aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-12-14 18:28:08 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-12-14 18:28:08 +0000
commit7caac9640259aacabbf19c22f7cbbf77ae97b4e3 (patch)
tree2bb6847d4f97bc8f4b4ddd3111a950e006e6d09f
parent2b9f88ed50cfc2e1bb209e1ce45589e2499ee170 (diff)
downloadelgg-7caac9640259aacabbf19c22f7cbbf77ae97b4e3.tar.gz
elgg-7caac9640259aacabbf19c22f7cbbf77ae97b4e3.tar.bz2
Refs #2733 added explanation on the security of the upgrade script
git-svn-id: http://code.elgg.org/elgg/trunk@7620 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--upgrade.php12
-rw-r--r--views/default/page/shells/upgrade.php (renamed from views/default/settings/upgrading.php)8
2 files changed, 11 insertions, 9 deletions
diff --git a/upgrade.php b/upgrade.php
index 42b41b9df..f60f57707 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -2,14 +2,17 @@
/**
* Elgg upgrade script.
*
- * This script triggers any upgrades necessary, ensuring that
- * upgrades are triggered deliberately by a single user.
+ * This script triggers any necessary upgrades. If the site has been upgraded
+ * to the most recent version of the code, no upgrades are run and the caches
+ * are flushed. If you would prefer that this script is not accessible to others
+ * after an upgrade, you can delete it. Future versions of Elgg will include a
+ * new version of the script. Deleting the script is not a requirement and
+ * leaving it behind does not affect the security of the site.
*
* @package Elgg.Core
* @subpackage Upgrade
*/
-// Include elgg engine
define('UPGRADING', 'upgrading');
require_once(dirname(__FILE__) . "/engine/start.php");
@@ -20,8 +23,7 @@ if (get_input('upgrade') == 'upgrade') {
elgg_view_regenerate_simplecache();
elgg_filepath_cache_reset();
} else {
- global $CONFIG;
- echo elgg_view('settings/upgrading');
+ echo elgg_view_page(elgg_echo('upgrade'), '', 'upgrade');
exit;
}
diff --git a/views/default/settings/upgrading.php b/views/default/page/shells/upgrade.php
index 19bc13879..b598c3c6a 100644
--- a/views/default/settings/upgrading.php
+++ b/views/default/page/shells/upgrade.php
@@ -1,10 +1,10 @@
<?php
/**
- * @package Elgg
- * @subpackage Core
+ * Page shell for upgrade script
+ *
+ * Displays an ajax loader until upgrade is complete
*/
?>
-
<html>
<head>
<title><?php echo elgg_echo('upgrading'); ?></title>
@@ -14,7 +14,7 @@
<table width="100%" height="100%" border="0" style="margin: 0px; padding: 0px">
<tr>
<td width="100%" height="100%" valign="middle" align="center">
- <img src="<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif" />
+ <img src="<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif" alt="upgrading" />
</td>
</tr>
</table>