Drupal Release: 7.22

TL;DR

Drupal 7.22 Release Overview

Drupal 7.22 is primarily a maintenance and documentation release that includes numerous API documentation improvements, bug fixes, and several performance enhancements. Key improvements include memory usage optimization for field handling, better RDFa markup compatibility, enhanced Field API functionality, and various security hardening measures. This release also adds several developer-friendly features like PSR-0 test class support and the ability to override HTTP requests.

Highlight of the Release

• Optimized memory usage in field handling with improvements to _field_info_collate_fields()
• Added PSR-0 test class support for developers
• Enhanced Field API with new functions to act on single fields within entities
• Made RDFa markup upward compatible with RDFa 1.1
• Added severity index to watchdog table for better logging
• Fixed security issues with file uploads and temporary files
• Improved documentation across multiple core modules

Migration Guide

This release doesn't contain major breaking changes that would require extensive migration efforts. However, there are a few changes that developers should be aware of:

Field API Changes

If you've implemented custom code that interacts with the Field API, be aware of two significant changes:

1. Memory Usage Optimization: The _field_info_collate_fields() function has been optimized for memory usage. While this shouldn't affect properly written code, any modules that rely on implementation details of this function might need review.

2. Single Field Operations: New functionality allows acting on a single field within an entity. If you've implemented custom field handling, consider using these new capabilities for better performance.

RDFa Markup Changes

The RDFa markup has been made upward compatible with RDFa 1.1. If you have custom code that parses or generates RDFa, you should test it with this update.

HTTP Request Handling

The drupal_http_request() function can now be overridden. If you have custom code that relies on specific behavior of this function, you should test it after updating.

PSR-0 Test Classes

If you're writing tests, you can now use PSR-0 compliant class organization. This is an addition, not a breaking change, so existing tests will continue to work.

Upgrade Recommendations

Who should upgrade?

All Drupal 7 sites should upgrade to version 7.22, especially:

• Sites experiencing memory issues with field handling
• Sites with security concerns about file uploads or temporary files
• Developers who want to take advantage of the new Field API capabilities or PSR-0 test class support
• Sites experiencing any of the specific bugs fixed in this release

Upgrade Priority: Medium

This is a maintenance release with important bug fixes and performance improvements, but no critical security fixes. While not urgent, upgrading is recommended to benefit from the numerous improvements and fixes.

Upgrade Process

1. Backup your site: Always create a complete backup of your files and database before upgrading.

2. Review custom code: If you have custom modules that interact with the Field API or override core functions, review them against the changes in this release.

3. Test in a staging environment: Test the upgrade in a non-production environment first, especially if you have complex customizations.

4. Follow standard upgrade procedure:

   • Replace all core files and directories except for the 'sites' directory
   • Run update.php to apply any necessary database updates
   • Clear all caches

5. Test functionality: After upgrading, thoroughly test your site's functionality, especially areas related to fields, file handling, and forms.

Bug Fixes

• Database Connection Issues: Fixed a memory leak in DatabaseConnection::__construct() and DatabaseConnection_mysql()::__construct() that could cause "Too many connections" errors.

• Form Handling Fixes:

  • Fixed AJAX form issues with file elements (encoding=multipart/form-data)
  • Fixed machine name not updating correctly when selecting previous input values
  • Fixed _form_set_class() being too aggressive in assigning the 'error' class

• File System Fixes:

  • Fixed issue where anti-DoS measures were breaking some file URIs
  • Fixed private images being visible by direct URL
  • Fixed SkipDotsRecursiveDirectoryIterator not skipping dot-files when they are the first entry
  • Fixed Content-Disposition header issues with private files

• Language and Internationalization:

  • Fixed comment field language handling which was completely broken
  • Fixed notice in locale_languages_edit_form_validate()

• Node and Content Management:

  • Fixed access denied page shown after submitting form that creates an unpublished node
  • Fixed notices in taxonomy autocomplete
  • Fixed dynamic tokens not working with spaces

• UI and Theme Issues:

