Drupal Release: 7.0-alpha3

TL;DR

Drupal 7.0-alpha3 brings significant improvements to performance, security, and developer experience. This release includes major upgrades to jQuery (1.4.2) and jQuery UI (1.8), enhanced database schema handling, improved OpenID support, and numerous bug fixes. Key performance optimizations include better caching mechanisms, more efficient user handling, and streamlined path handling. The release also introduces new form API features, better multilingual support, and improved RDF capabilities. While still an alpha release, these changes represent important progress toward a more robust and developer-friendly Drupal 7.

Highlight of the Release

• Upgraded to jQuery 1.4.2 and jQuery UI 1.8
• Improved performance with optimized database queries and caching
• Enhanced OpenID support with AX and Google discovery protocol
• New Form API #type 'text_format' for better handling of rich text fields
• Better multilingual support for user emails and interface elements
• Improved fieldset behavior across all browsers
• Enhanced RDF capabilities for better semantic web integration
• IPv6 support for better connectivity

Migration Guide

jQuery and jQuery UI Upgrade

When upgrading to Drupal 7.0-alpha3, custom JavaScript that relies on jQuery may need updates:

1. jQuery has been upgraded to 1.4.2, which has some breaking changes from previous versions
2. jQuery UI has been upgraded to 1.8, which may affect custom widgets and interactions
3. Test all custom JavaScript thoroughly after upgrading

Form API Changes

The new 'text_format' form element type replaces previous methods for handling formatted text:

// Old way
$form['body'] = array(
  '#type' => 'textarea',
  '#title' => t('Body'),
);
$form['format'] = filter_form();

// New way
$form['body'] = array(
  '#type' => 'text_format',
  '#title' => t('Body'),
  '#format' => 'filtered_html', // Optional default format
);

Database Schema Changes

Several database schema changes require attention:

1. Field names have been shortened for PostgreSQL compatibility
2. Index handling has been improved, particularly for PostgreSQL
3. Custom modules that manipulate schema should use the improved error handling

OpenID Implementation

If your site uses OpenID or extends it:

1. The OpenID implementation is now more pluggable
2. AX support has been added alongside SREF
3. Google's OpenID discovery protocol is now supported

User Management

Several changes to user handling may affect custom code:

1. user_save() has been optimized and some code removed
2. user_load_self() has been removed
3. The user.data field no longer stores passwords in plain text

Upgrade Recommendations

This is an alpha release (7.0-alpha3) and is not recommended for production sites. It's suitable for:

1. Developers who want to test their modules and themes against upcoming Drupal 7 changes
2. Site builders who want to explore new features and provide feedback
3. Contributors who want to help identify and fix bugs before the stable release

If you're upgrading from a previous alpha version (7.0-alpha2), be aware that:

1. Database schema changes may require careful testing
2. JavaScript functionality might break due to jQuery and jQuery UI upgrades
3. Custom modules using deprecated functions will need updates

For those on Drupal 6, wait for the stable Drupal 7 release before upgrading production sites. Use this alpha only on development or test environments to prepare for the eventual migration.

When testing this alpha, pay special attention to:

• JavaScript functionality with the new jQuery versions
• Form handling with the new text_format element
• Database operations, especially on PostgreSQL
• User authentication and session handling
• Multilingual site functionality

Report any issues you find to the Drupal issue queue to help improve the final release.

Bug Fixes

User Management

• Fixed account getting blocked when user edits their profile
• Fixed user passwords being stored in users.data in plain-text
• Improved user_save() performance by removing and reworking code
• Fixed user session regeneration for blocked users

Content and Display

• Fixed theme_get_suggestions() failing to return 'page__front()' suggestion on front page
• Fixed 'Add new comment' text being put into the search index along with each node
• Fixed 'Forums' term defaulting to 'None'
• Fixed large gap above node preview in overlay
• Fixed overlay tab behaviors

Database and Schema

• Fixed indexExists() for PostgreSQL and SQLite not prefixing tablename
• Fixed DatabaseSchema_pgsql()::renameTable() not renaming indexes
• Fixed precision loss in DatabaseStatement_sqlite()::getStatement()
• Fixed field names being too long for PostgreSQL compatibility
• Fixed schema not being available in hook_install()

JavaScript and UI

• Fixed inline JavaScript not working due to unescaped CDATA element
• Fixed nojs/ajax replacement
• Fixed tabledrag.js undefined error
• Fixed vertical tabs not using full available width
• Fixed filter UI broken by jQuery 1.4 upgrade
• Fixed keyboard navigation in "Seven" theme

