Drupal Release: 7.17

TL;DR

Drupal 7.17: Documentation Improvements and Bug Fixes

Drupal 7.17 is primarily a maintenance release focused on documentation improvements, bug fixes, and minor enhancements. This update addresses numerous API documentation issues, fixes several critical bugs including session handling problems, improves multilingual support, and enhances the stability of core modules like Aggregator, Field API, and Taxonomy. While not introducing major new features, this release improves the developer experience through better documentation and fixes several user-facing issues that enhance overall usability and security.

Highlight of the Release

• Extensive API documentation improvements across many core functions and hooks
• Fixed session handling issues with drupal_save_session() and cron runs
• Added support for proxy servers in drupal_http_request()
• Fixed issues with EntityFieldQuery for taxonomy bundles
• Improved multilingual support with proper language identifiers
• Fixed issues with aggregator module handling long URLs and author entries
• Enhanced security documentation in settings.php

Migration Guide

This release does not contain major API changes that would require significant migration efforts. However, there are a few changes to be aware of:

Entity View Mode Alteration

If your module interacts with entity view modes, be aware of the new hook_entity_view_mode_alter(). This hook allows modules to change the view mode of entities being displayed. If you have custom code that manipulates view modes, consider using this hook instead.

/**
 * Implements hook_entity_view_mode_alter().
 */
function mymodule_entity_view_mode_alter(&$view_mode, $context) {
  // Change the view mode based on certain conditions.
  if ($context['entity_type'] == 'node' && $context['entity']->type == 'article') {
    $view_mode = 'my_custom_view_mode';
  }
}

Field Widget Info

If you implement hook_field_widget_info(), you can now add a 'weight' property to control the ordering of widgets in the UI:

/**
 * Implements hook_field_widget_info().
 */
function mymodule_field_widget_info() {
  return array(
    'my_widget' => array(
      'label' => t('My widget'),
      'field types' => array('text'),
      'weight' => 5, // Lower values appear before higher values
    ),
  );
}

Database Changes

If you're using PostgreSQL and have custom update functions that operate on binary data, be aware of the fix for ILIKE operator on bytea fields not being supported.

Upgrade Recommendations

Who should upgrade?

All Drupal 7 site owners should upgrade to Drupal 7.17, especially:

• Sites using multilingual features
• Sites using the Aggregator module with long URLs or author entries
• Sites running behind proxy servers
• Sites experiencing session-related issues
• Developers working with the Field API, EntityFieldQuery, or taxonomy bundles

Upgrade urgency: Medium

While this release doesn't contain critical security fixes, it addresses several bugs that could affect site functionality and user experience. The improvements to documentation and API consistency also make this a worthwhile upgrade for developers.

Upgrade steps:

1. Back up your database and files: Always create a full backup before upgrading.
2. Update your codebase: Replace your existing Drupal core files with the 7.17 release, being careful not to overwrite any customizations or contributed modules.
3. Run update.php: Visit example.com/update.php in your browser and follow the instructions to update the database schema.
4. Clear caches: Clear all caches either through the admin interface or using Drush (drush cc all).
5. Test thoroughly: Pay special attention to testing multilingual features, the Aggregator module, and any custom code that interacts with taxonomy or entity view modes.

Special considerations:

• If you've implemented custom code that interacts with entity view modes, review the new hook_entity_view_mode_alter() to ensure compatibility.
• If you're using PostgreSQL, test any custom update functions that operate on binary data.

Bug Fixes

• Session Handling: Fixed issues where drupal_save_session() was not properly respected by session regenerate and destroy functions, and where cron runs unconditionally re-enabled writing of user sessions.

• Database Issues:

  • Fixed a problem where update #7002 failed on PostgreSQL due to ILIKE operator not being supported on bytea fields.
  • Fixed an issue with db_rename_table() function documentation.
  • Removed an unnecessary join in a database query.

• Form and UI Issues:

  • Fixed form redirects removing GET variables like sort and order.
  • Fixed double-escaping of shortcut set titles with check_plain().
  • Fixed a minor HTML bug in Seven's page.tpl.php (double occurrence of "ul" on secondary local tasks).
  • Fixed a border issue on vertical tabs in Google Chrome and Safari.
  • Fixed an issue where submitting required form elements without a title didn't display an error.

