From 56efb2f000dffe9c97c5e8af379a15a655e0d60e Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Wed, 6 Aug 2014 08:41:08 -0400
Subject: [PATCH] Require autoConfigure on for upgrading.

---
 .../VuFind/Controller/UpgradeController.php   | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/module/VuFind/src/VuFind/Controller/UpgradeController.php b/module/VuFind/src/VuFind/Controller/UpgradeController.php
index 0e44ef8c992..ee4020050a0 100644
--- a/module/VuFind/src/VuFind/Controller/UpgradeController.php
+++ b/module/VuFind/src/VuFind/Controller/UpgradeController.php
@@ -29,6 +29,7 @@ namespace VuFind\Controller;
 use ArrayObject, VuFind\Config\Locator as ConfigLocator,
     VuFind\Cookie\Container as CookieContainer,
     VuFind\Exception\RecordMissing as RecordMissingException,
+    Zend\Mvc\MvcEvent,
     Zend\Session\Container as SessionContainer;
 
 /**
@@ -87,6 +88,38 @@ class UpgradeController extends AbstractBase
         }
     }
 
+    /**
+     * preDispatch -- block access when appropriate.
+     *
+     * @param MvcEvent $e Event object
+     *
+     * @return void
+     */
+    public function preDispatch(MvcEvent $e)
+    {
+        // If auto-configuration is disabled, prevent any other action from being
+        // accessed:
+        $config = $this->getConfig();
+        if (!isset($config->System->autoConfigure)
+            || !$config->System->autoConfigure
+        ) {
+            $routeMatch = $e->getRouteMatch();
+            $routeMatch->setParam('action', 'disabled');
+        }
+    }
+
+    /**
+     * Register the default events for this controller
+     *
+     * @return void
+     */
+    protected function attachDefaultListeners()
+    {
+        parent::attachDefaultListeners();
+        $events = $this->getEventManager();
+        $events->attach(MvcEvent::EVENT_DISPATCH, array($this, 'preDispatch'), 1000);
+    }
+
     /**
      * Support method -- given a directory, extract a version number from the
      * build.xml file within that directory.
@@ -105,6 +138,18 @@ class UpgradeController extends AbstractBase
         return (string)$parts[0];
     }
 
+    /**
+     * Display disabled message.
+     *
+     * @return mixed
+     */
+    public function disabledAction()
+    {
+        $view = $this->createViewModel();
+        $view->setTemplate('install/disabled');
+        return $view;
+    }
+
     /**
      * Display a fatal error message.
      *
-- 
GitLab