Drupal Release: 5.0-rc-2

TL;DR

Drupal 5.0-rc-2 is a significant release candidate that addresses numerous bugs, improves performance, enhances user experience, and refines documentation in preparation for the final 5.0 release. This update includes over 100 fixes and improvements across core functionality, with particular focus on translation support, UI refinements, and security enhancements. The release represents an important stabilization phase with no major new features but critical polish that makes Drupal more robust, accessible, and user-friendly.

Highlight of the Release

• Fixed HTML comment removal in filter_xss() for better security
• Improved performance for the new comments block
• Enhanced translation support throughout the system
• Fixed IE6/IE7 compatibility issues including grippie, downloads, and autocomplete
• Upgraded to jQuery 1.0.4
• Improved documentation including README.txt and UPGRADE.txt
• Better database handling with support for dots in table prefixes
• Fixed node caching for better performance

Migration Guide

Upgrading to Drupal 5.0-rc-2

This release candidate includes several changes that may require attention when upgrading:

Database Requirements

• MySQL 4.0 is now the minimum required version. MySQL 3.23 is no longer supported as it's no longer supported by the vendor.

API Changes

• node_search() now passes normalized ranking score out. If you have custom modules that interact with search results, you may need to update them.
• form_get_option_key() has been renamed and its behavior modified. If you use this function in custom code, you'll need to update your implementation.
• menu_set_active_item is now a complete inner redirection. Custom modules using this function may need adjustments.

Theme Changes

• If you have custom themes based on Garland or other core themes, check for CSS compatibility issues as several fixes have been applied.
• The jQuery library has been updated to version 1.0.4. Test any JavaScript functionality to ensure compatibility.

Settings.php Permissions

• The installation process now sets settings.php to read-only. This is clarified in the documentation and may affect your workflow if you manually edit this file.

Form Handling

• Several changes to form handling have been made, particularly around previews and validation. Test custom forms thoroughly after upgrading.

Path Handling

• Improvements to drupal_lookup_path() may affect custom path handling in modules. Test path-related functionality after upgrading.

For a complete list of changes, please review the full changelog. As this is a release candidate, it's recommended to thoroughly test your site after upgrading before deploying to production.

Upgrade Recommendations

Who Should Upgrade

• Sites running Drupal 5.0-rc-1: All sites running the previous release candidate should upgrade to 5.0-rc-2 to benefit from the numerous bug fixes and improvements.
• Testing environments: This release is ideal for testing environments preparing for the final Drupal 5.0 release.
• Development sites: Developers working on Drupal 5 compatibility should use this release for testing.

Upgrade Priority: Medium-High

This is a release candidate with significant bug fixes and improvements, making it an important update for anyone testing or developing with Drupal 5.0. While not a security release, it addresses several issues that could impact site functionality and user experience.

Upgrade Notes

1. Backup first: Always create a complete backup of your site files and database before upgrading.
2. Review UPGRADE.txt: The UPGRADE.txt file has been improved and contains important information about the upgrade process.
3. Test thoroughly: As this is a release candidate, thorough testing is essential before deploying to production environments.
4. Module compatibility: Check that your contributed modules are compatible with this release candidate.
5. Database requirements: Note that MySQL 4.0 is now the minimum required version.

Post-Upgrade Tasks

• Clear all caches after upgrading
• Test all critical site functionality
• Review the site with different browsers to ensure compatibility fixes work properly
• Check that translations are working correctly if your site is multilingual

For production sites not currently testing Drupal 5, it's recommended to wait for the final 5.0 release rather than upgrading to this release candidate.

Bug Fixes

Security and Validation

• Restored proper removal of HTML comments in filter_xss()
• Fixed locale strings handling to prevent XSS filtering on import or edit
• Improved security htaccess file creation with proper group permissions

UI and Browser Compatibility

• Fixed color picker help link
• Fixed broken help text in multiple locations
• Resolved issue with administration theme blocks not being editable when theme not enabled
• Fixed grippie (textarea resize handle) on IE6
• Addressed IE6 compatibility issues in Garland theme
• Corrected autocomplete dropdown positioning in IE6 and IE7
• Fixed downloads to work properly on IE6 with correct headers
• Resolved issue where fading elements in IE caused text to bleed
• Fixed issue with backspace in autocomplete fields

