Problem/Motivation
Currently we have more or less 6 non-standard extensions to represent PHP files with. This is most certainly a Drupal-ism.
This issue proposes that PHP files should always have the extension: .php
Reasons to do this:
Unnecessarily complex for newcomers
Newcomers not only have to learn Drupal, they need to configure their IDE and/or OS to open a file with the correct program and get some syntax highlighting working. This is a DX win that makes drupal more out of the box accessible for development. (see #4, #18) And it helps us get off the island :)
Security
Not all sites run on apache or IIS where we have config files to stop them from serving those files displayable directly to the browser. Many people store sensitive info in PHP files, like API keys, or passwords and we can’t add configuration files for every web server that currently exists (or ever will exist). (see #17)
Consistency
As Crell points out (#20) PSR-0 mandates that classes end must end in .php for autoloader interoperability. Drupal is becoming more OO so most of the code will be in .php files. Why not all of the code?
Reasons to not do this:
It’s the Drupal Way
We have thousands of modules, themes, and profiles on drupal.org and countless more bespoke modules on sites... every current Drupal developer will have to do things differently, and all the contrib projects with D8 branches will need to rename files.
Non-standard extensions are not executable
Files with non-standard extensions are not executable and some people might rely on this behavior. (see #12, #67 and below)
Proposed resolution
We have two options...
Old | → | Option 1 | |
---|---|---|---|
foo.module | → | foo.module.php | |
foo.install | → | foo.install.php | |
foo.inc | → | foo.inc.php | |
bar.theme | → | bar.theme.php | |
baz.profile | → | baz.profile.php | |
quux.engine | → | quux.engine.php |
In order to proceed with option 2 we have to complete #1292284: Require 'type' key in .info.yml files
See #28
Update: There seems to be a clear consensus for Option 1.
Bulk renaming files in a directory using bash:
for f in $(find . -name "*.module" -o -name "*.profile" -o -name "*.theme" -o -name "*.install" -o -name "*.inc" -o -name "*.engine"); do mv $f ${f}.php; done
Remaining Tasks
- Commit
- Publish the change record
- Follow-up: Update documentation on drupal.org in module, theme, and profile developer guides
Related tasks
- #1292284: Require 'type' key in .info.yml files
- #1927464: Remove .module and other drupalisms from extensions
- And maybe #1308152: Add stream wrappers to access extension files
- #1936886: Rename $module.info.yml into extension.yml
Original report
There shouldn't be .inc files.
.inc.php is better since webservers won't allow users to view their content.
Just in case someone modifies one with confidential information.
Beta phase evaluation
Issue category | Task because: this needs to happen at some point in the life of the project for the various reasons stated in this entire issue. |
---|---|
Issue priority | Normal because: core isn't currently "broken" without it. |
Prioritized changes |
|
Disruption | Disruptive for core/contributed/custom projects because: they will have to initially re-roll any existing patches or rename the files in the codebase. There is, however, no code (in core or contrib) that will actually need any real logistical refactoring to get it "working" again. Most changes will be simple renaming of files. Other changes may include doing a very quick search and replace of manually included to add the necessary .php extension. While this may be deemed "disruptive", it is in reality more work simply talking about this issue that doing the changes and moving forward. |
Comment | File | Size | Author |
---|---|---|---|
#241 | php-ext-7269-241.patch | 167.62 KB | ParisLiakos |
Comments
Comment #1
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedThat's why we lock the directory in .htaccess. Any reason why this not sufficient?
Comment #2
moshe weitzman CreditAttribution: moshe weitzman commentedyes - that solution is specific to apache web server.
Comment #3
Chris Johnson CreditAttribution: Chris Johnson commented.inc.php file "protection" is also server configurable.
If the web server adminstrator screws up his configuration, some files which should be hidden will not be.
If the web server administrator knows what they are doing, it doesn't matter what the files are called. They will be safe.
Defaulting towards Apache is not a bad idea. Apache runs more web servers than all the other programs combined, currently at about 67% of all servers.
Comment #4
ax CreditAttribution: ax commented+1 for renaming all *.inc to *.inc.php. and all *.(module|theme) to *.(module|theme).php. beside being more secure and shrinking the .htaccess, this makes drupal more "standard" and "out-of-the-box" accessible for development (code editor file associations, debuggers, etc.) and other purposes. doxygen, for example, doesn't work with the current naming scheme out-of-the box but has to be patched to recognize *.(module|theme). quite hard under windows ...
