Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.The files in core/misc/ui/themes/base/images/ all have file permissions of 755. They should, of course, be changed to 644. Patch to follow.
There was overlap with #1948148: Update file permissions
Follow-up:
#1891270: [discussion] How can we prevent "invisible" regressions?
| Comment | File | Size | Author |
|---|---|---|---|
| #8 | drupal-file-perms-all-1841896-8.patch | 637 bytes | TravisCarden |
| #8 | drupal-file-perms-no-scripts-1841896-8.patch | 338 bytes | TravisCarden |
| #1 | drupal-ui-images-perms-1841896-1.patch | 1.86 KB | TravisCarden |
Comments
Comment #1
TravisCarden CreditAttribution: TravisCarden commentedI wonder: should there be an automated test for file permissions?
Comment #2
swentel CreditAttribution: swentel commentedGood to go
Comment #3
webchickCommitted and pushed to 8.x. Thanks!
A follow-up to discuss how we could try and prevent these types of "invisible" regressions in the future sounds great.
Comment #4
TravisCarden CreditAttribution: TravisCarden commentedThanks, @webchick. I created #1891270: [discussion] How can we prevent "invisible" regressions? for the follow-up.
Comment #5
David_Rothstein CreditAttribution: David_Rothstein commentedI think this should be rolled back - see previous discussion of these files in #1830330: Make default.settings.php not executable.
If you think they shouldn't be executable, talk to the people at https://github.com/jquery/jquery-ui/tree/master/themes/base/images and convince them there :) But for whatever reason, the files are executable upstream, and for a minor thing like this we shouldn't make changes to an external library. (Especially because, if we only fix it in Drupal, the "invisible regression" will almost certainly come back the next time we update the version of jQuery UI in core.)
Comment #6
webchickOops. Fair enough. Good catch!
Reverted 6baf46137.
Marking... postponed? I guess? On the upstream issue.
Comment #7
TravisCarden CreditAttribution: TravisCarden commentedThanks, @David_Rothstein. Here's an upstream pull request: https://github.com/jquery/jquery-ui/pull/887.
Comment #8
TravisCarden CreditAttribution: TravisCarden commentedWe've got the same issue on some files from Symfony. Here's an upstream pull request for them: https://github.com/symfony/symfony/pull/6933.
In the meantime, we do have a few of our own files with the executable bit on:
I figured the shell scripts were supposed to be executable (?), but not all of them in core/scripts are, so I wasn't sure. Are they not supposed to be since they're meant to be invoked by the PHP interpreter as opposed to a shell? For expedience's sake, here are patches both ways.
Comment #9
TravisCarden CreditAttribution: TravisCarden commentedOops.
Comment #10
TravisCarden CreditAttribution: TravisCarden commentedUpdate: The upstream issues in jQuery UI and Symfony have both been fixed.
Comment #11
Anonymous (not verified) CreditAttribution: Anonymous commentedI have reviewed and applied drupal-file-perms-no-scripts-1841896-8.patch, it's working fine for me.
I skipped drupal-file-perms-all-1841896-8.patch, as I assume the shell scripts are executable by intention.
Comment #12
tstoecklerYup, the second patch in #8 is RTBC.
Comment #13
xjm#8: drupal-file-perms-no-scripts-1841896-8.patch queued for re-testing.
Comment #14
xjmComment #15
webchickRessin fressin! Thanks.
Committed and pushed to 8.x.
Comment #16
YesCT CreditAttribution: YesCT commented... overlap with #1948148: Update file permissions (adding to issue summary)
Comment #17.0
(not verified) CreditAttribution: commentedadded overlap/duplicate and followup discussion issue