diff -r 07239de796bb -r e756a8c72c3d cms/drupal/modules/update/update.test
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cms/drupal/modules/update/update.test	Fri Sep 08 12:04:06 2017 +0200
@@ -0,0 +1,852 @@
+<?php
+
+/**
+ * @file
+ * This file contains tests for the Update Manager module.
+ *
+ * The overarching methodology of these tests is we need to compare a given
+ * state of installed modules and themes (e.g., version, project grouping,
+ * timestamps, etc) against a current state of what the release history XML
+ * files we fetch say is available. We have dummy XML files (in the
+ * modules/update/tests directory) that describe various scenarios of what's
+ * available for different test projects, and we have dummy .info file data
+ * (specified via hook_system_info_alter() in the update_test helper module)
+ * describing what's currently installed. Each test case defines a set of
+ * projects to install, their current state (via the 'update_test_system_info'
+ * variable) and the desired available update data (via the
+ * 'update_test_xml_map' variable), and then performs a series of assertions
+ * that the report matches our expectations given the specific initial state and
+ * availability scenario.
+ */
+
+/**
+ * Defines some shared functions used by all update tests.
+ */
+class UpdateTestHelper extends DrupalWebTestCase {
+
+  /**
+   * Refreshes the update status based on the desired available update scenario.
+   *
+   * @param $xml_map
+   *   Array that maps project names to availability scenarios to fetch. The key
+   *   '#all' is used if a project-specific mapping is not defined.
+   * @param $url
+   *   (optional) A string containing the URL to fetch update data from.
+   *   Defaults to 'update-test'.
+   *
+   * @see update_test_mock_page()
+   */
+  protected function refreshUpdateStatus($xml_map, $url = 'update-test') {
+    // Tell the Update Manager module to fetch from the URL provided by
+    // update_test module.
+    variable_set('update_fetch_url', url($url, array('absolute' => TRUE)));
+    // Save the map for update_test_mock_page() to use.
+    variable_set('update_test_xml_map', $xml_map);
+    // Manually check the update status.
+    $this->drupalGet('admin/reports/updates/check');
+  }
+
+  /**
+   * Runs a series of assertions that are applicable to all update statuses.
+   */
+  protected function standardTests() {
+    $this->assertRaw('<h3>' . t('Drupal core') . '</h3>');
+    $this->assertRaw(l(t('Drupal'), 'http://example.com/project/drupal'), 'Link to the Drupal project appears.');
+    $this->assertNoText(t('No available releases found'));
+  }
+
+}
+
+/**
+ * Tests behavior related to discovering and listing updates to Drupal core.
+ */
+class UpdateCoreTestCase extends UpdateTestHelper {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Update core functionality',
+      'description' => 'Tests the Update Manager module through a series of functional tests using mock XML data.',
+      'group' => 'Update',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('update_test', 'update');
+    $admin_user = $this->drupalCreateUser(array('administer site configuration', 'administer modules'));
+    $this->drupalLogin($admin_user);
+  }
+
+  /**
+   * Tests the Update Manager module when no updates are available.
+   */
+  function testNoUpdatesAvailable() {
+    $this->setSystemInfo7_0();
+    $this->refreshUpdateStatus(array('drupal' => '0'));
+    $this->standardTests();
+    $this->assertText(t('Up to date'));
+    $this->assertNoText(t('Update available'));
+    $this->assertNoText(t('Security update required!'));
+  }
+
+  /**
+   * Tests the Update Manager module when one normal update is available.
+   */
+  function testNormalUpdateAvailable() {
+    $this->setSystemInfo7_0();
+    $this->refreshUpdateStatus(array('drupal' => '1'));
+    $this->standardTests();
+    $this->assertNoText(t('Up to date'));
+    $this->assertText(t('Update available'));
+    $this->assertNoText(t('Security update required!'));
+    $this->assertRaw(l('7.1', 'http://example.com/drupal-7-1-release'), 'Link to release appears.');
+    $this->assertRaw(l(t('Download'), 'http://example.com/drupal-7-1.tar.gz'), 'Link to download appears.');
+    $this->assertRaw(l(t('Release notes'), 'http://example.com/drupal-7-1-release'), 'Link to release notes appears.');
+  }
+
+  /**
+   * Tests the Update Manager module when a security update is available.