Comment #5
TheLibrarian CreditAttribution: TheLibrarian commented+1 to ax's suggestion
Comment #6
JonBob CreditAttribution: JonBob commentedIt's a reasonable suggestion, but it would take major re-architecting, and need not affect users with proper server configurations, so I'm reclassifying this as a feature request for HEAD (making setup easier in hosted environments) rather than a bug report for 4.4.
Comment #7
m3avrck CreditAttribution: m3avrck commentedThis is a very interesting idea, but I don't see this as a threat.
All of the main settings and usernames/passwords are stored in settings.php ... no way that is going to get through. Also, phpTemplate is the default now and those files end *.php as well. Only files that don't are modules and inc files but there is nothing sensitive in those pages.
Marking those closed as it really isn't needed anymore.
Comment #8
catchRe-opening this. Having consistent naming of .php files would:
1. Make it easier to see what's php and what isn't when visually scanning a folder.
2. Save having to configure text editors to recognise those files as PHP
3. Help people on crappy hosting lock those files down a bit more.
Even if people think 3 is unreasonable, 1 and 2 are pretty good reasons IMO.
Comment #9
nevets CreditAttribution: nevets commentedActually I think it easier to scan a directory when all the files don't end in .php, .module, .info, .theme, even .inc tell me a lot about the file with out looking at it.
Comment #10
Gábor HojtsyI am advocating this for quite some time now :) (I know I know moving stuff out of webroot is best, but many hosts won't allow for it).
Comment #11
pwolanin CreditAttribution: pwolanin commented@nevets - we could append .php (I think that's catch's suggestion) - so, for example, node.module.php, node.pages.inc.php
Comment #12
nevets CreditAttribution: nevets commentedDecreases readability for me and there is an advantage to not using .php since by default those files are not executable by the PHP interpreter
Comment #13
mdupontComment #14
michaelfavia CreditAttribution: michaelfavia commentedsubscribing. I'll patch this if it would be accepted. what are the issues with this breaking all the patches in the system though? is there a best time to do it?
Comment #15
kattekrab CreditAttribution: kattekrab commentedMajor changes to do with moving files around are happening at the moment (eg #22336: Move all core Drupal files under a /core folder to improve usability and upgrades ) so maybe it makes sense to do this now-ish?
Comment #16
michaelfavia CreditAttribution: michaelfavia commentedThe CMI initiative will see all settings migrated to an xml flat file storage system with an obfuscated namespace so some of the security implications of this are less important but i still see value in simplifying things like htaccess, general security and ide configuration, etc. If theres a little more support ill spend the time to try it out in the next couple days.
Comment #17
cweagansSo, reading through this issue, I understand what the problem is with having php files end in .module, .theme, etc., but the problem may not be as clear to other people.
Say I write a module that does something really cool that's key to my business...I dunno...maybe it makes all Microsoft products magically start working as intended or something.
Anyways, I hire some noob to put my site online for me. He uses lighty because it's faster and less bloated or something. Since core only has configuration files for Apache and IIS, the security precautions mentioned in #1 don't apply. So now, anybody on the internet could browse to http://myawesomesite.com/sites/all/modules/microsoft_magic/microsoft_mag... and see the code that powers my site.
This is bad.
So, I can see two possible fixes here:
Comment #18
michaelfavia CreditAttribution: michaelfavia commentedSince i wasnt particularly clear above , the other issues include the dx papercut level issues of configuring IDE's (im looking at you eclipse!) to parse .module/.install etc files as php so you get source formatting, error checking and code completion. And issues greping by file type:
Comment #19
danillonunes CreditAttribution: danillonunes commented+1 for this because of IDE configurations and because of "Stick .php on the end of any file that has PHP code in it (which makes sense in my mind)" from #17. Sometimes just making sense explains enough why this is the way to do a thing.
Comment #20
Crell CreditAttribution: Crell commentedNote that since we've now adopted PSR-0 for OO code in core (and modules once we figure out how to make that work), it mandates a ClassName.php format anyway for OO stuff.
