[#18127] - [4.0][RFC] Move post-update steps into restore_finalisation.php
- Closed
- 9 Sep 2018
- Medium
- Build: staging
- # 18127
The restore.php file which handles request during the update cycle (mainly the filesystem extraction piece) hooks the restore_finalisation.php to perform "critical" update steps before handing the request back to the CMS. In general this is OK, but it leaves us in a spot where we are still booting and running the CMS to perform a large chunk of the update steps. This can be problematic, especially seen with the 3.8 update, because there are extensions which overload the core classes through plugin events.
My postupdate script has better odds of completing an update successfully because it does not route the request through the CMS application, so no plugins are being dispatched before the request reaches the update component meaning critical core classes aren't overloaded.
With 4.0, we need to move more of the update logic outside of the CMS and into restore.php so that when the non-filesystem update steps of an update are run they are run with as minimal of the framework stack loaded as possible with as little opportunity to be messed with (i.e. classes overloaded) as possible. If this is done for "normal" web updates, we should also look at how we can push the upload and update path into this process as well. The bottom line though is that by using the core application to update itself, we are exposing ourselves to too many issues that can be addressed by bypassing key elements and only using the components that are required.
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Labels |
Added:
?
|
||
It really doesn't need to be a full app for it to work right. Since restore_finalisation.php is only triggered after the filesystem has been updated, we should be able to safely boot the core framework and trigger the finalization steps. In essence the restore.php file is its own application in a file so we do have a standalone app with a hook point to run our app specific stuff, I don't think we'd need to get much more elaborate with it.
The main thing I want to do is stop going through our index.php file which boots and executes the normal Joomla application class (including triggering all the normal plugin events) as using the normal request flow is what's causing us the biggest headaches. We need to boot the admin app class just so JFactory::getApplication() calls work correctly, but we can 100% avoid calling the app's execute() method.
franz-wohlkoenig
- | Category | ⇒ | com_joomlaupdate |
| Status | New | ⇒ | Discussion |
This is not really solution but (I have not tested it) an admin could change .htaccess file to redirect a request from ./administrator/index.php?option=com_joomlaupdate&task=update.finalise to ./administrator/postupdate.php file and starts updating to joomla 3.8.
Notice, it is not as secure as regular update because session is not checked and ftp does not work.
Notice, it is not as secure as regular update because session is not checked and ftp does not work.
And that's why I'm suggesting to hook into restore.php more. The update component is already wired up to pass information (securely) to it. So unlike my postupdate.php which is potentially executable by an unauthenticated user, the update process still can only be triggered by someone with correct privileges.
Please correct me if I misunderstand. It would be good to do that before J4
Restore.php does:
-
After zip package has been downloaded then it starts extracting it
-
Takes care about access, security between ajax calls
-
After new files has been extracted delete old files
-
After done redirect to
/administrator/index.php?option=com_joomlaupdate&task=update.finalise...
Restore.php would:
-
After zip package has been downloaded then it starts extracting it
-
Takes care about access, security between ajax calls
-
After new files has been extracted delete old files
-
Uses a new function to do the same as in
JoomlaupdateModelDefault::finaliseUpgrade()https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_joomlaupdate/models/default.php#L589
but execute each sql update file or query per ajax call.- may be move / copy functionality of
JoomlaupdateModelDefault::finaliseUpgrade()toJoomlaInstallerScriptclass at https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_admin/script.php#L17
- may be move / copy functionality of
-
After done redirect to
/administrator/index.php?option=com_joomlaupdate&task=update.cleanup...
@brianteeman I am working on that targeting J4. The work is ON since #14159 (comment)
However, The post upgrade script from @mbabker has given me opportunity to do this in short way and possibly can come in J3.x itself. I'll continue the big work for J4 anyway.
You can't do it directly first - you can only do this if you're upgrading from Joomla 3.3/3.4 and higher (when the support for restore_finalisation was introduced). As a result even if you move it there it must still be called in script.php
TLDR: Just do it in 4 - it's so much easier
Change for the sake of change, there are other tasks needing attention without this.
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-09-09 16:57:57 |
| Closed_By | ⇒ | mbabker | |
| Labels |
Added:
J4 Issue
|
||
how about moving the entire update so a standalone app that is only accessible via direct link from the cmd?