• Multilingual Support:

  • Fixed language links that were missing language identifiers.
  • Fixed an issue where the plural formula field only accepted 128 characters.

• Module-specific Fixes:

  • Aggregator: Fixed issues with parsing author entries longer than 255 characters and handling feed URLs longer than 255 characters.
  • Taxonomy: Fixed double encoding of vocabulary titles and issues with taxonomy term pages.
  • Forum: Fixed poor performance of _forum_update_forum_index() when passed a non-forum node and fixed a notice generated when programmatically creating a forum node.
  • File Handling: Fixed regression where {file_managed()}.filename was incorrectly set as binary.
  • OpenID: Fixed OpenID discovery and login tests failing on HTTPS sites.
  • Node: Fixed ambiguous fields in node query conditions.
  • Book: Fixed empty table pattern for 'Edit [book's] order and titles' admin page.

• Other Fixes:

  • Fixed an issue where attaching a forbidden file to a node gave an error message with a bogus file path.
  • Fixed a PHP 5.4 compatibility issue with Simpletest where CURLOPT_COOKIEJAR cannot be NULL.
  • Fixed special characters being encoded twice for feed icon attribute title.
  • Fixed an issue where theme_item_list() was broken when 'items' variable was an associative array.
  • Fixed Fast 404 'Not found' pages missing a doctype.

New Features

• Proxy Server Support: Added support to drupal_http_request() for proxy servers, making it easier to use Drupal in environments that require proxy connections.

• Entity View Mode Alteration: Added hook_entity_view_mode_alter() to allow modules to change the view mode of entities being displayed.

• Module Usage Statistics: Enabled Drupal.org to collect statistics on enabled sub-modules and core modules, helping the community understand which modules are most widely used.

• Improved Field Widget Ordering: Added 'weight' support to hook_field_widget_info(), making it possible to properly order field widgets in the UI.

Security Updates

• Settings.php Documentation: Added a note to settings.php about updates and security, clarifying that on some servers, the Update Manager allows administrators to directly execute arbitrary code even without the PHP module.

• Error Level Constants: Fixed an issue where error level constants could not be used in settings.php, which could lead to security misconfiguration.

• Session Handling: Fixed issues with session regeneration and destruction functions not adhering to drupal_save_session(), which could potentially lead to session-related security issues.

• Content-Type Header: Fixed a non-standard and pointless name attribute added to Content-Type header, which could potentially be exploited in certain scenarios.

• Password Handling: Fixed a bug which prevented users with passwords over 60 characters from logging in via the user login block, ensuring proper authentication for users with strong passwords.

Performance Improvements

• Forum Module: Fixed poor performance of _forum_update_forum_index() when passed a non-forum node, which could cause slowdowns when working with non-forum content.

• Image Module: Fixed broken caching in image_effects_definitions(), which improves performance when working with image styles.

• Watchdog Logging: Updated watchdog() to use PHP's time() function to log the time of events, which is more efficient than previous implementations.

• Database Optimization: Removed an unnecessary join in a database query, which improves query performance.

• Static Cache: Fixed an issue with drupal_reset_static() for drupal_html_id() when form validation fails, preventing unnecessary cache resets.

Impact Summary

Drupal 7.17 is primarily a maintenance release that focuses on documentation improvements, bug fixes, and minor enhancements rather than introducing major new features. The impact of this release is most significant for developers through extensive API documentation improvements and fixes to several developer-facing issues.

For site administrators, the release addresses several important bugs related to session handling, proxy server support, and the Update Manager. These fixes improve the overall stability and security of Drupal 7 sites.

Content editors benefit from fixes to taxonomy term pages, better handling of special characters in feeds, and improvements to the forum module. These changes enhance the content management experience and fix several frustrating issues.

Multilingual site users will appreciate the improved language switching with proper language identifiers and the updated Uyghur language name.

The release also includes several performance improvements, particularly in the forum module, image handling, and database queries. While these improvements are incremental rather than transformative, they contribute to a more efficient and responsive Drupal experience.

From a security perspective, the release includes better documentation about security considerations in settings.php and fixes issues with session handling and error level constants. While not addressing critical vulnerabilities, these changes help maintain the security posture of Drupal 7 sites.

Overall, Drupal 7.17 represents a solid maintenance release that addresses a wide range of issues across the platform, improving stability, documentation, and user experience without requiring significant adaptation from site owners or developers.