Comment #21
marvil07 CreditAttribution: marvil07 commentedInitial moving for inc, module and theme extensions:
I did not find any file with a theme extension on core, I guess this should be related with the age of the issue :-)
Other files/extensions on core with php but not a php extension on the filename:
I mainly used changes on #22336: Move all core Drupal files under a /core folder to improve usability and upgrades as reference for this, and then start to solve some of the problems so submitting a format-patch output to see what test bot says.
Far for being completed, but it's an start.
Comment #23
Crell CreditAttribution: Crell commentedExpanding on my meaning in #20... Since this will de-facto happen anyway as we convert stuff over to PSR-0, should we bother doing it for /includes at all at this point? Seems like that would break more patches than it needs to right now.
I'm not against this change in the general sense; I'm just asking if we shouldn't wait until it's a smaller problem space anyway.
Comment #24
c4rl CreditAttribution: c4rl commentedWow, this issue is close to celebrating its 9th birthday :)
This seems like a task to me rather than a feature request.
It's potential to break lots of patches is definitely relevant at any given time, but now that CVS is a thing of the past, I'm guessing that git rebase (potentially) makes that problem trivial?
Refactoring the theme system and #1033116: Rename template.php to THEMENAME.theme to eliminate ambiguity around "the template file" vs. "template files" brought me here.
Comment #25
cweagansBased on 21:
find . \( -name '*.inc' -o -name '*.module' -name '*.engine' -o -name '*.test' -o -name '*.profile' -o -name '*.install' -o -name '*.theme' \) | while read FILE; do git mv "$FILE" "$FILE.php"; done;
New patch. It will probably fail install. Note: when rolling patches for this, please include
-C -M
in yourgit diff
arguments to keep the patch size down.Comment #27
ParisLiakos CreditAttribution: ParisLiakos commentedupdated issue summary..lets make title a bit smaller:)
Comment #27.0
ParisLiakos CreditAttribution: ParisLiakos commentedA proper issue summary
Comment #28
sunHrm. If we change this, then let's change it for real.
In other words:
bar.theme
Why?
Because anything else is duct-taping. Next to what @Crell stated about PSR-0 code in #20 already — the road we're actually running on is this:
Can you see the light?
Comment #29
danillonunes CreditAttribution: danillonunes commentedI think we should exclude core/vendor files from renaming process, right?
Comment #30
cweagansSo I started working on fixing all the supporting code for a mass rename last night, and it's going to be a nightmare. There are over 1000 places in core that need to be changed to make the change work (basically, anywhere there is a module_load_include, form_load_include, require(_once), or include(_once)). I'm fine with sun's plan in #28, but this isn't really looking like a one-person job. Somebody want to work on this with me next weekend?
Comment #31
ParisLiakos CreditAttribution: ParisLiakos commented@cweagans count me in, i definitely want to see this in d8
Comment #32
sunI can see that.
What if we'd rename all files and change
ModuleHandler::loadInclude()
to always append a .php file extension though? Apparently that would also match my DX expectations — why should I have to manually specify .php of PHP include files? :)(Likewise for
module_load_install()
.)Comment #33
Crell CreditAttribution: Crell commentedRelated: #1308152: Add stream wrappers to access extension files
(Abstracting away from the file name.)
Comment #34
cweagansOhhhh, that issue that Crell linked looks pretty awesome. Should we try to get that one in first (before feature freeze) then revisit this?
Comment #35
cweagansGiven http://drupal.org/node/1308152#comment-6284820, I actually don't think that issue helps this one much in this cycle.
Comment #36
ParisLiakos CreditAttribution: ParisLiakos commentedSounds a nice solution, but i fear this would break the entire contrib :DEdit: Actually nvm we already doing so..geez i need to sleep
Comment #37
ParisLiakos CreditAttribution: ParisLiakos commentedcurious to see what testbot says..in my local installation fails cause somehow module sorts are screwed in
ModuleHandler::buildModuleDependencies
..About the patch..started doing the rename, and then i remember something i have seen in kohana..having .php defined as constant...so i thought why not..i am pretty sure EXT is not ideal..could be
- EXT(ENSION)
- PHP_EXT(ENSION)
- DRUPAL_PHP_EXT(ENSION)
or just hardcode it and not use it at all..i am fine with anything.