+   */
+  function testSecurityUpdateAvailable() {
+    $this->setSystemInfo7_0();
+    $this->refreshUpdateStatus(array('drupal' => '2-sec'));
+    $this->standardTests();
+    $this->assertNoText(t('Up to date'));
+    $this->assertNoText(t('Update available'));
+    $this->assertText(t('Security update required!'));
+    $this->assertRaw(l('7.2', 'http://example.com/drupal-7-2-release'), 'Link to release appears.');
+    $this->assertRaw(l(t('Download'), 'http://example.com/drupal-7-2.tar.gz'), 'Link to download appears.');
+    $this->assertRaw(l(t('Release notes'), 'http://example.com/drupal-7-2-release'), 'Link to release notes appears.');
+  }
+
+  /**
+   * Ensures proper results where there are date mismatches among modules.
+   */
+  function testDatestampMismatch() {
+    $system_info = array(
+      '#all' => array(
+        // We need to think we're running a -dev snapshot to see dates.
+        'version' => '7.0-dev',
+        'datestamp' => time(),
+      ),
+      'block' => array(
+        // This is 2001-09-09 01:46:40 GMT, so test for "2001-Sep-".
+        'datestamp' => '1000000000',
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    $this->refreshUpdateStatus(array('drupal' => 'dev'));
+    $this->assertNoText(t('2001-Sep-'));
+    $this->assertText(t('Up to date'));
+    $this->assertNoText(t('Update available'));
+    $this->assertNoText(t('Security update required!'));
+  }
+
+  /**
+   * Checks that running cron updates the list of available updates.
+   */
+  function testModulePageRunCron() {
+    $this->setSystemInfo7_0();
+    variable_set('update_fetch_url', url('update-test', array('absolute' => TRUE)));
+    variable_set('update_test_xml_map', array('drupal' => '0'));
+
+    $this->cronRun();
+    $this->drupalGet('admin/modules');
+    $this->assertNoText(t('No update information available.'));
+  }
+
+  /**
+   * Checks the messages at admin/modules when the site is up to date.
+   */
+  function testModulePageUpToDate() {
+    $this->setSystemInfo7_0();
+    // Instead of using refreshUpdateStatus(), set these manually.
+    variable_set('update_fetch_url', url('update-test', array('absolute' => TRUE)));
+    variable_set('update_test_xml_map', array('drupal' => '0'));
+
+    $this->drupalGet('admin/reports/updates');
+    $this->clickLink(t('Check manually'));
+    $this->assertText(t('Checked available update data for one project.'));
+    $this->drupalGet('admin/modules');
+    $this->assertNoText(t('There are updates available for your version of Drupal.'));
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+  }
+
+  /**
+   * Checks the messages at admin/modules when an update is missing.
+   */
+  function testModulePageRegularUpdate() {
+    $this->setSystemInfo7_0();
+    // Instead of using refreshUpdateStatus(), set these manually.
+    variable_set('update_fetch_url', url('update-test', array('absolute' => TRUE)));
+    variable_set('update_test_xml_map', array('drupal' => '1'));
+
+    $this->drupalGet('admin/reports/updates');
+    $this->clickLink(t('Check manually'));
+    $this->assertText(t('Checked available update data for one project.'));
+    $this->drupalGet('admin/modules');
+    $this->assertText(t('There are updates available for your version of Drupal.'));
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+  }
+
+  /**
+   * Checks the messages at admin/modules when a security update is missing.
+   */
+  function testModulePageSecurityUpdate() {
+    $this->setSystemInfo7_0();
+    // Instead of using refreshUpdateStatus(), set these manually.
