From 90ed32ebc509edc5bf4978c304db79e6140d2b09 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Wed, 26 Aug 2015 10:30:24 +0200
Subject: [PATCH 1/2] Properly show token errors in ajax/update.php event
 source

---
 core/ajax/update.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/core/ajax/update.php b/core/ajax/update.php
index 14b4f913f76..c25ef1b9084 100644
--- a/core/ajax/update.php
+++ b/core/ajax/update.php
@@ -28,15 +28,19 @@
 set_time_limit(0);
 require_once '../../lib/base.php';
 
-\OCP\JSON::callCheck();
+$l = \OC::$server->getL10N('core');
+
+$eventSource = \OC::$server->createEventSource();
+// need to send an initial message to force-init the event source,
+// which will then trigger its own CSRF check and produces its own CSRF error
+// message
+$eventSource->send('success', (string)$l->t('Preparing update'));
 
 if (OC::checkUpgrade(false)) {
 	// if a user is currently logged in, their session must be ignored to
 	// avoid side effects
 	\OC_User::setIncognitoMode(true);
 
-	$l = new \OC_L10N('core');
-	$eventSource = \OC::$server->createEventSource();
 	$logger = \OC::$server->getLogger();
 	$updater = new \OC\Updater(
 			\OC::$server->getHTTPHelper(),
@@ -96,6 +100,10 @@ if (OC::checkUpgrade(false)) {
 			(string)$l->t('Following apps have been disabled: %s', implode(', ', $disabledThirdPartyApps)));
 	}
 
-	$eventSource->send('done', '');
-	$eventSource->close();
+} else {
+	$eventSource->send('notice', (string)$l->t('Already up to date'));
 }
+
+$eventSource->send('done', '');
+$eventSource->close();
+

From ce6045f84b833c35de5b507c4d15b2a753e476b9 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Wed, 26 Aug 2015 10:56:27 +0200
Subject: [PATCH 2/2] Properly show update exception

---
 core/ajax/update.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/core/ajax/update.php b/core/ajax/update.php
index c25ef1b9084..a693deeb9cf 100644
--- a/core/ajax/update.php
+++ b/core/ajax/update.php
@@ -89,7 +89,13 @@ if (OC::checkUpgrade(false)) {
 		OC_Config::setValue('maintenance', false);
 	});
 
-	$updater->upgrade();
+	try {
+		$updater->upgrade();
+	} catch (\Exception $e) {
+		$eventSource->send('failure', get_class($e) . ': ' . $e->getMessage());
+		$eventSource->close();
+		exit();
+	}
 
 	if (!empty($incompatibleApps)) {
 		$eventSource->send('notice',