About #28 there are some problems:/ which might need a lot more changes..also statistics already has a statistics.php file somehow:/ i say we leave this for a followup and postponed to issues listed above
Comment #39
ParisLiakos CreditAttribution: ParisLiakos commentedlets see this one..also removed the constant, i think it does not go inline with "do not hack core" since it makes you think you can actually rename files..this should go past the installer
Comment #41
ParisLiakos CreditAttribution: ParisLiakos commentedyeap..scripts folder
Comment #43
ParisLiakos CreditAttribution: ParisLiakos commentedComment #44
ParisLiakos CreditAttribution: ParisLiakos commenteduh, patch does not include GetFilenameUnitTest fixes..sorry testbot, cant cancel you
Comment #46
ParisLiakos CreditAttribution: ParisLiakos commentedthis should fix update.php, color module and batch exceptions
Comment #48
ParisLiakos CreditAttribution: ParisLiakos commentedthis should go green
Comment #49
jibranPatch is green so I think it is good for RTBC. As long as we agree on foo.module → foo.module.php
Comment #50
ParisLiakos CreditAttribution: ParisLiakos commentedCreated #1927464: Remove .module and other drupalisms from extensions for #28
This patch introduce no API changes, it just renames files
Only change from a DX perspective is that you need to include
.php
when using(include|require)_once
functionsComment #50.0
ParisLiakos CreditAttribution: ParisLiakos commentedAdded .test and .engine files
Comment #51
sunComment #52
sunThanks for working on this! This looks great to me.
I'm really looking forward to kill all of the extra config for discovering Drupal-PHP files in my text editor.
In all regular expressions, we need to escape the dot . through \. — otherwise, the dot would stand for any character.
I also think we want to adjust /.htaccess and /web.config accordingly, but it might be better to leave that to a follow-up issue, as it will likely need further discussion.
Likewise, we'll have to review all help texts and also .txt documentation files throughout core. That's going to be a daunting task, so we better defer that to a follow-up issue, too.
Comment #53
sunAlso, #1033116: Rename template.php to THEMENAME.theme to eliminate ambiguity around "the template file" vs. "template files" happens to be RTBC, so you might want to wait for that to land, before re-rolling this.
Comment #54
ParisLiakos CreditAttribution: ParisLiakos commentedAh, yeah, this patch needs a reroll quite sometime now, but i wait for the issue above to land..
and thanks for the dot, totally missed it:)
Comment #55
alexpottNeeds a reroll now that #1033116: Rename template.php to THEMENAME.theme to eliminate ambiguity around "the template file" vs. "template files" has landed...
Also...
Can be a lot simpler :)
Comment #56
pounardWhy keeping the .inc extension (e.g. bootstrap.inc.php), it seems redundant.
Comment #57
alexpott@pounard... Actually considering how much fun rolling this going to be I think we should merge with #1927464: Remove .module and other drupalisms from extensions and just do it all at once.
Comment #58
pounardFun++
Comment #59
ParisLiakos CreditAttribution: ParisLiakos commentedmerged 8.x
fixed the dot according to sun's comment
fixed htaccess and web.config (while i was there i noticed that yml module files are downloadable from your browser)
fixed .theme
Comment #60
ParisLiakos CreditAttribution: ParisLiakos commentednote for next reroll..we should take
theme
out of htaccess and web.configComment #62
ParisLiakos CreditAttribution: ParisLiakos commented-removed theme from htaccess web.config
-renamed newly added test modules
-fixed update-iso-3166.sh
200kb
Comment #63
ParisLiakos CreditAttribution: ParisLiakos commentedsome new test modules sneaked in:)
yeah merging #1927464: Remove .module and other drupalisms from extensions in might be a good idea, but then should be postponed by #1292284: Require 'type' key in .info.yml files which touches all .info.yml files...so all of those 3 issues would be hard to roll..so merge all 3? we would have a giant patch, but would break other people patches by two less commits
not sure what to do
Comment #64
ParisLiakos CreditAttribution: ParisLiakos commentedmoved the new forum test module for views integration
Comment #65
webchickJust before everyone dumps a HUGE amount of time into this, assigning to Dries to say yay/nay (this should probably be able to happen Tuesday).
