From 7caac9640259aacabbf19c22f7cbbf77ae97b4e3 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 14 Dec 2010 18:28:08 +0000
Subject: Refs #2733 added explanation on the security of the upgrade script

git-svn-id: http://code.elgg.org/elgg/trunk@7620 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 upgrade.php                           | 12 +++++++-----
 views/default/page/shells/upgrade.php | 22 ++++++++++++++++++++++
 views/default/settings/upgrading.php  | 22 ----------------------
 3 files changed, 29 insertions(+), 27 deletions(-)
 create mode 100644 views/default/page/shells/upgrade.php
 delete mode 100644 views/default/settings/upgrading.php

diff --git a/upgrade.php b/upgrade.php
index 42b41b9df..f60f57707 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -2,14 +2,17 @@
 /**
  * Elgg upgrade script.
  *
- * This script triggers any upgrades necessary, ensuring that
- * upgrades are triggered deliberately by a single user.
+ * This script triggers any necessary upgrades. If the site has been upgraded
+ * to the most recent version of the code, no upgrades are run and the caches
+ * are flushed. If you would prefer that this script is not accessible to others
+ * after an upgrade, you can delete it. Future versions of Elgg will include a
+ * new version of the script. Deleting the script is not a requirement and
+ * leaving it behind does not affect the security of the site.
  *
  * @package Elgg.Core
  * @subpackage Upgrade
  */
 
-// Include elgg engine
 define('UPGRADING', 'upgrading');
 require_once(dirname(__FILE__) . "/engine/start.php");
 
@@ -20,8 +23,7 @@ if (get_input('upgrade') == 'upgrade') {
 	elgg_view_regenerate_simplecache();
 	elgg_filepath_cache_reset();
 } else {
-	global $CONFIG;
-	echo elgg_view('settings/upgrading');
+	echo elgg_view_page(elgg_echo('upgrade'), '', 'upgrade');
 	exit;
 }
 
diff --git a/views/default/page/shells/upgrade.php b/views/default/page/shells/upgrade.php
new file mode 100644
index 000000000..b598c3c6a
--- /dev/null
+++ b/views/default/page/shells/upgrade.php
@@ -0,0 +1,22 @@
+<?php
+/**
+ * Page shell for upgrade script
+ *
+ * Displays an ajax loader until upgrade is complete
+ */
+?>
+<html>
+	<head>
+		<title><?php echo elgg_echo('upgrading'); ?></title>
+		<meta http-equiv="refresh" content="1;url=<?php echo elgg_get_site_url(); ?>upgrade.php?upgrade=upgrade"/>
+	</head>
+	<body bgcolor="white">
+		<table width="100%" height="100%" border="0" style="margin: 0px; padding: 0px">
+			<tr>
+				<td width="100%" height="100%" valign="middle" align="center">
+					<img src="<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif"  alt="upgrading" />
+				</td>
+			</tr>
+		</table>
+	</body>
+</html>
\ No newline at end of file
diff --git a/views/default/settings/upgrading.php b/views/default/settings/upgrading.php
deleted file mode 100644
index 19bc13879..000000000
--- a/views/default/settings/upgrading.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-/**
- * @package Elgg
- * @subpackage Core
- */
-?>
-
-<html>
-	<head>
-		<title><?php echo elgg_echo('upgrading'); ?></title>
-		<meta http-equiv="refresh" content="1;url=<?php echo elgg_get_site_url(); ?>upgrade.php?upgrade=upgrade"/>
-	</head>
-	<body bgcolor="white">
-		<table width="100%" height="100%" border="0" style="margin: 0px; padding: 0px">
-			<tr>
-				<td width="100%" height="100%" valign="middle" align="center">
-					<img src="<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif" />
-				</td>
-			</tr>
-		</table>
-	</body>
-</html>
\ No newline at end of file
-- 
cgit v1.2.3