+    variable_set('update_fetch_url', url('update-test', array('absolute' => TRUE)));
+    variable_set('update_test_xml_map', array('drupal' => '2-sec'));
+
+    $this->drupalGet('admin/reports/updates');
+    $this->clickLink(t('Check manually'));
+    $this->assertText(t('Checked available update data for one project.'));
+    $this->drupalGet('admin/modules');
+    $this->assertNoText(t('There are updates available for your version of Drupal.'));
+    $this->assertText(t('There is a security update available for your version of Drupal.'));
+
+    // Make sure admin/appearance warns you you're missing a security update.
+    $this->drupalGet('admin/appearance');
+    $this->assertNoText(t('There are updates available for your version of Drupal.'));
+    $this->assertText(t('There is a security update available for your version of Drupal.'));
+
+    // Make sure duplicate messages don't appear on Update status pages.
+    $this->drupalGet('admin/reports/status');
+    // We're expecting "There is a security update..." inside the status report
+    // itself, but the drupal_set_message() appears as an li so we can prefix
+    // with that and search for the raw HTML.
+    $this->assertNoRaw('<li>' . t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/reports/updates');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/reports/updates/settings');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+  }
+
+  /**
+   * Tests the Update Manager module when the update server returns 503 errors.
+   */
+  function testServiceUnavailable() {
+    $this->refreshUpdateStatus(array(), '503-error');
+    // Ensure that no "Warning: SimpleXMLElement..." parse errors are found.
+    $this->assertNoText('SimpleXMLElement');
+    $this->assertUniqueText(t('Failed to get available update data for one project.'));
+  }
+
+  /**
+   * Tests that exactly one fetch task per project is created and not more.
+   */
+  function testFetchTasks() {
+    $projecta = array(
+      'name' => 'aaa_update_test',
+    );
+    $projectb = array(
+      'name' => 'bbb_update_test',
+    );
+    $queue = DrupalQueue::get('update_fetch_tasks');
+    $this->assertEqual($queue->numberOfItems(), 0, 'Queue is empty');
+    update_create_fetch_task($projecta);
+    $this->assertEqual($queue->numberOfItems(), 1, 'Queue contains one item');
+    update_create_fetch_task($projectb);
+    $this->assertEqual($queue->numberOfItems(), 2, 'Queue contains two items');
+    // Try to add project a again.
+    update_create_fetch_task($projecta);
+    $this->assertEqual($queue->numberOfItems(), 2, 'Queue still contains two items');
+
+    // Clear cache and try again.
+    _update_cache_clear();
+    drupal_static_reset('_update_create_fetch_task');
+    update_create_fetch_task($projecta);
+    $this->assertEqual($queue->numberOfItems(), 2, 'Queue contains two items');
+  }
+
+  /**
+   * Sets the version to 7.0 when no project-specific mapping is defined.
+   */
+  protected function setSystemInfo7_0() {
+    $setting = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+    );
+    variable_set('update_test_system_info', $setting);
+  }
+
+}
+
+/**
+ * Tests behavior related to handling updates to contributed modules and themes.
+ */
+class UpdateTestContribCase extends UpdateTestHelper {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Update contrib functionality',
+      'description' => 'Tests how the Update Manager module handles contributed modules and themes in a series of functional tests using mock XML data.',
+      'group' => 'Update',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('update_test', 'update', 'aaa_update_test', 'bbb_update_test', 'ccc_update_test');
+    $admin_user = $this->drupalCreateUser(array('administer site configuration'));
+    $this->drupalLogin($admin_user);
+  }
+
+  /**
+   * Tests when there is no available release data for a contrib module.
+   */
+  function testNoReleasesAvailable() {
+    $system_info = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      'aaa_update_test' => array(
+        'project' => 'aaa_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    $this->refreshUpdateStatus(array('drupal' => '0', 'aaa_update_test' => 'no-releases'));
+    $this->drupalGet('admin/reports/updates');
+    // Cannot use $this->standardTests() because we need to check for the
+    // 'No available releases found' string.