If someone wants to touch up the issue summary a bit before then, to lay out the pros of doing this HUMUNGOUS patch :) that might be good.
Comment #66
webchickComment #67
effulgentsia CreditAttribution: effulgentsia commentedFrom #12:
Would be great for the issue summary to address this. Are we more ok with poorly configured lighttpd, etc. executing .inc and .module files than we are with it displaying them, and if so, why? Executing PSR-0 class files is less risky, since those are required to be just class definitions, but I know there's contrib and custom modules out there with actual executable code (not just function definitions) in their .module and .inc files.
Comment #68
ParisLiakos CreditAttribution: ParisLiakos commentedimo, having browser display API keys/password or any sensitive info when webserver is not executing .inc files, just displaying them, is far more worse than executing them and result to a fatal error, since most inc files are being dependent on module files and drupal core itself, which are not loaded, since those scripts where never meant to run alone...
Comment #68.0
ParisLiakos CreditAttribution: ParisLiakos commentedAdded followup link
Comment #69
webchickJoomla used to (not sure if they still do) have some hack at the top of each .inc file saying basically:
"If the user's trying to load this directly, print 'you suck'"
We could do something similar I guess, but meh.
Comment #70
ParisLiakos CreditAttribution: ParisLiakos commentednot only joomla..several frameworks too..like kohana:
on top of each class...i would be ok with that but i agree with webchick, meh
Comment #70.0
ParisLiakos CreditAttribution: ParisLiakos commentedUpdated issue summary
Comment #70.1
ParisLiakos CreditAttribution: ParisLiakos commentedremove .test files..this drupalism is gone now yay
Comment #71
ParisLiakos CreditAttribution: ParisLiakos commentedsummary updated:)
Comment #71.0
ParisLiakos CreditAttribution: ParisLiakos commentedIssue summary V2
Comment #71.1
ParisLiakos CreditAttribution: ParisLiakos commentedMinor fix
Comment #71.2
alexpottHeadings
Comment #72
webchickOk, so here's the word of Dries (via e-mail, since he's currently at an event):
I actually tend to agree. As much as I'd love to close a 4-digit issue, and as much as some good arguments have been laid out for why this makes sense to do, we do have many more pressing thing atm.. 21, 146, 38, and 138 of them, to be exact. :\
So it's not a "no" but it's definitely a "later" and if you want "later" to be "sooner," then please help us close majors/criticals. :)
Comment #73
webchickAnd I guess...
Comment #74
cweagansAs with other similar issues, I don't understand why renaming files is considered a feature request. It's not adding any new capabilities to Drupal. The fact that using the correct extension makes Drupal work better with text editors is, IMO, a bug fix and not a new feature, but even that is a shaky argument, so I'm very much in favor of this continuing to be a task. I won't change the category or status back, but I thought I'd voice my dissension in case anyone else agrees.
Comment #75
webchickMainly because it's a huge effing distraction that'll break everyone else's patches, and way less important than getting D8 ready to ship. So if we get D8 ready to ship, then we can look at "nice to haves" like this again.
Comment #76
Dave ReidAgreed. This would literally cause the high majority of applicable patches to fail. Later in the release cycle would be better, but I would still love to see this land. Do we have a tag for things that we need to have happen late in the cycle but before we need to start supporting HEAD to HEAD updates?
Comment #77
ParisLiakos CreditAttribution: ParisLiakos commentedthis is another good example why our patch-based system fails. there would be no issue if we were using PR's..but hey thats a totally different topic.
Created a sandbox here and now pushing all of my work, to make life easier to any future taker who remembers this issue when thresholds are down
http://drupal.org/sandbox/rootatwc/1969260
Comment #78
ParisLiakos CreditAttribution: ParisLiakos commentedComment #79
jibranRelated #1936886: Rename $module.info.yml into extension.yml
Comment #79.0
jibranUpdated issue summary.
Comment #80
tim.plunkett#64: drupal-php_ext-7269-64.patch queued for re-testing.
Comment #82
cdnsteve CreditAttribution: cdnsteve commented+1 for the suggestion
Having to configure your IDE to figure out all these "non extension" items for Drupal is also a pain.
