Drupal Release: 7.0-alpha4

TL;DR

Drupal 7.0-alpha4 brings significant improvements to the core functionality with over 10,000 code changes. This release focuses on critical bug fixes, performance optimizations, and API improvements. Key updates include fixes for taxonomy handling, AJAX functionality, field management, and database transactions. Security vulnerabilities have been addressed, particularly in comment and OpenID modules. The release also improves accessibility, enhances multilingual support, and refines the user interface. This alpha version represents continued progress toward a stable Drupal 7 release with better performance, security, and developer experience.

Highlight of the Release

• Fixed critical bug in taxonomy term hierarchies that were destroyed during programmatic updates
• Improved database performance with optimized node_save(), comment_save(), and taxonomy_term_save() functions
• Enhanced security with fixes for CSRF vulnerability in comment module and XSS vulnerability in profile module
• Added support for savepoints in nested database transactions
• Improved accessibility for vertical tabs and form elements
• Fixed critical issues with field management and AJAX functionality
• Enhanced multilingual support with fixes for field languages and content translation

Migration Guide

Upgrading to Drupal 7.0-alpha4

Database Schema Changes

• The {image_styles}.name column is now unique. If you have custom image styles with duplicate names, they will need to be renamed.
• Several database optimizations have been implemented. If you have custom modules that interact directly with the database, ensure they follow the new patterns.

API Changes

• The drupal_unpack() function has been removed due to namespacing collisions. Update any code that relies on this function.
• jQuery functions are now namespaced to prevent conflicts. Update custom JavaScript to use the namespaced versions.
• Field-related function names have been standardized on 'field'. Update any custom code that uses the old naming conventions.
• The 'cacheable' property in hook_entity_info() has been renamed. Update implementations accordingly.
• The ['#redirect'] syntax has been deprecated in favor of ['redirect']. Update any code using the old syntax.

Theme Changes

• Several theme functions have been removed or renamed. Check your theme implementations against the updated API.
• The CSS contains fewer differences between JS and no-JS versions. Test your themes in both contexts.
• Block HTML IDs no longer contain underscores. Update any CSS or JavaScript that targets these elements.

Module Updates

• If you have custom modules that implement hook_field_storage_load(), check the updated documentation for parameter changes.
• Modules using AJAX should test thoroughly as several AJAX-related bugs have been fixed.
• Modules that extend block visibility settings should be updated to work with the new implementation.

Upgrade Recommendations

Who should upgrade: This is an alpha release intended primarily for developers and site builders who want to test and contribute to Drupal 7's development. It is not recommended for production sites.

Upgrade path: If you're currently running Drupal 7.0-alpha3, you can upgrade directly to 7.0-alpha4. The upgrade process should handle all database schema changes automatically.

Testing recommendation: Before upgrading any site, even a development one:

1. Make a complete backup of your site and database
2. Test the upgrade on a staging environment first
3. Pay special attention to custom modules and themes that may need updates to work with API changes
4. Test all critical site functionality after upgrade

Module compatibility: Many contributed modules are still being updated for Drupal 7 compatibility. Check with module maintainers before assuming a module will work with this alpha release.

Known issues: As an alpha release, there are still known issues and bugs. Review the release notes and issue queue before upgrading, and be prepared to encounter and report new issues.

Next steps: The Drupal 7 release cycle will continue with additional alpha or beta releases before a stable release. Plan accordingly for future updates.

Bug Fixes

Critical Bug Fixes

• Taxonomy Issues:

  • Fixed critical bug where programmatic term updates destroyed hierarchies
  • Fixed taxonomy term form being rebuilt even after final submit
  • Optimized taxonomy_term_save() function

• AJAX and Form Handling:

  • Fixed ajax_process_form() returning settings for elements not re-rendered in AJAX requests
  • Fixed AJAX triggered by non-submit elements failing when elements are validated
  • Fixed issue where AJAX forms could submit inappropriately to system/ajax after failed validation

• Field Management:

  • Fixed fields with unlimited maximum length causing database errors
  • Fixed fields being editable regardless of whether a bundle instance exists
  • Fixed issue where installing image.module on an upgraded site did not install schema due to module name overlap

• URL and Path Handling:

