? 534556.002.patch
? sites/default/files
? sites/default/settings.php
Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.190
diff -u -p -r1.190 install.php
--- install.php	30 Jul 2009 19:32:19 -0000	1.190
+++ install.php	2 Aug 2009 16:30:23 -0000
@@ -1336,16 +1336,6 @@ function install_configure_form(&$form_s
 
       drupal_set_title(st('Configure site'));
 
-      // Warn about settings.php permissions risk
-      $settings_dir = './' . conf_path();
-      $settings_file = $settings_dir . '/settings.php';
-      if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir')) {
-        drupal_set_message(st('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, please consult the <a href="@handbook_url">online handbook</a>.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'error');
-      }
-      else {
-        drupal_set_message(st('All necessary changes to %dir and %file have been made. They have been set to read-only for security.', array('%dir' => $settings_dir, '%file' => $settings_file)));
-      }
-
       // Add JavaScript validation.
       _user_password_dynamic_validation();
       drupal_add_js(drupal_get_path('module', 'system') . '/system.js');
@@ -1402,6 +1392,17 @@ function install_import_locales_remainin
  */
 function install_finished(&$install_state) {
     drupal_set_title(st('@drupal installation complete', array('@drupal' => drupal_install_profile_name())));
+    
+    // Warn about settings.php permissions risk
+    $settings_dir = './' . conf_path();
+    $settings_file = $settings_dir . '/settings.php';
+    if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir')) {
+      drupal_set_message(st('You should remove write permissions from %dir and %file in order to avoid security risks. If you are unsure how to do so, please consult the <a href="@handbook_url">online handbook</a>.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning');
+    }
+    else {
+      drupal_set_message(st('All necessary changes to %dir and %file have been made. They have been set to read-only for security.', array('%dir' => $settings_dir, '%file' => $settings_file)));
+    }
+
     $messages = drupal_set_message();
     $output = '<p>' . st('Congratulations, @drupal has been successfully installed.', array('@drupal' => drupal_install_profile_name())) . '</p>';
     $output .= '<p>' . (isset($messages['error']) ? st('Please review the messages above before continuing on to <a href="@url">your new site</a>.', array('@url' => url(''))) : st('You may now visit <a href="@url">your new site</a>.', array('@url' => url('')))) . '</p>';