+    $this->assertRaw('<h3>' . t('Drupal core') . '</h3>');
+    $this->assertRaw(l(t('Drupal'), 'http://example.com/project/drupal'));
+    $this->assertText(t('Up to date'));
+    $this->assertRaw('<h3>' . t('Modules') . '</h3>');
+    $this->assertNoText(t('Update available'));
+    $this->assertText(t('No available releases found'));
+    $this->assertNoRaw(l(t('AAA Update test'), 'http://example.com/project/aaa_update_test'));
+  }
+
+  /**
+   * Tests the basic functionality of a contrib module on the status report.
+   */
+  function testUpdateContribBasic() {
+    $system_info = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      'aaa_update_test' => array(
+        'project' => 'aaa_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    $this->refreshUpdateStatus(
+      array(
+        'drupal' => '0',
+        'aaa_update_test' => '1_0',
+      )
+    );
+    $this->standardTests();
+    $this->assertText(t('Up to date'));
+    $this->assertRaw('<h3>' . t('Modules') . '</h3>');
+    $this->assertNoText(t('Update available'));
+    $this->assertRaw(l(t('AAA Update test'), 'http://example.com/project/aaa_update_test'), 'Link to aaa_update_test project appears.');
+  }
+
+  /**
+   * Tests that contrib projects are ordered by project name.
+   *
+   * If a project contains multiple modules, we want to make sure that the
+   * available updates report is sorted by the parent project names, not by the
+   * names of the modules included in each project. In this test case, we have
+   * two contrib projects, "BBB Update test" and "CCC Update test". However, we
+   * have a module called "aaa_update_test" that's part of the "CCC Update test"
+   * project. We need to make sure that we see the "BBB" project before the
+   * "CCC" project, even though "CCC" includes a module that's processed first
+   * if you sort alphabetically by module name (which is the order we see things
+   * inside system_rebuild_module_data() for example).
+   */
+  function testUpdateContribOrder() {
+    // We want core to be version 7.0.
+    $system_info = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      // All the rest should be visible as contrib modules at version 7.x-1.0.
+
+      // aaa_update_test needs to be part of the "CCC Update test" project,
+      // which would throw off the report if we weren't properly sorting by
+      // the project names.
+      'aaa_update_test' => array(
+        'project' => 'ccc_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+
+      // This should be its own project, and listed first on the report.
+      'bbb_update_test' => array(
+        'project' => 'bbb_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+
+      // This will contain both aaa_update_test and ccc_update_test, and
+      // should come after the bbb_update_test project.
+      'ccc_update_test' => array(
+        'project' => 'ccc_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    $this->refreshUpdateStatus(array('drupal' => '0', '#all' => '1_0'));
+    $this->standardTests();
+    // We're expecting the report to say all projects are up to date.
+    $this->assertText(t('Up to date'));
+    $this->assertNoText(t('Update available'));
+    // We want to see all 3 module names listed, since they'll show up either
+    // as project names or as modules under the "Includes" listing.
+    $this->assertText(t('AAA Update test'));
+    $this->assertText(t('BBB Update test'));
+    $this->assertText(t('CCC Update test'));
+    // We want aaa_update_test included in the ccc_update_test project, not as
+    // its own project on the report.
+    $this->assertNoRaw(l(t('AAA Update test'), 'http://example.com/project/aaa_update_test'), 'Link to aaa_update_test project does not appear.');
+    // The other two should be listed as projects.
+    $this->assertRaw(l(t('BBB Update test'), 'http://example.com/project/bbb_update_test'), 'Link to bbb_update_test project appears.');
+    $this->assertRaw(l(t('CCC Update test'), 'http://example.com/project/ccc_update_test'), 'Link to bbb_update_test project appears.');
+
+    // We want to make sure we see the BBB project before the CCC project.
+    // Instead of just searching for 'BBB Update test' or something, we want
+    // to use the full markup that starts the project entry itself, so that
+    // we're really testing that the project listings are in the right order.
