Refs #2733 added explanation on the security of the upgrade script

git-svn-id: http://code.elgg.org/elgg/trunk@7620 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 7 insertions, 5 deletions

diff --git a/upgrade.php b/upgrade.php
index 42b41b9df..f60f57707 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -2,14 +2,17 @@
 /**
  * Elgg upgrade script.
  *
- * This script triggers any upgrades necessary, ensuring that
- * upgrades are triggered deliberately by a single user.
+ * This script triggers any necessary upgrades. If the site has been upgraded
+ * to the most recent version of the code, no upgrades are run and the caches
+ * are flushed. If you would prefer that this script is not accessible to others
+ * after an upgrade, you can delete it. Future versions of Elgg will include a
+ * new version of the script. Deleting the script is not a requirement and
+ * leaving it behind does not affect the security of the site.
  *
  * @package Elgg.Core
  * @subpackage Upgrade
  */
 
-// Include elgg engine
 define('UPGRADING', 'upgrading');
 require_once(dirname(__FILE__) . "/engine/start.php");
 
@@ -20,8 +23,7 @@ if (get_input('upgrade') == 'upgrade') {
 	elgg_view_regenerate_simplecache();
 	elgg_filepath_cache_reset();
 } else {
-	global $CONFIG;
-	echo elgg_view('settings/upgrading');
+	echo elgg_view_page(elgg_echo('upgrade'), '', 'upgrade');
 	exit;
 }