[drupal-devel] install text upgrading section in the wrong order?
This is a copy of the install text that is directly linked from here: http://drupal.org/drupal-4.6.0-rc UPGRADING --------- 1. Backup your database and Drupal directory - especially your configuration file (www.example.com.conf or includes/conf.php). 2. Log on as the user with user ID 1. 3. Remove all the old Drupal files then unpack the new Drupal files into the directory that you run Drupal from. 4. Modify the new configuration file to make sure it has the correct information. 5. Run update.php by visiting http://www.example.com/update.php. ---------- See something funny? :) Anisa.
Actually, I am sorry, I should not post these things here either. Shall I post them here: http://drupal.org/project/issues/18753 ? Anisa.
2. Log on as the user with user ID 1.
3. Remove all the old Drupal files then unpack the new Drupal files into the directory that you run Drupal from.
If you're talking about those two, no. The intent of #2 is to make sure you have a cookie/session of an admin user, which is required to run the final step, update.php. -- Morbus Iff ( you are nothing without your robot car, NOTHING! ) Culture: http://www.disobey.com/ and http://www.gamegrene.com/ Spidering Hacks: http://amazon.com/exec/obidos/ASIN/0596005776/disobeycom icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
Oops. Thank you for letting me know. I will try to keep these things on the doc list, promise. :) Can you put the reason in? Or maybe, big letters, *essential*, because it sounds fairly so. All of the steps are essential of course, but that one is a little counter intuitive, I don't know why I'm doing it. Does this not work if you have cookies disabled? Anisa. Morbus Iff wrote:
2. Log on as the user with user ID 1.
3. Remove all the old Drupal files then unpack the new Drupal files into the directory that you run Drupal from.
If you're talking about those two, no. The intent of #2 is to make sure you have a cookie/session of an admin user, which is required to run the final step, update.php.
Can you put the reason in? Or maybe, big letters, *essential*, because it sounds fairly so. All of the steps are essential of course, but that one is a little counter intuitive, I don't know why I'm doing it. Does this not work if you have cookies disabled?
I'm not sure I like the idea of including the "cookies" or "session" terminology in the INSTALL.txt. Do we really think people need to know this? My expectation is that people want to /upgrade as fast as possible/ (as usually, an upgrade is "downtime"), and thus, are less than curious about why a particular step as needed. On the other hand, if there was a feature *inside* Drupal that required them to rationalize about cookies / session, then yeah, I could see a mention being required. I'm willing for the following revision: 2. Log on as the user with user ID 1. You'll need to be this user to complete the final step of the upgrading process. which rationalizes its importance, without any scary terms. Regarding "cookies disabled" - that I don't know. -- Morbus Iff ( you are nothing without your robot car, NOTHING! ) Culture: http://www.disobey.com/ and http://www.gamegrene.com/ Spidering Hacks: http://amazon.com/exec/obidos/ASIN/0596005776/disobeycom icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
Can you put the reason in? Or maybe, big letters, *essential*, because it sounds fairly so. All of the steps are essential of course, but that one is a little counter intuitive, I don't know why I'm doing it. Does this not work if you have cookies disabled?
The reason we do this is to prevent just anyone from running a site's update.php. If you don't have a valid cookie, you will have to edit update.php at the top, and change a variable there to disable the access check temporarily ($access_check = false, it's explained at the top of the file). Users should be reminded to set this back afterwards to maintain security. Steven Wittens
^.^ I dunno if I feel better for knowing that, but thank you for the explanation. That may be worth a line in there in case people forget to log in, but what you just said is a lot 'scarier' than cookies. ^.^;; Actually, isn't this file old? I was only looking at upgrade for myself, but I notice this on the top: Drupal requires a web server, PHP4 (http://www.php.net/) and either MySQL or PostgreSQL. Drupal requires PHP 4.1.0 or greater on Linux and PHP 4.2.3 or greater on Windows. PHP5 is not yet supported. I can't find it at the moment, but I'd swear that the PHP required thing was changed, and PHP 5 is supported text was added... ...and you can file this with stupid questions if you like, but how is PHP 4 different from the PHP 4.1.0/PHP 4.2.3? Anisa. Steven Wittens wrote:
Can you put the reason in? Or maybe, big letters, *essential*, because it sounds fairly so. All of the steps are essential of course, but that one is a little counter intuitive, I don't know why I'm doing it. Does this not work if you have cookies disabled?
The reason we do this is to prevent just anyone from running a site's update.php. If you don't have a valid cookie, you will have to edit update.php at the top, and change a variable there to disable the access check temporarily ($access_check = false, it's explained at the top of the file). Users should be reminded to set this back afterwards to maintain security.
Steven Wittens
Actually, isn't this file old? I was only looking at upgrade for
Be sure to look at the CVS version, not the rc version. I've patched the INSTALL text a few times since the RC came out. This is the latest: http://cvs.drupal.org/viewcvs/drupal/drupal/INSTALL.txt?rev=1.16 -- Morbus Iff ( you are nothing without your robot car, NOTHING! ) Culture: http://www.disobey.com/ and http://www.gamegrene.com/ Spidering Hacks: http://amazon.com/exec/obidos/ASIN/0596005776/disobeycom icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
participants (3)
-
Anisa -
Morbus Iff -
Steven Wittens