Comment #83
ParisLiakos CreditAttribution: ParisLiakos commentedadding this tag
Comment #83.0
ParisLiakos CreditAttribution: ParisLiakos commentedUpdated issue summary.
Comment #84
xjmComment #85
cweagansThere's been some interest inside Propeople around doing this. WIP patch attached. Feedback welcome.
To move files, run this:
`for f in $(find . -name "*.module" -o -name "*.profile" -o -name "*.theme" -o -name "*.install" -o -name "*.engine"); do git mv $f ${f}.php; done`
This just basically appends .php to all .module, .profile, .theme, .install, and .engine files. .inc files are not considered right now at all.
Comment #86
sunI intensively worked on the overall extension system recently. In particular in light of #340723: Make modules and installation profiles only require .info.yml files:
We would resolve some very hard problems if the .module/.profile/.engine suffixes would be removed from the main extension files.
Here is why:
Profiles are also registered as modules. All installed modules are registered on the Container as the %container.modules% parameter:
In order to make #340723 happen, those paths will essentially be replaced with the .info.yml pathname of each extension. — But with the current .module vs. .profile mismatch, we'd have to implement some very weird/ugly code in various spots, in order to make "user" resolve into "user.module.php" and "minimal" resolve into "minimal.profile.php".
However, if those unnecessary extension type suffixes were dropped, then the main extension file resolution would be as simple as this:
Comment #87
cweagansAs long as we have .php on the end of PHP files, I don't particularly care how this issue is resolved, so how would you like to move forward?
Comment #88
klonos;)
Comment #89
ParisLiakos CreditAttribution: ParisLiakos commentedhow about syncing this issue with #2247991: [May 27] Move all module code from …/lib/Drupal/… to …/src/… for PSR-4 and move it to a postponed task?
i would be happy to work on it and make sure it is ready immediately after the issue above is committed
Comment #90
jibranHuge +1 to #89 And I would be happy to review it.
Comment #91
xjmRe #89, @ParisLiakos, if we were to do that, this would need much wider consensus first. I'd suggest promoting this issue on
g.d.o/core
for feedback.Myself, while I see that this looks good on paper, I cannot imagine justifying a change of this scope and disruption at this point in the cycle. (But then, I also still think that about the PSR-4 issue, so...)
Comment #92
ParisLiakos CreditAttribution: ParisLiakos commentedPSR-4 will be a lot bigger distraction, now that most of our code lives in classes.
Patch in #64 was 200kb 1 year ago, and since then, a LOT .inc and .module files have died:)
I would be glad though to post on g.d.o/core for feedback, but i am afraid i do not have the permissions to do so
Comment #93
sunre: #67 / #12:
That problem space never really applied to Drupal, because PHP files of Drupal extensions are not supposed to actively execute PHP code on their own.
Historically, that is caused by the module hook architecture, in which directly executed PHP never existed, because extensions are able to cleanly participate even in early bootstrap via hooks like
hook_boot()
andhook_init()
.Other application frameworks need to add that protection, because their PHP files are essentially used as front-controllers; i.e., a HTTP request does request the .php file of an extension itself, and only that extension-specific front-controller actively "loads" the application framework, which in turn requires to execute PHP code in the global scope.
In Drupal 8, most PHP code lives in PSR-0/4 class files, which do not need such a protection, because there is no executable code. Requesting the .php file of a class yields a blank page.
In addition, procedural PHP files for extensions only continue to exist to carry hook implementations. Because not every extension has a use-case for implementing any hooks, the procedural files have been made optional. There are still active attempts to (A) lazy-load procedural PHP files only when a hook gets invoked, (B) move all hook implementations into static callables in a
Hook
class, and (C) get rid of the hook system altogether by introducing an event dispatcher that natively resolves some long-standing architectural flaws of the hook system.Long story short: Unless aforementioned options B or C will supersede this issue for D8, it is long overdue to fix the false-exposure of PHP files and requiring every frickin' editor and IDE to be manually configured to understand this Drupalism. There is no need for a direct code execution prevention à la WordPress, Joomla & Co, because PHP files of Drupal extensions do not execute any code in the global scope — any existence of such code is a preexisting bug/problem of a poorly/wrongly authored extension and should not hold up this change proposal.
