Index: INSTALL.txt
===================================================================
RCS file: /cvs/drupal/drupal/INSTALL.txt,v
retrieving revision 1.84
diff -u -p -r1.84 INSTALL.txt
--- INSTALL.txt 11 Oct 2010 23:49:48 -0000 1.84
+++ INSTALL.txt 28 Oct 2010 04:23:00 -0000
@@ -165,10 +165,10 @@ INSTALLATION
chmod a-w sites/default
If you make manual changes to the file later, be sure to protect it again
- after making your modifications. Failure to remove write permissions to that
- file is a security risk. Although the default location for the settings.php
- file is at sites/default/settings.php, it may be in another location
- if you use the multi-site setup, as explained below.
+ after making your modifications. Failure to remove write permissions from
+ that file is a security risk. Although the default location for the
+ settings.php file is at sites/default/settings.php, it may be in another
+ location if you use the multi-site setup, as explained below.
5. CONFIGURE DRUPAL
Index: includes/install.core.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/install.core.inc,v
retrieving revision 1.40
diff -u -p -r1.40 install.core.inc
--- includes/install.core.inc 15 Oct 2010 03:31:28 -0000 1.40
+++ includes/install.core.inc 28 Oct 2010 04:23:00 -0000
@@ -1460,11 +1460,15 @@ function install_configure_form($form, &
// Warn about settings.php permissions risk
$settings_dir = './' . conf_path();
$settings_file = $settings_dir . '/settings.php';
- if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir')) {
- drupal_set_message(st('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the online handbook.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning');
- }
- else {
- drupal_set_message(st('All necessary changes to %dir and %file have been made. They have been set to read-only for security.', array('%dir' => $settings_dir, '%file' => $settings_file)));
+ // Check that $_POST is empty so we only show this message when the form is
+ // first displayed, not on the next page after it is submitted. (We do not
+ // want to repeat it multiple times because it is a general warning that is
+ // not related to the rest of the installation process; it would also be
+ // especially out of place on the last page of the installer, where it would
+ // distract from the message that the Drupal installation has completed
+ // successfully.)
+ if (empty($_POST) && (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
+ drupal_set_message(st('Remove write permissions from %dir and %file now in order to avoid security risks. If you are unsure how to do so, consult the online handbook.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning');
}
drupal_add_js(drupal_get_path('module', 'system') . '/system.js');