+    $bbb_project_link = '<div class="project"><a href="http://example.com/project/bbb_update_test">BBB Update test</a>';
+    $ccc_project_link = '<div class="project"><a href="http://example.com/project/ccc_update_test">CCC Update test</a>';
+    $this->assertTrue(strpos($this->drupalGetContent(), $bbb_project_link) < strpos($this->drupalGetContent(), $ccc_project_link), "'BBB Update test' project is listed before the 'CCC Update test' project");
+  }
+
+  /**
+   * Tests that subthemes are notified about security updates for base themes.
+   */
+  function testUpdateBaseThemeSecurityUpdate() {
+    // Only enable the subtheme, not the base theme.
+    db_update('system')
+      ->fields(array('status' => 1))
+      ->condition('type', 'theme')
+      ->condition('name', 'update_test_subtheme')
+      ->execute();
+
+    // Define the initial state for core and the subtheme.
+    $system_info = array(
+      // We want core to be version 7.0.
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      // Show the update_test_basetheme
+      'update_test_basetheme' => array(
+        'project' => 'update_test_basetheme',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+      // Show the update_test_subtheme
+      'update_test_subtheme' => array(
+        'project' => 'update_test_subtheme',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    $xml_mapping = array(
+      'drupal' => '0',
+      'update_test_subtheme' => '1_0',
+      'update_test_basetheme' => '1_1-sec',
+    );
+    $this->refreshUpdateStatus($xml_mapping);
+    $this->assertText(t('Security update required!'));
+    $this->assertRaw(l(t('Update test base theme'), 'http://example.com/project/update_test_basetheme'), 'Link to the Update test base theme project appears.');
+  }
+
+  /**
+   * Tests that the admin theme is always notified about security updates.
+   */
+  function testUpdateAdminThemeSecurityUpdate() {
+    // Disable the admin theme.
+    db_update('system')
+      ->fields(array('status' => 0))
+      ->condition('type', 'theme')
+      ->condition('name', 'update_test_%', 'LIKE')
+      ->execute();
+
+    variable_set('admin_theme', 'update_test_admintheme');
+
+    // Define the initial state for core and the themes.
+    $system_info = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      'update_test_admintheme' => array(
+        'project' => 'update_test_admintheme',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+      'update_test_basetheme' => array(
+        'project' => 'update_test_basetheme',
+        'version' => '7.x-1.1',
+        'hidden' => FALSE,
+      ),
+      'update_test_subtheme' => array(
+        'project' => 'update_test_subtheme',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    variable_set('update_check_disabled', FALSE);
+    $xml_mapping = array(
+      // This is enough because we don't check the update status of the admin
+      // theme. We want to check that the admin theme is included in the list.
+      'drupal' => '0',
+    );
+    $this->refreshUpdateStatus($xml_mapping);
+    // The admin theme is displayed even if it's disabled.
+    $this->assertText('update_test_admintheme', "The admin theme is checked for update even if it's disabled");
+    // The other disabled themes are not displayed.
+    $this->assertNoText('update_test_basetheme', 'Disabled theme is not checked for update in the list.');
+    $this->assertNoText('update_test_subtheme', 'Disabled theme is not checked for update in the list.');
+  }
+
+  /**
+   * Tests that disabled themes are only shown when desired.
+   */
+  function testUpdateShowDisabledThemes() {
+    // Make sure all the update_test_* themes are disabled.
+    db_update('system')
+      ->fields(array('status' => 0))
+      ->condition('type', 'theme')
+      ->condition('name', 'update_test_%', 'LIKE')
+      ->execute();
+
+    // Define the initial state for core and the test contrib themes.
+    $system_info = array(
+      // We want core to be version 7.0.
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      // The update_test_basetheme should be visible and up to date.
+      'update_test_basetheme' => array(
+        'project' => 'update_test_basetheme',
+        'version' => '7.x-1.1',
+        'hidden' => FALSE,
+      ),
+      // The update_test_subtheme should be visible and up to date.
+      'update_test_subtheme' => array(
+        'project' => 'update_test_subtheme',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    // When there are contributed modules in the site's file system, the
+    // total number of attempts made in the test may exceed the default value
+    // of update_max_fetch_attempts. Therefore this variable is set very high
+    // to avoid test failures in those cases.