  • Fixed URL aliases marked 'all languages' from UI not working
  • Fixed admin/structure/taxonomy paths using vid instead of machine_name()

• Database and Transactions:

  • Fixed transaction support for old SQLite versions
  • Added savepoints for nested transactions
  • Fixed unindexed query to taxonomy_index() table during hook_node_delete()

• Other Important Fixes:

  • Fixed theme_get_setting() returning incorrect values for disabled features
  • Fixed OpenID auto-registration not enforcing email verification
  • Fixed JavaScript #states not hiding fieldsets, radios, checkboxes
  • Fixed DBLog listings truncating messages in the middle of HTML tags
  • Fixed block visibility settings that could not be properly extended
  • Fixed HTML corrector filter issues with unescaped CDATA and incorrectly closed tags

New Features

Enhanced Color Module

The color module now supports flexible color schemes and gradients, removing hard-coded assumptions about the Garland theme. This allows for more customizable themes with dynamic color options.

Improved Role Management

A confirmation form has been added for role deletion, providing better user experience and preventing accidental deletions. The form handling has also been cleaned up for better maintainability.

Cross-Schema Database Support

Improved support for cross-schema/database prefixing, allowing Drupal to work more effectively across different database schemas as previously claimed but not fully implemented.

Multilingual Enhancements

• Better handling of node language and field languages that may differ
• Improved multilingual field test coverage
• Support for translatable user role names

RDF Improvements

• Cleaned up RDF namespaces and mappings
• Improved RDF markup for comment counts on teasers
• Enhanced RDF tests

Security Updates

Critical Security Fixes

• CSRF Vulnerability in Comment Module:

  • Removed Cross-Site Request Forgery vulnerability in the comment module (#66264)
  • This fix prevents malicious sites from performing actions on behalf of authenticated users

• XSS Vulnerability in Profile Module:

  • Fixed Cross-Site Scripting vulnerability in profile.module (#611532)
  • Prevents attackers from injecting malicious scripts through profile fields

• OpenID Security Enhancement:

  • Enforced email verification with OpenID auto-registration (#395340)
  • Ensures that users registering via OpenID must verify their email addresses

• Role Management Security:

  • Added confirmation form for role deletion (#750290)
  • Prevents accidental or malicious deletion of user roles

• Form Security:

  • Fixed server-side enforcement of #disabled form elements (#426056)
  • Ensures that disabled form elements cannot be manipulated through direct POST requests

Performance Improvements

Database Optimization

• Optimized node_save() function to reduce database queries and improve performance
• Optimized comment_save() function for better efficiency
• Optimized taxonomy_term_save() for improved performance
• Added MySQL-optimized tableExists() implementation
• Optimized _field_invoke() to reduce overhead during field operations
• Removed ineffective static caching of $path within url() function
• Implemented drupal_static_fast() pattern in element_info() for better performance

Caching Improvements

• Fixed _text_field_sanitize() which caused double caching
• Improved static caching in color.module
• Fixed issue where search links caused many nodes to be indexed twice

Resource Usage

• Improved efficiency by not calling is_writable() in each request
• Optimized restripe() AJAX command
• Removed drupal_unpack() due to namespacing collisions that affected performance
• Improved cache clearing during module installation and updates

Impact Summary

Drupal 7.0-alpha4 represents a significant step forward in the Drupal 7 development cycle with over 10,000 code changes. This release focuses on stabilizing core functionality through critical bug fixes, performance optimizations, and API improvements.

The most impactful changes address fundamental issues in taxonomy handling, AJAX functionality, field management, and database transactions. Site administrators will benefit from fixed taxonomy hierarchies and improved block visibility settings. Developers gain from standardized field naming conventions, enhanced database transaction support, and better entity handling.

Performance improvements are notable, with optimized save functions for nodes, comments, and taxonomy terms, as well as smarter caching implementations. Security has been strengthened by addressing CSRF and XSS vulnerabilities in the comment and profile modules.

Accessibility enhancements improve the experience for all users, particularly with vertical tabs and form elements. Multilingual support continues to improve with better handling of field languages and content translation.

While this is still an alpha release with known issues, it demonstrates the Drupal community's commitment to quality and continuous improvement as the project moves toward a stable Drupal 7 release.