Drupal Release: 7.33

TL;DR

Drupal 7.33: Performance Improvements, Bug Fixes, and Documentation Updates

This release focuses on improving performance, fixing bugs, and enhancing documentation. Key improvements include better database query optimization, increased file extension character limits, fixes for image handling, and enhanced RDFa metadata implementation. Security and stability improvements address issues with cache handling, UTF-8 validation, and transaction management. This is primarily a maintenance release that improves the overall stability and performance of Drupal 7 without introducing major new features.

Highlight of the Release

• Improved database query performance with EntityFieldQuery by reducing the number of INNER JOINs
• Fixed block caching issues on sites with hook_node_grants() that caused performance problems
• Increased character limits for file field extensions (from 128 to 256) and block titles (to 255)
• Better handling of user pictures during user account updates to prevent accidental deletion
• Enhanced RDFa metadata implementation for better semantic web support
• Fixed issues with CSS aggregation and throbber alignment across browsers

Migration Guide

This release doesn't contain major API changes requiring extensive migration efforts. However, there are a few changes that developers should be aware of:

View Mode Name Change

The "Search result" view mode has been renamed to "Search result highlighting input" to better reflect how it is used (#1166114). If your code references this view mode by name, you'll need to update it.

RDFa Metadata Changes

Several changes have been made to RDFa metadata implementation:

• RDFa metadata tags are now hidden by default (#2301955)
• Title RDFa metadata is now placed inside entity HTML element (#1323830)
• Number of comments metadata is now placed inside node template (#2130673)

If you have custom themes that interact with RDFa metadata, you may need to review these changes.

Field API Exception Handling

Field exceptions now return the name of the field that has exceptions (#1231710). If you have custom error handling for field exceptions, you may want to take advantage of this additional information.

HTTP Header Date Format

HTTP header date formats now follow RFC 7231 rather than RFC 1123 (#1918820). If you have code that parses or generates HTTP headers, ensure it's compatible with this standard.

Upgrade Recommendations

This is a maintenance release containing bug fixes, performance improvements, and documentation updates without introducing major new features or API changes. It's recommended that all Drupal 7 sites upgrade to this version to benefit from the performance improvements and bug fixes.

Priority: Medium

The upgrade to Drupal 7.33 is recommended for all Drupal 7 sites, particularly those that:

• Use node access modules (will benefit from performance improvements)
• Handle file uploads (will benefit from improved file extension validation)
• Use EntityFieldQuery with complex conditions (will benefit from query optimization)
• Experience issues with user pictures being deleted unexpectedly
• Have encountered cache_field table deadlocks

Preparation:

1. Back up your database and files before upgrading
2. Test the upgrade on a staging environment first
3. Review the full list of changes to identify any that might affect custom code
4. Update any custom modules that might interact with changed functionality

The upgrade process follows the standard Drupal minor version update procedure and should not require any special steps beyond the normal update process.

Bug Fixes

Core Functionality

• Fixed a bug in drupal_get_bootstrap_phase() that caused bootstrap to abort when called early in page requests (#667098).
• Fixed Unicode requirements check to work properly with PHP 5.6 (#2332295).
• Fixed orderby() to verify that sort direction is always ASC or DESC (#829464).
• Fixed forum_node_view() to avoid unnecessary vocabulary_load() calls (#2291081).
• Fixed drupal_http_request() to handle responses without Reason-Phrase in Status-Line (#205969).
• Fixed drupal_get_filename() to search the filesystem when files aren't yet in the {system} table (#2228825).

User Management

• Fixed user picture deletion after calls to user_save() (#935592).
• Fixed integrity constraint violation when saving user accounts after creation (#1433288).

Field & Entity Handling

• Fixed field_has_data() to look at revisioning data instead of current data to prevent data loss (#2278583).
• Fixed translation_node_insert() to flush entity load cache when updating node table (#1936942).
• Fixed hook_field_formatter_prepare_view to use hook_entity_view_mode_alter (#1968348).
• Fixed string offset cast notice in field_invoke_method_multiple() (#1824820).

Database & Caching

• Fixed deadlocks occurring in cache_field table (#2193149).
• Fixed database schema methods to query the correct target on MySQL (#1891728).
• Fixed HTML encoding of em wrappers for database table names in schema errors (#780304).