Content and Node Handling

• Fixed node caching
• Corrected forum topic teasers
• Fixed node preview functionality
• Resolved issue with node options reverting when non-admin edits a node
• Fixed node_form_add_preview() which was breaking if Preview button was altered
• Corrected handling of profiles that were no longer being themed due to missing CSS

Search and Navigation

• Fixed search menu items, particularly .../search/user under certain permissions
• Removed erroneous 'break' statement affecting navigation
• Improved path lookup with cleaned up drupal_lookup_path()

Forms and Validation

• Fixed validation of textfield maximum lengths
• Made username and email field #maxlengths consistent
• Fixed comment forms
• Corrected maxlength setting for feeds
• Fixed handling of selected options

Database and Performance

• Fixed SQL optimization for better performance
• Corrected handling of blob and text columns that can't have default values in MySQL
• Fixed query rewriting in presence of OR-clause
• Improved duplicate comment checking

Miscellaneous

• Fixed RSS feeds to validate properly
• Corrected HTTP headers (HTTP/1.0 -> HTTP/1.1 and back)
• Fixed caching bug with enabling and disabling themes/modules
• Resolved issue with help for content types containing '_'

New Features

While this is primarily a bug fix and enhancement release, there are a few notable improvements that could be considered new features:

API Improvements

• Added API function for dealing with form API #options arrays
• Modified node_search() to pass normalized ranking score out
• Made menu_set_active_item a complete inner redirection

User Experience Enhancements

• Added support for dots in database table prefixes
• Improved image quality settings toggle
• Made forum and container names links in forum administration
• Enhanced user picture support with pictures now appearing in node previews

Security Updates

Security Enhancements

• Fixed XSS Protection: Restored proper removal of HTML comments in filter_xss() function (issue #103563), which is critical for preventing cross-site scripting attacks.

• Improved Locale String Handling: Modified the system to not XSS filter locale strings on import or edit (issue #97640), preventing potential security issues while maintaining proper functionality.

• Enhanced .htaccess Security: Fixed security htaccess file creation to ensure proper group permissions are set (issue #86737), improving server-level security.

• Username Validation: Improved username validation checks to prevent potential security issues.

• Form Handling Security: Multiple fixes to form handling that could have security implications, including better validation of textfields and handling of form submissions.

• Download Security: Improved file download handling with correct headers to prevent potential security issues, particularly in IE6.

Performance Improvements

Speed Optimizations

• Significantly improved the new comments block performance (issue #69111)
• Enhanced node caching for better overall site performance
• Implemented more efficient style which hits the static cache (issue #104617)
• Added small SQL optimization for better database performance (patch #105540)
• Improved path lookup efficiency with cleaned up drupal_lookup_path() function
• Moved logging to exit hook for better performance (patch #77971)

Caching Improvements

• Better cache headers for static files to improve browser caching
• Fixed caching bug related to enabling and disabling themes/modules
• Improved database query efficiency by avoiding redundant SQL queries
• Enhanced tracker calculations to include updated posts

Resource Usage

• More efficient handling of form elements and validation
• Better handling of database connections and queries
• Improved memory usage through code optimizations

Impact Summary

Drupal 5.0-rc-2 represents a significant step toward a stable Drupal 5.0 release, with over 100 fixes and improvements across the entire platform. This release candidate focuses on stabilization rather than introducing new features, addressing numerous bugs, enhancing performance, and improving the overall user experience.

The most notable improvements include enhanced translation support throughout the system, better browser compatibility (particularly for IE6 and IE7), performance optimizations for comments and node caching, and numerous UI refinements. Security has been strengthened with fixes to the XSS filtering system and improved form validation.

For developers, the upgrade to jQuery 1.0.4, improvements to the Form API, and better database handling provide a more robust foundation for building Drupal sites. Content creators will benefit from fixed preview functionality, better text area handling, and improved forum features.

Administrators will appreciate the enhanced block management, better user administration tools, and improved caching behavior when managing themes and modules. The documentation has also been significantly improved, with clearer installation instructions and better API documentation.

While this release doesn't introduce major new features, the cumulative effect of these improvements results in a more polished, secure, and performant content management system that's moving confidently toward a stable 5.0 release. Sites currently testing Drupal 5 should upgrade to this release candidate to benefit from these improvements and help identify any remaining issues before the final release.