Drupal Release: 4.0.0

TL;DR

Drupal 4.0.0 marks a significant evolution from version 3.0.2, introducing a complete overhaul of the core architecture with a focus on modularity, flexibility, and improved user experience. This release introduces the powerful taxonomy system (replacing meta tags), revamped user management with roles, enhanced URL handling, and numerous UI improvements. The update includes substantial code refactoring for better maintainability, XHTML compliance, and internationalization support. While this is a major version upgrade requiring database schema changes, it provides a solid foundation for Drupal's future as a versatile content management platform.

Highlight of the Release

• Complete taxonomy system replacing meta tags for better content organization
• Revamped user management with role-based permissions
• URL abstraction layer for better portability and security
• Enhanced module and theme management with enable/disable functionality
• Improved session handling with support for session IDs in URLs
• Better comment system with new features like read-only comments
• External SMTP support for mail delivery
• Archive module replacing the calendar module
• Enhanced poll module with better management and display options
• Improved RSS feed generation with support for custom elements

Migration Guide

Migration from Drupal 3.0.2 to 4.0.0

Before You Begin

This is a major version upgrade that includes significant database schema changes. Make sure to back up your database and files before proceeding.

Database Updates

1. Run the update script at update.php to update your database schema
2. Note that some updates must be run manually before the update script:
   • The system table changes must be applied first
   • The watchdog changes must be applied before the update script will run properly

Module Changes

1. The meta module has been replaced by the taxonomy module
   • Your existing meta tags will be converted to taxonomy terms during the update
2. The calendar module has been replaced by the archive module
   • No manual migration is needed as the update script handles this
3. The box module has been merged into the block module
   • Remove or disable modules/box.module as it will cause errors otherwise

Theme Updates

1. All custom themes must be updated to support the new taxonomy system
2. References to $this->user() must be removed from themes
3. The $BaseTheme->user() function has been deprecated and removed
4. Themes now specify settings through the $theme->system() function

Configuration Changes

1. Module and theme configuration is now handled through the administrative interface
   • After updating, you must enable modules and themes through the admin interface
   • You can run UPDATE system SET status = 1; to enable all functionality temporarily
2. The $themes array in conf.php is no longer used

API Changes

1. Update all custom code to use the new URL abstraction functions:
   • l(), lm(), la(), and drupal_url()
2. Update database queries to use the new db_query() API
3. Replace any direct $REQUEST_URI or $PATH_INFO usage with request_uri()
4. Update any code that relied on the meta module to use the taxonomy API instead

Custom Node Types

The update script will not automatically update custom node types. If you have any non-standard nodes, they will need to be updated separately.

Upgrade Recommendations

Urgency: High - This is a major version upgrade with significant architectural changes and improvements.

Who should upgrade immediately:

• Sites experiencing issues with the meta tagging system
• Sites requiring better user role management
• Sites needing improved URL handling and security
• Sites wanting to take advantage of the new taxonomy system

Who can wait:

• Sites with heavy customizations that will require significant updates
• Sites with custom node types that will need manual migration

Preparation steps:

1. Make a complete backup of your database and files
2. Review all custom themes and modules for compatibility
3. Plan for potential downtime during the upgrade process
4. Test the upgrade on a staging environment first if possible

Post-upgrade tasks:

1. Enable required modules and themes through the admin interface
2. Check that all content has been properly migrated, especially meta tags to taxonomy
3. Review and update user permissions with the new role-based system
4. Test all site functionality, particularly custom features

Given the extensive architectural changes in this release, this upgrade should be approached carefully with proper testing. However, the improvements in flexibility, security, and functionality make it a worthwhile upgrade for most sites.

Bug Fixes

Session Handling

• Fixed crashes with the custom session handler
• Fixed the "son of session crash" issue related to returning valid data in PHP

Node Management

• Fixed issues with node settings not always being saved as expected
• Fixed bug where nodes would end up in submission queue even when "queue for moderation" was toggled off
• Fixed issue with queued nodes not being visible to authors and voters

User Management

• Fixed username verification with a missing return statement
• Made username check case insensitive
• Fixed issue with user information not being set properly when accounts are registered
• Fixed user admin edit page losing theme settings

Feed Handling

• Improved feed handling to solve "almost duplicate" posts being inserted when someone updates their site/feed after import