Comment #94
Anonymous (not verified) CreditAttribution: Anonymous commentedHm, I get the idea behind this issue but frankly I'll miss the .module, .profile and .theme extensions :)
Comment #95
xjm@ParisLiakos: You are supposed to have access to the group anyway as a core component maintainer, so I've now granted it and you should be able to post there now. :) (Just keep in mind the group is intended for announcements, not discussions, so I'll disable comments on the post after you post it.) Thanks!
Comment #96
ParisLiakos CreditAttribution: ParisLiakos commentedCreated https://groups.drupal.org/node/420168 and also del'ing the Option 1 in issue summary, since we are now going with option 2
Comment #97
neclimdulI think the disruption this causes this close to beta out weights and minor benefit we might have. -1
Comment #98
markhalliwellPlease let's just fix this already. RE: it being close to beta, this is why stuff like this doesn't get fixed... like it should have years ago. It was pushed until later for a reason (#73), whether that reason is still applicable or not... unsure.
Comment #99
Crell CreditAttribution: Crell commentedI'm +1 here, mostly on "don't waste my time with IDE configuration" grounds. My one concern with leaving out the .module. part of the file name is possible confusion with class files, as it then looks like it. Also "the module file" no longer has a visual indicator. There's no indication of why not to go with option 1.
Either way, I'm in favor of .php all the things.
Comment #100
neclimdulThat's rough but the group post asked for our opinion and that is mine. I'd prefer this to be marked priority for 8.1/9.x and stick with it rather then squeezing it in disrupting a bunch of other issues that, again in my opinion, are more important. We'll see how that shakes down with other opinions.
Comment #101
moshe weitzman CreditAttribution: moshe weitzman commentedThe renames here should be recognized by Git. Git can then work with older patches and apply them to the new filenames. If git fails there,I assume the cause is that folks keep uploading "dumb" patch files. Our patch guidelines should recommend `git format-patch` instead of `git diff` in order to overcome this very issue. We shoot ourselves in the foot avoiding "disruptive" issues when git has already solved this problem.
Comment #102
ParisLiakos CreditAttribution: ParisLiakos commentedwhat crell mentioned about option 1 makes sense, i heard from others as well.
i went for option 2 mostly because of sun's comment and because option 1 seemed to verbose for me..but i am happy to bring back Option 1 for discussion..i am +1 for both options, dont care much, as long as there is .php everywhere in the end
Comment #103
tim.plunkettWhen I want to look for the hook implementations, I am looking for .module.
If I need to look for the preprocess functions, I am looking for .theme.
Right now we have \Drupal\views\Views which is Views.php
If we rename views.module to views.php, that will confuse me and my IDE.
All of the points in support of adding .php are still valid if we leave .module/.theme etc.
So, +1 for either status quo or for Option 1.
Strong -1 for Option 2.
Comment #104
andypost+1 option 1, removal of module|install is d9 material
Comment #105
jhodgdonI agree with tim.plunkett. I would like to see it still be obvious, when I am browsing through file directories, what is a "File containing exactly one class", which are named TheClassName.php, and what is a "main module file", and what is a "main theme file", and what is a "include file containing some constants and functions that should be grouped together". So I hate option 2, which jsut renames all of them *.php, and vastly prefer option 1, which names them *.module.php, *.theme.php, etc.
So by the way... We need to think about hook_hook_info(), which allows you to say which include file a hook goes into:
https://api.drupal.org/api/drupal/core!modules!system!system.api.php/fun...
We still have 3 real and 1 test implementation in D8 core.
And also the functions module_load_include() and module_load_install().
None of this is addressed in the latest patch, as far as I can see. I am going to add them to the issue summary in the "Proposed resolution" section, so that they don't get forgotten.
Comment #106
mparker17For what it's worth, I'd prefer option 1 at the same time as the PSR-0/PSR-4 transition (i.e.: before 8.x-beta1): if we've got to break all the patches, we might as well break them all at one time, instead of breaking them all twice.
Comment #107
Crell CreditAttribution: Crell commentedI don't know that anyone really used hook_hook_info(), to be honest. And with so much code moved to classes and an opcode cache assumed in nearly all cases its original goal (reducing load time by loading less code) is not as compelling anymore. If it makes life easier to remove it I'd be fine with that. (I added it originally; I won't mind now if it goes away.)