Performance and Caching

• Fixed timers accumulated at double-speed in certain scenarios
• Fixed cache returning serialized data only in certain conditions
• Fixed block caching per-role, per-user, per-page

Other Fixes

• Fixed Return-Path being overwritten by PHP mail() function
• Fixed deleting custom block not cleaning block_role() table
• Fixed orphaned assigned actions still being triggered
• Fixed (un)publishing several comments not working
• Fixed language_initialize() needing to clean up ['q']
• Fixed drupal_validate_form() not working on the same form more than once
• Fixed default template for 'Account activation' mail missing one-time-login link

New Features

JavaScript Libraries

• Upgraded to jQuery 1.4.2 for better performance and compatibility
• Upgraded to jQuery UI 1.8 with enhanced functionality
• Added border-radius support for IE9 and Opera 10.50

Form API and UI Improvements

• Introduced Form API #type 'text_format' for better DX/security around rich text fields
• Added #field_prefix and #field_suffix support for all form elements (previously only for textfields)
• Improved fieldset behavior across all browsers
• Enhanced resizable textarea behavior for more predictable results

OpenID Enhancements

• Added OpenID AX support (in addition to SREF)
• Made OpenID more pluggable for extension in contrib modules
• Added support for Google's OpenID discovery protocol
• Added support for openid.invalidate_handle

Content Management

• Added ability to change the amount of blog posts listed
• Improved block selection UI with ability to select region at block creation
• Enhanced dashboard with better feedback when clicking 'Done'

Multilingual Support

• Added multilanguage support for user emails
• Improved locale import protection for plural forms
• Fixed contact categories translation with i18n

Other Features

• Added IPv6 support for better connectivity
• Added logging of who installs/uninstalls modules
• Enhanced RDF capabilities with standardized foaf:Person URI for user profiles

Security Updates

User Authentication and Session Management

• Fixed session regeneration for blocked users (SA-CORE-2010-001)
• Removed storage of plain-text passwords in users.data
• Improved handling of user sessions and authentication

Form and Input Handling

• Introduced Form API #type 'text_format' for additional security around rich text fields
• Fixed inconsistent use of filter_xss_admin() on certain functions
• Improved text format handling and permissions

Request Handling

• Enhanced request_uri() to prevent potential security issues in HTML output
• Improved IP address identification for better security
• Added IPv6 support for more comprehensive network handling

Other Security Improvements

• Improved locale import protection for plural forms
• Enhanced error handling in the database layer
• Made cron run as anonymous user when invoked via the run-cron link on the status report page

Performance Improvements

Database and Query Optimization

• Replaced LOWER() with db_select() and LIKE() where possible for better performance
• Improved path_save() performance
• Removed static caching from drupal_multilingual() for better test compatibility
• Optimized rdf.module for displaying multiple comments
• Allowed modules to bypass taxonomy_get_tree() for term reference select lists

User Management

• Improved performance of user_save() by removing and reworking code
• Removed pointless db_delete()('user_roles()') for new users
• Removed user_load_self() as it was not used

JavaScript and UI

• Used transparent PNG instead of opacity for overlay background to gain rendering performance
• Optimized Drupal.parseJSON for better JavaScript performance
• Ordered JS files according to weight for better loading
• Reverted to numeric placeholders for comment menu paths for performance

Caching and Resource Management

• Improved block caching per-role, per-user, per-page
• Fixed cache returning serialized data only in certain conditions
• Improved static caching for strings per language

Other Optimizations

• Fixed modules_installed() during testing for better performance
• Fixed drupal_lookup_path() to respect alias order
• Improved entity loading with fixed recursed entity loading

Impact Summary

Drupal 7.0-alpha3 represents a significant step forward in the development of Drupal 7, with major improvements to performance, security, and developer experience. The upgrade to jQuery 1.4.2 and jQuery UI 1.8 brings modern JavaScript capabilities but may require updates to custom code. Performance optimizations throughout the codebase—particularly in database queries, user handling, and caching—should result in faster sites.

Security has been enhanced with better session handling, improved text format security, and fixes for several potential vulnerabilities. The new Form API text_format element provides a more secure and developer-friendly way to handle rich text fields.

For multilingual sites, improvements to user emails, locale handling, and contact form translations make Drupal more globally accessible. The enhanced OpenID support with AX and Google discovery protocol integration improves authentication options.

Database compatibility has been improved, particularly for PostgreSQL and SQLite users, with better schema handling and index management. The addition of IPv6 support ensures Drupal is ready for the next generation of internet addressing.

While this is still an alpha release with potential instability, it demonstrates the Drupal project's commitment to performance, security, and developer experience improvements that will benefit all users in the final Drupal 7 release.