Comment System

• Fixed flat list view missing one comment
• Fixed tracker module using an incorrect time interval to show recent/new comments

Poll Module

• Fixed edit form not defaulting to the correct amount of choices
• Fixed "1 votes" to correctly display as "1 vote"
• Fixed node links not always showing up in the poll side-block

URL and Link Handling

• Fixed spaces in URLs (Bug #192)
• Fixed issue with HTML entities not being escaped in form actions
• Fixed various incorrect link attributes and XHTML errors

Taxonomy

• Fixed tree making bug in taxonomy module
• Fixed bug with taxonomy_get_related() returning the term which was passed in

Other

• Fixed a "random" offset bug on module.inc that occurred on Windows
• Fixed more than 30 HTML and XML well-formedness errors
• Fixed issue with invalid/nonexistent themes in user profiles causing crashes

New Features

Taxonomy System

The new taxonomy system replaces the previous meta tags system, providing a powerful way to categorize and organize content. It allows for hierarchical term relationships and is integrated with the search functionality.

Role-based Permissions

User management has been completely revamped with a new role-based permission system, splitting the permission table into two for more granular control.

URL Abstraction

A complete URL abstraction layer has been added with new functions like l(), lm(), la(), and drupal_url() to ensure proper URL handling and improve security and portability.

Module and Theme Management

Modules and themes can now be enabled/disabled through the administrative interface rather than editing configuration files, making site management much easier.

External SMTP Support

Added functionality to have Drupal use external SMTP servers instead of the default PHP mail() function, improving mail delivery reliability.

Archive Module

The calendar module has been replaced with a more powerful archive module that provides better navigation and display options for archived content.

"Remember Me" Functionality

Users can now choose to stay logged in between sessions with a new "Remember me" checkbox on the login form.

Who's Online Block

A new block showing currently active users on the site has been added.

Who's New Block

A block displaying recently registered users has been added.

Enhanced RSS Support

The RSS feed generation system now supports custom elements in both the channel and item blocks, allowing for more flexible feed customization.

Security Updates

Form Submission Security

• Fixed security issue where content could be changed just before submission to bypass validation
• Added proper form validation hooks to ensure data integrity

Access Control

• Added missing access checks throughout the system, particularly in node and user modules
• Fixed access checks on the register form to properly handle disabled registrations
• Improved security checks for node viewing and editing

URL Handling

• Improved URL handling with proper encoding to prevent potential injection attacks

User Authentication

• Enhanced password handling and user authentication processes
• Improved security for the "request new password" functionality

Performance Improvements

Database Optimization

• Added proper indexing to improve database query performance

Feed Processing

• Made updating "old" feeds more fine-grained to reduce server load during feed processing

Session Management

• Improved session handling with better caching configuration
• Set session.cache_limiter to "none" for better performance

Code Optimization

• Removed dead code and simplified various functions throughout the codebase
• Replaced the Calendar class with a single function for better efficiency
• Improved comment handling with per-node date caching in comment_is_new()

Search Functionality

• Enhanced search indexing for better performance when searching large sites

Impact Summary

Drupal 4.0.0 represents a fundamental shift in the architecture and capabilities of the platform. The most significant change is the introduction of the taxonomy system, replacing the previous meta tags approach with a more powerful and flexible categorization framework. This enables much more sophisticated content organization and navigation.

The user management system has been completely revamped with role-based permissions, providing administrators with finer-grained control over site access and capabilities. This is complemented by improvements to the user experience, including "Remember me" functionality and better password recovery options.

The introduction of a comprehensive URL abstraction layer with functions like l(), lm(), la(), and drupal_url() improves security and portability across different server environments. This is particularly important for sites that need to work across various hosting configurations.

Module and theme management has been significantly enhanced, moving from configuration file editing to an administrative interface for enabling and disabling components. This makes site management more accessible to non-technical administrators.

The comment system has been improved with new features like read-only comments and better tracking of new comments, enhancing the community aspects of Drupal sites. The poll module has also seen substantial improvements in management and display options.

For developers, the codebase has undergone extensive refactoring for better maintainability, XHTML compliance, and internationalization support. New hooks like _system and _search_item provide more extension points for custom functionality.

While this update requires significant changes to custom themes and potentially to custom modules, the architectural improvements provide a much stronger foundation for building complex websites and set the stage for Drupal's continued evolution as a powerful content management platform.