setting ('allow_authorize_operations') is - * still TRUE. + * not FALSE. * * To install new code, the administrator is prompted for either the URL of an * archive file, or to directly upload the archive file. The archive is loaded diff --git a/core/modules/update/update.module b/core/modules/update/update.module index 865caea..00ef879 100644 --- a/core/modules/update/update.module +++ b/core/modules/update/update.module @@ -251,7 +251,7 @@ function update_menu() { * @see update_menu() */ function update_manager_access() { - return config('system.authorize')->get('allow_operations') && user_access('administer software updates'); + return settings()->get('allow_authorize_operations', TRUE) && user_access('administer software updates'); } /** diff --git a/core/update.php b/core/update.php index ff65c6e..17b44fd 100644 --- a/core/update.php +++ b/core/update.php @@ -209,8 +209,8 @@ function update_results_page() { $output .= '
'; } - if (!empty($GLOBALS['update_free_access'])) { - $output .= "Reminder: don't forget to set the \$update_free_access
value in your settings.php
file back to FALSE
.
Reminder: don't forget to set the \$settings['update_free_access']
value in your settings.php
file back to FALSE
.
Access denied. You are not authorized to access this page. Log in using either an account with the administer software updates permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit settings.php
to bypass this access check. To do this:
sites/your_site_name
if such directory exists, or else to sites/default
which applies otherwise.$update_free_access = FALSE;
. Change it to $update_free_access = TRUE;
.$update_free_access = FALSE;
.$settings[\'update_free_access\'] = FALSE;
. Change it to $settings[\'update_free_access\'] = TRUE;
.$settings[\'update_free_access\'] = FALSE;
.The requested URL "@path" was not found on this server.
'; /** - * External access proxy settings: - * - * If your site must access the Internet via a web proxy then you can enter - * the proxy settings here. Currently only basic authentication is supported - * by using the username and password variables. The proxy_user_agent variable - * can be set to NULL for proxies that require no User-Agent header or to a - * non-empty string for proxies that limit requests to a specific agent. The - * proxy_exceptions variable is an array of host names to be accessed directly, - * not via proxy. - */ -# $conf['proxy_server'] = ''; -# $conf['proxy_port'] = 8080; -# $conf['proxy_username'] = ''; -# $conf['proxy_password'] = ''; -# $conf['proxy_user_agent'] = ''; -# $conf['proxy_exceptions'] = array('127.0.0.1', 'localhost'); - -/** - * Authorized file system operations: - * - * The Update Manager module included with Drupal provides a mechanism for - * site administrators to securely install missing updates for the site - * directly through the web user interface. On securely-configured servers, - * the Update manager will require the administrator to provide SSH or FTP - * credentials before allowing the installation to proceed; this allows the - * site to update the new files as the user who owns all the Drupal files, - * instead of as the user the webserver is running as. On servers where the - * webserver user is itself the owner of the Drupal files, the administrator - * will not be prompted for SSH or FTP credentials (note that these server - * setups are common on shared hosting, but are inherently insecure). - * - * Some sites might wish to disable the above functionality, and only update - * the code directly via SSH or FTP themselves. This setting completely - * disables all functionality related to these authorized file operations. - * - * @see http://drupal.org/node/244924 - * - * Remove the leading hash signs to disable. - */ -# $conf['allow_authorize_operations'] = FALSE; - -/** * Load local development override configuration, if available. * * Use settings.local.php to override variables on secondary (staging,