+    variable_set('update_max_fetch_attempts', 99999);
+    variable_set('update_test_system_info', $system_info);
+    $xml_mapping = array(
+      'drupal' => '0',
+      'update_test_subtheme' => '1_0',
+      'update_test_basetheme' => '1_1-sec',
+    );
+    $base_theme_project_link = l(t('Update test base theme'), 'http://example.com/project/update_test_basetheme');
+    $sub_theme_project_link = l(t('Update test subtheme'), 'http://example.com/project/update_test_subtheme');
+    foreach (array(TRUE, FALSE) as $check_disabled) {
+      variable_set('update_check_disabled', $check_disabled);
+      $this->refreshUpdateStatus($xml_mapping);
+      // In neither case should we see the "Themes" heading for enabled themes.
+      $this->assertNoText(t('Themes'));
+      if ($check_disabled) {
+        $this->assertText(t('Disabled themes'));
+        $this->assertRaw($base_theme_project_link, 'Link to the Update test base theme project appears.');
+        $this->assertRaw($sub_theme_project_link, 'Link to the Update test subtheme project appears.');
+      }
+      else {
+        $this->assertNoText(t('Disabled themes'));
+        $this->assertNoRaw($base_theme_project_link, 'Link to the Update test base theme project does not appear.');
+        $this->assertNoRaw($sub_theme_project_link, 'Link to the Update test subtheme project does not appear.');
+      }
+    }
+  }
+
+  /**
+   * Makes sure that if we fetch from a broken URL, sane things happen.
+   */
+  function testUpdateBrokenFetchURL() {
+    $system_info = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      'aaa_update_test' => array(
+        'project' => 'aaa_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+      'bbb_update_test' => array(
+        'project' => 'bbb_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+      'ccc_update_test' => array(
+        'project' => 'ccc_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+
+    $xml_mapping = array(
+      'drupal' => '0',
+      'aaa_update_test' => '1_0',
+      'bbb_update_test' => 'does-not-exist',
+      'ccc_update_test' => '1_0',
+    );
+    $this->refreshUpdateStatus($xml_mapping);
+
+    $this->assertText(t('Up to date'));
+    // We're expecting the report to say most projects are up to date, so we
+    // hope that 'Up to date' is not unique.
+    $this->assertNoUniqueText(t('Up to date'));
+    // It should say we failed to get data, not that we're missing an update.
+    $this->assertNoText(t('Update available'));
+
+    // We need to check that this string is found as part of a project row,
+    // not just in the "Failed to get available update data for ..." message
+    // at the top of the page.
+    $this->assertRaw('<div class="version-status">' . t('Failed to get available update data'));
+
+    // We should see the output messages from fetching manually.
+    $this->assertUniqueText(t('Checked available update data for 3 projects.'));
+    $this->assertUniqueText(t('Failed to get available update data for one project.'));
+
+    // The other two should be listed as projects.
+    $this->assertRaw(l(t('AAA Update test'), 'http://example.com/project/aaa_update_test'), 'Link to aaa_update_test project appears.');
+    $this->assertNoRaw(l(t('BBB Update test'), 'http://example.com/project/bbb_update_test'), 'Link to bbb_update_test project does not appear.');
+    $this->assertRaw(l(t('CCC Update test'), 'http://example.com/project/ccc_update_test'), 'Link to bbb_update_test project appears.');
+  }
+
+  /**
+   * Checks that hook_update_status_alter() works to change a status.
+   *
+   * We provide the same external data as if aaa_update_test 7.x-1.0 were
+   * installed and that was the latest release. Then we use
+   * hook_update_status_alter() to try to mark this as missing a security
+   * update, then assert if we see the appropriate warnings on the right pages.
