Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By seancharles on
I recently started a Drupal contract where a guy was saying how cool Drupal 7 was because you could install modules from a URL.
This kind of dismayed me because.... http://drupal.org/node/127861
In 2007 I wrote a module that allowed you to remotely install themes and modules just by pasting the URL or dragging it from another Firefox page three years ago and whilst some liked it, it was 'slated' as being a security risk, despite the fact that I myself said it was only for development use. Somebody called 'chx' stuck a bold message saying 'don't use it'. Thanks chx.
Three years on, it is a core feature of Drupal 7 and for some reason not considered a security risk. Sadly in that time I no longer have the code, somebody somewhere might.
I just feel a bit cheated that' all, kind of like the guys who submit tunes to A&R men only to receive a 'thanks but no thanks' letter and then next year Robbie Williams is singing it and making a mint as it hits No.1
Over and out.
Comments
They use different mechanisms
They use different mechanisms to install the files which makes it somewhat more secure the way that it's handled in core.
The plugin_manager was created as a way to do this more securely - http://drupal.org/project/plugin_manager - and the core code is a new version somewhat based on that.
--
Morris Animal Foundation
Very useful and time safer
Very useful and time safer module. Is there a module where we can upload a module or theme zip file from drupal admin interface, extracting files from it and installing them in their appropriate locations? Wordpress has this handy feature and like to see if Drupal can do this as well.
That is *exactly* what it
That is *exactly* what it did!
:(
Pass me the tissues. LOL
Whatever.... time and tide wait for no man.
module name?
What was the module name?
From your profile page I don't see any code. This makes it harder to fully understand your position.
--
Morris Animal Foundation
I agree with you seancharles.
I agree with you seancharles. You were chastised for allowing webserver to write to modules directory but it seems like that is what D7 does. I suppose there could have been something about your code that made it less secure than the D7 code, but it seems like the thrust of the opposition was just the fact that you were allowing the webserver to write to the filesystem. Reminds me of the Arthur Schopenhauer quote:
“All truth passes through three stages: First, it is ridiculed; Second, it is violently opposed; Third, it is accepted as self-evident."
Hmm i was quite sure i've
Hmm i was quite sure i've seen such a functionality in drupal7 some time ago but for now i can't find a core functionality to install a module from url. Was it deprecated ?
_
nope... the server has to be correctly configured to use it, but it's at admin/modules/install