  • Fixed sticky table header tables not inheriting parent table's outer width
  • Fixed forum-rtl.css not overriding #forum div.indent from margin-left to margin-right
  • Fixed overlay overwriting existing target attributes

• Update and Installation Issues:

  • Fixed enforced dependencies errors when updating to recent versions of Drupal 7
  • Fixed D6->D7 upgrade issue where system_update_7007() would fail
  • Added workaround for system update #7061 failing due to memory leak

• Other Fixes:

  • Fixed multiple OpenID implementations causing invalid requests
  • Fixed "Uncaught TypeError" in ajax.js
  • Fixed PHP notices when creating menu link '#'
  • Fixed incorrect log message when theme() is called for a non-existent theme hook

New Features

• PSR-0 Test Class Support: Added support for PSR-0 compliant test classes, allowing developers to use modern PHP class organization standards in their test code.

• Enhanced Field API: New functionality allows developers to act on a single field within an entity, providing more granular control over field operations.

• Overridable HTTP Requests: Added ability to override drupal_http_request(), giving developers more flexibility in handling external HTTP communications.

• Watchdog Severity Index: Added a severity index to the watchdog table, improving log filtering and organization capabilities.

• Installation Improvements:

  • Added 'exclusive' flag to install profiles to auto-select them during installation
  • Added 'install another module' link after installing a module

• Testing Enhancements: Added DrupalWebTestCase::assertThemeOutput() to allow modules to test theme function output.

• Cron URL Display: Added display of cron URL in admin/config/system/cron page for easier cron setup.

Security Updates

• File Upload Security: Added tests for SA-CORE-2012-004 (Arbitrary code execution via file upload) and implemented additional security measures.

• Temporary File Restrictions: Restricted temporary files created by text editors to prevent potential security issues.

• HTTPS Protocol Security: Made default htaccess rules protocol sensitive to avoid man-in-the-middle attacks if users don't fully customize the rule.

• One-time Login Auditing: Enhanced watchdog logging for one-time login links to make them more useful for security auditing.

• Private File Access: Fixed issues with private images being visible by direct URL, improving content access control.

Performance Improvements

• Field System Optimization: Significantly improved memory usage in _field_info_collate_fields(), which can lead to better performance on sites with many fields.

• Comment Update Optimization: Improved performance by not re-preparing comment update timestamp if it's the same as the created timestamp.

• Database Handling: Fixed issues with DatabaseCondition not cloning SelectQuery value objects, which could lead to performance problems.

• SQLite Performance: Fixed a workaround in UpdateQuery_sqlite() for affected rows count that was causing certain updates to be suppressed.

• Reduced Redundant Processing: Several fixes removed unnecessary variable assignments and function calls, including:

  • Removed useless variable assignment in node_feed()
  • Fixed search_view() initializing variables that were never used
  • Removed unnecessary node_type_get_type() call in node_validate()
  • Fixed theme_checkbox() and theme_form_element() initializing variables that were never used
  • Removed assignment to unused variable in book_export_html()

Impact Summary

Drupal 7.22 is primarily a maintenance and documentation release that brings significant improvements to developer experience and site performance. The extensive API documentation updates across multiple modules make the codebase more accessible and easier to work with for developers.

Performance improvements, particularly the memory usage optimization in field handling, will benefit sites with many fields or complex content types. This could result in noticeable performance gains for larger sites.

Security has been enhanced through better file handling, improved HTTPS protocol security, and better audit logging. While not addressing critical vulnerabilities, these improvements help maintain a strong security posture.

For site administrators, fixes to update processes and dependency handling resolve frustrating issues that could block site updates. The addition of a severity index to the watchdog table improves log management capabilities.

Content editors will benefit from fixes to form handling, taxonomy autocomplete, and unpublished node access issues, resulting in a smoother content creation experience.

The addition of PSR-0 test class support and enhanced Field API capabilities gives developers more modern and flexible tools for building and testing Drupal sites.

Overall, while not introducing major new features, this release significantly improves the stability, security, and developer experience of Drupal 7.