Drupal Release: 3.0.0

TL;DR

Drupal 3.0.0 marks a significant evolution from version 2.0 with a complete overhaul of the user permission system through the new access.module, introducing role-based access control. The release also features several new modules including blog.module (replacing diary.module), meta.module (replacing index.module), and cloud.module. Major improvements include a redesigned theme system with a BaseTheme class, enhanced content management capabilities, better localization support, and numerous bug fixes. This release requires database schema updates and module modifications, making it a substantial upgrade that affects all aspects of a Drupal site.

Highlight of the Release

• Complete overhaul of the permission system with new role-based access control through access.module
• New BaseTheme class for more consistent and extensible theming
• Introduction of blog.module with RSS feed support, replacing diary.module
• Improved meta.module replacing index.module for better content categorization
• Enhanced localization support with improved string management
• Usernames can now contain spaces, allowing full names as usernames
• Redesigned link system for better consistency across the site

Migration Guide

Database Updates

Before upgrading to Drupal 3.0.0, you must apply the database updates found in the updates/2.00-to-3.00.sql file. These updates include:

• New tables for the access.module (roles and permissions)
• Changes to the node table structure
• Updates for meta.module replacing index.module
• Schema changes for page.module link functionality

Module Updates

1. Custom Modules: All custom modules need to be updated to work with the new permission system. Examples include file.module and trip_link.module.

2. Theme Updates: All themes need to be updated to extend the new BaseTheme class and implement the modified box() function:

// Replace the box() declaration:
function box($subject, $content, $region = "main") {
  // Your theme's box implementation
}

// Replace the theme_account call:
theme_account("region", $this);

3. Link System: The link system has been completely rewritten. All modules and themes need to be updated to reflect this change.

Configuration Changes

1. Access Control: After upgrading, you'll need to set up roles and permissions using the new access.module.

2. Meta Module: If you were using index.module, you'll need to migrate to meta.module. The format for attributes has changed from "foo=a,bar=b" to comma-separated lists.

3. Blog Module: If you were using diary.module, your content will need to be migrated to the new blog.module.

Important Notes

• If you update from CVS, you must apply the queries in 2.00-to-3.00.sql!
• The system still has to mature: new permissions have to be added and existing permissions need stream-lining.
• This is a substantial upgrade that affects all aspects of a Drupal site. Testing in a development environment before upgrading a production site is strongly recommended.

Upgrade Recommendations

Upgrade Priority: High for sites wanting new features; Medium for stable production sites

This is a major version upgrade with significant architectural changes, particularly to the permission system. While it brings many new features and improvements, it also requires substantial changes to your database schema and potentially to custom modules and themes.

For Development Sites: Upgrading is recommended to take advantage of the new role-based access control system, improved theming capabilities, and new modules like blog.module and meta.module.

For Production Sites: Approach with caution. Create a complete backup of your site and database before upgrading. Test the upgrade process on a staging environment first. The changes to the permission system and link handling will affect all aspects of your site.

Specific Considerations:

1. Custom Code: If you have custom modules or themes, they will need to be updated to work with the new BaseTheme class and permission system.

2. Database Size: For large sites, the database schema changes may take significant time to apply.

3. User Training: Administrators will need to learn the new role-based permission system.

Given the extensive nature of the changes, this upgrade should be planned carefully with adequate testing time allocated before deploying to production.

Bug Fixes

General Fixes

• Fixed issue with comment signatures not being attached to comments
• Fixed bug where anonymous users could not post comments
• Fixed issue with blog.module allowing users to edit other people's blogs
• Fixed bug in forum.module preventing forum creation when locales were enabled
• Fixed incorrect deactivation of delete link in node_links()
• Fixed bug with new passwords not being emailed correctly
• Fixed issue with HTML and text type pages not being boxed correctly
• Fixed bug in book.module where parent was not set properly when updating a book page
• Fixed bug in poll.module

Theme and UI Fixes

• Fixed HTML typos in blocks where <a href=""> tags were not closed
• Fixed comment alignment issues where comments were being truncated
• Fixed visual glitches in various themes for better cross-browser compatibility
• Fixed font issues for better browser compatibility
• Fixed bug in "max threaded" comment mode

Module-Specific Fixes

• Fixed bug in meta_save() that caused warnings
• Fixed bug in node.listing
• Fixed bug with blog not displaying immediately after posting
• Fixed bug with quoted text in blog module
• Fixed maxlengths in cloud.module
• Fixed timestamp bug when previewing a new blog

New Features

New Modules

• access.module: Introduces role-based access control, allowing administrators to create user roles and assign permissions to them
• blog.module: Replaces diary.module with enhanced features including RSS 0.91 feed support for individual users or all users
• meta.module: Replaces index.module with improved content categorization capabilities
• cloud.module: A simple site cloud module for displaying popular content
• search.module: Search functionality moved from search.php to a dedicated module

Theme System Improvements

• BaseTheme class: New foundation class in theme.inc that all themes extend from
• Region-based box styling: Box function now accepts a region parameter to allow different styling based on placement
• $theme->foreground and $theme->background: New theme variables for consistent color usage
• $theme->images(): New function for theme image handling

User Management

• Spaces in usernames: Usernames can now contain spaces, allowing users to use their full names
• Account management: New features in account.module including the ability to add accounts and disable/enable user registrations
• User profiles: Enhanced to show real names and recent contributions

Content Management

• Node hooks: New node_insert and node_update hooks for better module integration
• Page links: Pages can now be displayed in the site navigation links
• Preview functionality: Added to administration sections of various modules

Security Updates

Authentication and Login

• Changed the authentication and login scheme for improved security
• Fixed bug with generating a 'not-so-rock-solid' hash upon account registration

Access Control

• Complete overhaul of the permission system with the new access.module
• More granular permission management through role-based access control
• Updated permission checks throughout the codebase

Input Validation

• Improved input validation and error handling in meta.module
• Added missing urlencode() calls to prevent potential security issues
• Fixed check_input/check_output usage in comment system to prevent filter issues

Performance Improvements

Database Optimization

• Reduced the number of SQL calls in account_save() when editing an account, now using one db_query() call instead of multiple calls
• Removed redundant database fields from the node table

Caching Support

• Introduced caching support throughout the system for better performance

Parser Improvements

• Enhanced the robustness of the parser routine in import.module, allowing more feeds to be parsed successfully
• Improved parsing algorithm for better handling of tags with attributes

Code Optimization

• Simplified error handling for 404 errors and other common errors
• Streamlined existing code in watchdog and submission throttle modules
• Rewrote box.module to be half the original code size while maintaining the same interface

Impact Summary

Drupal 3.0.0 represents a fundamental shift in how Drupal handles user permissions and content management. The introduction of role-based access control through access.module transforms site administration, allowing for much more granular control over what different user types can do on the site.

The architectural changes are significant, with a new BaseTheme class that all themes must extend, a redesigned link system, and major module replacements (blog.module replacing diary.module, meta.module replacing index.module). These changes require updates to custom code and database schema modifications.

For content creators, the new blog.module with RSS feed support and improved meta.module for content categorization provide better tools for content management and distribution. The ability to use full names as usernames also improves the user experience.

From a development perspective, the new node hooks (node_insert and node_update) and improved theming capabilities with region-based box styling offer more flexibility and integration options.

The performance improvements, including reduced SQL queries and introduced caching support, should result in better site performance, especially for larger installations.

Overall, while this release requires significant effort to upgrade, it provides a more robust foundation for Drupal sites with better security, more flexible content management, and improved user experience.