Drupal Release: 4.7.0-beta-3

TL;DR

Drupal 4.7.0-beta-3 represents a significant milestone in Drupal's evolution with major improvements to the Forms API, menu system, and search functionality. This release introduces module reordering capabilities, enhances URL handling, and improves PostgreSQL compatibility. It also addresses numerous critical bugs affecting user management, content creation, and system upgrades. While still a beta release, it demonstrates Drupal's commitment to performance optimization, security, and developer experience improvements.

Highlight of the Release

• Complete overhaul of the Forms API with consistent #validate, #submit, and #process handling
• Module reordering capability to control execution order
• Improved search functionality with better CJK language support
• Enhanced URL handling with support for external URLs in menus
• Resizable textareas for improved content editing experience
• New permission to control PHP-based block visibility
• Better PostgreSQL compatibility throughout the system

Migration Guide

Before Upgrading

1. Backup your database and files: Always create a complete backup before upgrading.
2. Check module compatibility: Some contributed modules may need updates to work with the new Forms API changes.
3. Review custom code: If you have custom modules or themes, review them for compatibility with the Forms API changes.

API Changes to Note

Forms API Changes

• #execute has been renamed to #submit for consistency
• _execute functions should be renamed to _submit
• Form validation has been improved with more consistent #validate handling
• Custom form elements can now set values for themselves

Node API Changes

• nodeapi op form has been replaced with the Forms API approach
• Check any custom modules that implement hook_nodeapi() with the 'form' operation

Database Layer

• db_rewrite_sql() has been updated with improved regex handling
• PostgreSQL users should review the database schema changes

Menu System

• Callbacks and arguments are now in a separate data structure from the visible menu tree
• External URLs are now supported in menus

After Upgrading

1. Run update.php: Navigate to update.php in your browser to update the database schema.
2. Clear caches: Clear all caches to ensure new code is used.
3. Test functionality: Thoroughly test your site, especially forms and content creation.
4. Check error logs: Monitor your logs for any new warnings or errors.

Upgrade Recommendations

This is a beta release (4.7.0-beta-3) and represents significant changes to Drupal's core systems, particularly the Forms API. While it includes many improvements and bug fixes, it's recommended to:

1. For production sites: Wait for the final 4.7.0 release unless you specifically need features or fixes in this beta.

2. For development sites: This is a good time to test your custom code against the new APIs, particularly if you have:

   • Custom form implementations
   • Custom node types or node API implementations
   • PostgreSQL-based installations
   • Complex menu structures

3. For new installations: If starting a new project, consider using this beta to familiarize yourself with the new APIs, but be prepared for potential changes before the final release.

The significant changes to the Forms API, menu system, and database handling make this an important release to test thoroughly in a staging environment before deploying to production. Pay particular attention to any custom modules that implement forms or interact with the node API.

Bug Fixes

Critical Fixes

• Fixed issue where users couldn't create new content
• Fixed problem with deleting forum and book revisions
• Resolved issue where anonymous user updates to nodes weren't working
• Fixed infinite loops in the update script
• Corrected problems with public user registrations
• Fixed uploads losing their state when editing content
• Resolved issue with comment ordering settings
• Fixed problem with theme not loading when styles are used

General Fixes

• Fixed issue where comments that should be in moderation queue were being published
• Resolved problem with taxonomy terms not being selected correctly
• Fixed cache problems with PostgreSQL
• Corrected issue where profile listing carried over people's data on subsequent users
• Fixed problem with editing signatures
• Resolved issue where forum icon does not display as locked if comments are "disabled"
• Fixed problem with global contact emails not being sent
• Corrected issue with long URLs being truncated
• Fixed problem where the input format was not correctly shown when editing a comment
• Resolved issue where deleting a profile field didn't delete values in profile_values table

New Features

Module Reordering

Modules can now be reordered to control their execution sequence, giving developers more control over how modules interact with each other.

Resizable Textareas

Content editors now benefit from resizable textareas, making it easier to work with varying amounts of content without constantly scrolling. This feature is disabled inside collapsed fieldsets for better usability.

External URLs in Menus

The menu system now supports external URLs, making it possible to link to resources outside of the Drupal site directly from the navigation menu.

'Change Own Username' Permission

A new permission has been added that allows administrators to control which roles can change their own usernames, providing more granular access control.

Separate Permission for PHP-based Block Visibility

Block visibility controlled by PHP code now has its own permission, improving security by limiting which administrators can use this powerful feature.

Improved CJK Search Support

The search module has been enhanced with better support for Chinese, Japanese, and Korean languages, including smarter highlighting for CJK strings and an optional default CJK tokenizer.

Security Updates

Protocol Whitelist Improvements

The protocol whitelist code has been improved to enhance security when handling URLs, reducing the risk of XSS attacks.

XSS Filter Enhancement

Fixed an XHTML slash issue in the XSS filter to prevent potential security vulnerabilities.

.htaccess File Protection Update

The .htaccess file has been updated with improved file protection settings to enhance overall site security.

Filter_xss_bad_protocol Refinement

The function that filters potentially dangerous protocols in URLs has been refined to be more precise while maintaining security.

Performance Improvements

URL Aliasing Optimization

Performance of URL aliasing has been optimized for newly installed sites, reducing the number of database lookups required.

Database Query Improvements

• Replaced array_key_exists() with isset() in several places for better performance
• Removed expensive object to array casts
• Improved performance of session loading
• Removed CONCAT() from queries to speed up node_access queries

Form Processing Optimization

The form processing system has been optimized to handle nested forms more efficiently and to reduce unnecessary processing when working with form elements.

Search Module Enhancements

The search module has been optimized to handle queries more efficiently, particularly for CJK languages, and to provide better results with fewer database operations.

Impact Summary

Drupal 4.7.0-beta-3 represents a substantial evolution in Drupal's architecture and capabilities. The most significant impact comes from the Forms API overhaul, which provides a more consistent and powerful framework for developers but requires updates to custom code. The addition of module reordering capabilities gives site builders more control over how modules interact, potentially resolving complex dependency issues.

For end users and content editors, the introduction of resizable textareas and improved taxonomy handling enhances the content creation experience. Administrators will appreciate the more granular permissions system, particularly for PHP-based block visibility and username changes.

The search improvements, especially for CJK languages, make Drupal more accessible to global audiences. Meanwhile, the numerous performance optimizations and PostgreSQL compatibility improvements demonstrate Drupal's commitment to being a robust, cross-platform CMS.

This beta release fixes many critical issues that affected core functionality like content creation, user management, and system upgrades. While still a beta, it shows significant progress toward a more stable, secure, and feature-rich Drupal 4.7.0 final release.