From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 14 Dec 2010 18:28:08 +0000 (+0000)
Subject: Refs #2733 added explanation on the security of the upgrade script
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=7caac9640259aacabbf19c22f7cbbf77ae97b4e3;p=lorea%2Felgg.git

Refs #2733 added explanation on the security of the upgrade script

git-svn-id: http://code.elgg.org/elgg/trunk@7620 36083f99-b078-4883-b0ff-0f9b5a30f544
---

diff --git a/upgrade.php b/upgrade.php
index 42b41b9df..f60f57707 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -2,14 +2,17 @@
 /**
  * Elgg upgrade script.
  *
- * This script triggers any upgrades necessary, ensuring that
- * upgrades are triggered deliberately by a single user.
+ * This script triggers any necessary upgrades. If the site has been upgraded
+ * to the most recent version of the code, no upgrades are run and the caches
+ * are flushed. If you would prefer that this script is not accessible to others
+ * after an upgrade, you can delete it. Future versions of Elgg will include a
+ * new version of the script. Deleting the script is not a requirement and
+ * leaving it behind does not affect the security of the site.
  *
  * @package Elgg.Core
  * @subpackage Upgrade
  */
 
-// Include elgg engine
 define('UPGRADING', 'upgrading');
 require_once(dirname(__FILE__) . "/engine/start.php");
 
@@ -20,8 +23,7 @@ if (get_input('upgrade') == 'upgrade') {
 	elgg_view_regenerate_simplecache();
 	elgg_filepath_cache_reset();
 } else {
-	global $CONFIG;
-	echo elgg_view('settings/upgrading');
+	echo elgg_view_page(elgg_echo('upgrade'), '', 'upgrade');
 	exit;
 }
 
diff --git a/views/default/settings/upgrading.php b/views/default/page/shells/upgrade.php
similarity index 78%
rename from views/default/settings/upgrading.php
rename to views/default/page/shells/upgrade.php
index 19bc13879..b598c3c6a 100644
--- a/views/default/settings/upgrading.php
+++ b/views/default/page/shells/upgrade.php
@@ -1,10 +1,10 @@
 <?php
 /**
- * @package Elgg
- * @subpackage Core
+ * Page shell for upgrade script
+ *
+ * Displays an ajax loader until upgrade is complete
  */
 ?>
-
 <html>
 	<head>
 		<title><?php echo elgg_echo('upgrading'); ?></title>
@@ -14,7 +14,7 @@
 		<table width="100%" height="100%" border="0" style="margin: 0px; padding: 0px">
 			<tr>
 				<td width="100%" height="100%" valign="middle" align="center">
-					<img src="<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif" />
+					<img src="<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif"  alt="upgrading" />
 				</td>
 			</tr>
 		</table>