? error-message-27.patch
? sites/default/files
? sites/default/settings.php
Index: includes/install.core.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/install.core.inc,v
retrieving revision 1.39
diff -u -p -r1.39 install.core.inc
--- includes/install.core.inc 12 Oct 2010 02:50:03 -0000 1.39
+++ includes/install.core.inc 14 Oct 2010 13:51:06 -0000
@@ -1460,11 +1460,10 @@ function install_configure_form($form, &
// Warn about settings.php permissions risk
$settings_dir = './' . conf_path();
$settings_file = $settings_dir . '/settings.php';
- if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir')) {
- drupal_set_message(st('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the online handbook.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'error');
- }
- else {
- drupal_set_message(st('All necessary changes to %dir and %file have been made. They have been set to read-only for security.', array('%dir' => $settings_dir, '%file' => $settings_file)));
+ // Check that $_POST is empty so we only show this message when the form is
+ // first displayed, not on the next screen after it is submitted.
+ if (empty($_POST) && (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
+ drupal_set_message(st('Remove write permissions from %dir and %file now in order to avoid security risks. If you are unsure how to do so, consult the online handbook.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning');
}
drupal_add_js(drupal_get_path('module', 'system') . '/system.js');