UI & Theming

• Fixed lazy-loading CSS failures in IE (#1071818).
• Fixed CSS aggregator prepending data URLs with paths (#2142441).
• Fixed throbber alignment in textfields (#1069152).
• Fixed multiple "Edit/Hide summary" links appearing (#1195358).
• Fixed "Hide summary" functionality in text.js for jQuery 1.9+ compatibility (#2282541).

Image Handling

• Fixed image generation to fail with 404 instead of 500 when source file is missing (#927138).
• Fixed file extension validation for files with non-lowercase names (#2112247).

Other

• Fixed XSS vulnerability via text format names (#779374).
• Fixed incorrect permission for admin/structure/menu/parents (#849624).
• Fixed notice when #attributes is not set with #theme_wrappers 'container' (#2058761).
• Fixed Dashboard discarding <em class="placeholder"> elements (#908822).
• Fixed incorrect error message when poll is submitted with no option selected (#1823906).
• Fixed unnecessary space in session-active class (#2147321).

New Features

• Support for Additional File Formats: Added support for popular e-book formats, Google web formats, MKV and MKA in file_default_mimetype_mapping() (#1443070).
• Theme Debugging: Ported Twig debug output to Drupal 7 for improved theme development (#2307505).
• Module Installation Date: Added functionality to determine when a module was added to improve module listing sort capabilities (#1355526).
• Query Tag for Menu Links: Added a query tag to the query in menu_link_get_preferred() to allow modules to alter the query (#1854134).

Security Updates

• XSS Protection: Fixed XSS vulnerability via text format names (#779374).

• Input Validation: Fixed validation of file extensions in file names to properly enforce restrictions when uploading files with non-lowercase names (#2112247).

• UTF-8 Validation: Added documentation that check_plain() can issue PHP messages on invalid UTF-8 input (#393538).

• Sanitization: Improved sanitization of the trim_length variable before printing it (#1790612).

• Theme Debug Output: Ensured all theme debug output is properly sanitized (#2307505).

• HTTP Headers: Updated HTTP header date formats to follow RFC 7231 rather than RFC 1123 for better compliance with current standards (#1918820).

Performance Improvements

• Optimized Database Queries: Improved database queries generated by EntityFieldQuery when delta or language condition groups are used, reducing the number of INNER JOINs (#1859084).

• Block Caching Enhancement: Fixed block caching issues on sites with hook_node_grant() that were causing serious performance problems when not necessary (#1930960).

• RDF Mapping Optimization: Introduced _rdf_mapping_load_multiple() to reduce the number of database queries for RDF functionality (#1338966).

• Node Access Rebuilds: Improved node access rebuilds to process from newest to oldest for direct node access rebuilds (not for batch rebuilds) (#993186).

• JavaScript Settings Handling: Made the Ajax system use drupal_array_merge_deep_array() to prevent JavaScript settings from being added twice, improving front-end performance (#208611).

Impact Summary

Drupal 7.33 is primarily a maintenance release that focuses on bug fixes, performance improvements, and documentation enhancements. While it doesn't introduce major new features, it addresses several important issues that improve the stability, security, and performance of Drupal 7 sites.

The most significant impacts include:

1. Performance Improvements: Sites using node access modules will see better performance due to optimized block caching. Sites using EntityFieldQuery with complex conditions will benefit from reduced database query complexity.

2. File Handling Enhancements: The character limit for file field extensions has been increased from 128 to 256, and support for additional file formats (e-books, Google web formats, MKV, MKA) has been added. File extension validation has been improved for files with non-lowercase names.

3. User Management Fixes: Issues with user pictures being deleted after calls to user_save() have been resolved, along with integrity constraint violations when saving user accounts after creation.

4. Database and Caching Stability: Deadlocks in the cache_field table have been fixed, and database schema methods now query the correct target on MySQL.

5. UI and Theming Improvements: Several issues with CSS, throbbers, and text summaries have been fixed, improving the user interface experience.

6. Security Enhancements: XSS vulnerabilities via text format names have been addressed, and input validation for file extensions has been strengthened.

Overall, this release enhances the stability and performance of Drupal 7 without introducing breaking changes, making it a recommended upgrade for all Drupal 7 sites.