+   */
+  function testHookUpdateStatusAlter() {
+    variable_set('allow_authorize_operations', TRUE);
+    $update_admin_user = $this->drupalCreateUser(array('administer site configuration', 'administer software updates'));
+    $this->drupalLogin($update_admin_user);
+
+    $system_info = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+      'aaa_update_test' => array(
+        'project' => 'aaa_update_test',
+        'version' => '7.x-1.0',
+        'hidden' => FALSE,
+      ),
+    );
+    variable_set('update_test_system_info', $system_info);
+    $update_status = array(
+      'aaa_update_test' => array(
+        'status' => UPDATE_NOT_SECURE,
+      ),
+    );
+    variable_set('update_test_update_status', $update_status);
+    $this->refreshUpdateStatus(
+      array(
+        'drupal' => '0',
+        'aaa_update_test' => '1_0',
+      )
+    );
+    $this->drupalGet('admin/reports/updates');
+    $this->assertRaw('<h3>' . t('Modules') . '</h3>');
+    $this->assertText(t('Security update required!'));
+    $this->assertRaw(l(t('AAA Update test'), 'http://example.com/project/aaa_update_test'), 'Link to aaa_update_test project appears.');
+
+    // Visit the reports page again without the altering and make sure the
+    // status is back to normal.
+    variable_set('update_test_update_status', array());
+    $this->drupalGet('admin/reports/updates');
+    $this->assertRaw('<h3>' . t('Modules') . '</h3>');
+    $this->assertNoText(t('Security update required!'));
+    $this->assertRaw(l(t('AAA Update test'), 'http://example.com/project/aaa_update_test'), 'Link to aaa_update_test project appears.');
+
+    // Turn the altering back on and visit the Update manager UI.
+    variable_set('update_test_update_status', $update_status);
+    $this->drupalGet('admin/modules/update');
+    $this->assertText(t('Security update'));
+
+    // Turn the altering back off and visit the Update manager UI.
+    variable_set('update_test_update_status', array());
+    $this->drupalGet('admin/modules/update');
+    $this->assertNoText(t('Security update'));
+  }
+
+}
+
+/**
+ * Tests project upload and extract functionality.
+ */
+class UpdateTestUploadCase extends UpdateTestHelper {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Upload and extract module functionality',
+      'description' => 'Tests the Update Manager module\'s upload and extraction functionality.',
+      'group' => 'Update',
+    );
+  }
+
+  public function setUp() {
+    parent::setUp('update', 'update_test');
+    variable_set('allow_authorize_operations', TRUE);
+    $admin_user = $this->drupalCreateUser(array('administer software updates', 'administer site configuration'));
+    $this->drupalLogin($admin_user);
+  }
+
+  /**
+   * Tests upload and extraction of a module.
+   */
+  public function testUploadModule() {
+    // Images are not valid archives, so get one and try to install it. We
+    // need an extra variable to store the result of drupalGetTestFiles()
+    // since reset() takes an argument by reference and passing in a constant
+    // emits a notice in strict mode.
+    $imageTestFiles = $this->drupalGetTestFiles('image');
+    $invalidArchiveFile = reset($imageTestFiles);
+    $edit = array(
+      'files[project_upload]' => $invalidArchiveFile->uri,
+    );
+    // This also checks that the correct archive extensions are allowed.
+    $this->drupalPost('admin/modules/install', $edit, t('Install'));
+    $this->assertText(t('Only files with the following extensions are allowed: @archive_extensions.', array('@archive_extensions' => archiver_get_extensions())),'Only valid archives can be uploaded.');
+
+    // Check to ensure an existing module can't be reinstalled. Also checks that
+    // the archive was extracted since we can't know if the module is already
+    // installed until after extraction.
+    $validArchiveFile = drupal_get_path('module', 'update') . '/tests/aaa_update_test.tar.gz';
+    $edit = array(
+      'files[project_upload]' => $validArchiveFile,
+    );
+    $this->drupalPost('admin/modules/install', $edit, t('Install'));
+    $this->assertText(t('@module_name is already installed.', array('@module_name' => 'AAA Update test')), 'Existing module was extracted and not reinstalled.');
+  }
+
+  /**
+   * Ensures that archiver extensions are properly merged in the UI.
