[development] Early Drupal 6 review from Chris Messina

Larry Garfield larry at garfieldtech.com
Mon Nov 12 20:12:51 UTC 2007


On Mon, 12 Nov 2007 16:06:23 -0300, "Greg Knaddison" <greg at pingvox.com> wrote:
> On Nov 12, 2007 1:02 PM, Larry Garfield <larry at garfieldtech.com> wrote:
>>
>> An undocumented feature (which anything done manually in settings.php
> is) is not a feature.  Even if we had an about: page somewhere that let
> people directly edit the variables table (which would depend on the
> variable-defaults hook that some were working on for D6 but weren't able
> to finish), we would be remiss if we didn't document all of the settings
> there.  Then we're right back where we started, just on a different,
> larger page.
> 
> This seems like a weakness in the plan, not a fatal flaw.  Our ability
> to get query data via the dev_query variable is an existing instance
> of this idea and of the problem that you cite.  

dev_query is controllable via the UI, just in the devel module.  The only reason it's in core is because it's not possible to inject using devel.  It's also developer-only.  Normal site users should never have that running during production.

> Same story with
> allow_insecure_uploads in upload.module.  These are features without
> UI or documentation.

See, I never even knew that existed.  Now I wonder if it would have solved a problem I had 8 months ago had I known about it, but since it was hidden I probably wasted a lot of time because of it.  

That's an example against an about:Drupal page. :-)

--Larry Garfield



More information about the development mailing list