+   */
+  function testFileNameExtensionMerging() {
+    $this->drupalGet('admin/modules/install');
+    // Make sure the bogus extension supported by update_test.module is there.
+    $this->assertPattern('/file extensions are supported:.*update-test-extension/', "Found 'update-test-extension' extension");
+    // Make sure it didn't clobber the first option from core.
+    $this->assertPattern('/file extensions are supported:.*tar/', "Found 'tar' extension");
+  }
+
+  /**
+   * Checks the messages on update manager pages when missing a security update.
+   */
+  function testUpdateManagerCoreSecurityUpdateMessages() {
+    $setting = array(
+      '#all' => array(
+        'version' => '7.0',
+      ),
+    );
+    variable_set('update_test_system_info', $setting);
+    variable_set('update_fetch_url', url('update-test', array('absolute' => TRUE)));
+    variable_set('update_test_xml_map', array('drupal' => '2-sec'));
+    // Initialize the update status.
+    $this->drupalGet('admin/reports/updates');
+
+    // Now, make sure none of the Update manager pages have duplicate messages
+    // about core missing a security update.
+
+    $this->drupalGet('admin/modules/install');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/modules/update');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/appearance/install');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/appearance/update');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/reports/updates/install');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/reports/updates/update');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+
+    $this->drupalGet('admin/update/ready');
+    $this->assertNoText(t('There is a security update available for your version of Drupal.'));
+  }
+
+}
+
+/**
+ * Tests update functionality unrelated to the database.
+ */
+class UpdateCoreUnitTestCase extends DrupalUnitTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => "Unit tests",
+      'description' => 'Test update funcionality unrelated to the database.',
+      'group' => 'Update',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('update');
+    module_load_include('inc', 'update', 'update.fetch');
+  }
+
+  /**
+   * Tests that _update_build_fetch_url() builds the URL correctly.
+   */
+  function testUpdateBuildFetchUrl() {
+    //first test that we didn't break the trivial case
+    $project['name'] = 'update_test';
+    $project['project_type'] = '';
+    $project['info']['version'] = '';
+    $project['info']['project status url'] = 'http://www.example.com';
+    $project['includes'] = array('module1' => 'Module 1', 'module2' => 'Module 2');
+    $site_key = '';
+    $expected = 'http://www.example.com/' . $project['name'] . '/' . DRUPAL_CORE_COMPATIBILITY;
+    $url = _update_build_fetch_url($project, $site_key);
+    $this->assertEqual($url, $expected, "'$url' when no site_key provided should be '$expected'.");
+
+    //For disabled projects it shouldn't add the site key either.
+    $site_key = 'site_key';
+    $project['project_type'] = 'disabled';
+    $expected = 'http://www.example.com/' . $project['name'] . '/' . DRUPAL_CORE_COMPATIBILITY;
+    $url = _update_build_fetch_url($project, $site_key);
+    $this->assertEqual($url, $expected, "'$url' should be '$expected' for disabled projects.");
+
+    //for enabled projects, adding the site key
+    $project['project_type'] = '';
+    $expected = 'http://www.example.com/' . $project['name'] . '/' . DRUPAL_CORE_COMPATIBILITY;
+    $expected .= '?site_key=site_key';
+    $expected .= '&list=' . rawurlencode('module1,module2');
+    $url = _update_build_fetch_url($project, $site_key);
+    $this->assertEqual($url, $expected, "When site_key provided, '$url' should be '$expected'.");
+
+    // http://drupal.org/node/1481156 test incorrect logic when URL contains
+    // a question mark.
+    $project['info']['project status url'] = 'http://www.example.com/?project=';
+    $expected = 'http://www.example.com/?project=/' . $project['name'] . '/' . DRUPAL_CORE_COMPATIBILITY;
+    $expected .= '&site_key=site_key';
+    $expected .= '&list=' . rawurlencode('module1,module2');
+    $url = _update_build_fetch_url($project, $site_key);
+    $this->assertEqual($url, $expected, "When ? is present, '$url' should be '$expected'.");
+
+  }
+}