Comment #108
jhodgdonThere are 4 implementations of hook_hook_info() in Core. Notable is system_hook_info(), which (among other things) lets you put token hooks into a modulename.tokens.inc file. Several core modules make use of this.
I haven't looked through the other parts of system or the other implementations, but it *is* being used.
Comment #109
jhodgdonThat said, I also think it's not a huge deal if the hook_token_info() and other things using hook_hook_info() move back to the module.php files.
Still, one way or another, we need to deal with it (either remove hook_hook_info() and move the contents of tokens.inc files and any other hook_hook_info() auto-includes back to the .module.php files, or make the auto-includes work) in this issue's patch.
Comment #110
ParisLiakos CreditAttribution: ParisLiakos commentedhook_hook_info is not affected by this patch? everything works as should, just stick a .php in the end of the file and you are done.
also module_load_include() and friends, work as they used :) It is just the filename that changes. no other API changes
see also #50
Comment #111
hansfn CreditAttribution: hansfn commentedAnother +1 for Option 1.
I really hope that we get this into D8 and not postpone it so much that we have to wait for D9.
Comment #112
jhodgdonRE #110 - hook_hook_info(), and the code in ModuleHandler that deals with it, automatically (currently) loads a file called (module_short_name).(hook_group_name).inc. The code that does this, and the docs for hook_hook_info() that explain this, will need to be changed (small change) to instead load *.inc.php files. I'm not claiming this is a huge or difficult change, just that it will need to be done.
Same with module_load_include(), whose default should change to load a .inc.php file, or else all the calls to it will need to change so that they request the right file name.
Comment #113
tetranz CreditAttribution: tetranz commentedI think it's probably a good idea although it sounds like a huge thing to do at this stage.
The real answer to the unintended direct execution or exposure problem is for the vast majority of the application to be outside of the web root. A typical Symfony application has a web folder containing just the front controller with static assets (usually symlinked) below it. That's where the web server points. It's absolutely impossible for anything outside of that folder to be requested by the web server. No protection with .htaccess or magic variable that must exist is required.
Comment #114
dsnopek+1 on either option! :-)
Comment #115
joelpittetHuge fan of Option 1 :) +1
A code review note:
A few of these little regex gotcha's in both patches in #78 & #85 @cweagans and @ParisLiakos.
Though this will work/pass the dot needs an escape.
+ $files = drupal_system_listing('/\.module\.php$/', 'modules');
Cheers, thanks for championing this and I hope this gets though!
Comment #116
ParisLiakos CreditAttribution: ParisLiakos commented@jhodgdon: Thanks you are right, i completely forgot to change the docs :) i did it though in this patch
@joelpittet: thanks, good catch, but i believe we got rid of the need to change those in this new patch
seems Option 1 is a clear winner here, so i just merged 8.x and rerolled the last patch from one year back.. it is 70Kb smaller:) we did pretty good job all those months, getting rid of .inc files. it is going to fail, but i just want to see how bad.
I also noticed and opened #2253109: Followup: Bring .htaccess and web.config up to date while i was removing entries from .htaccess
Comment #118
joelpittetDrush doesn't seem to like something that changed. Does there need to be a corresponding change to Drush too?
Also I notice two extra files:
And looks like
core/modules/update/tests/aaa_update_test.tar.gz
changed but not sure if was meant to.All the rest looks good. Reviewed patch modifications with:
git diff origin/8.x --diff-filter=M --color-words
Comment #119
ParisLiakos CreditAttribution: ParisLiakos commentedah thanks good catch! fixed them
about
aaa_update_test.tar.gz
i had to extract it and either rename its module file to module.php or delete it (since it is empty)I picked the second:)
i ll shift my focus now to fix the issues required for the drush dependency to be removed
Comment #120
chx CreditAttribution: chx commentedThis is an absolute no go from a security standpoint as long as the PHP deny lines in .htaccess are commented out. If you want every piece in Drupal to carry .php then make those lines live and remove the comment signs.
Comment #121
MixologicI dont know if this is in scope for this issue or not, but all the scripts in the scripts folder, with the exception of cron-curl.sh and cron-lynx.sh are *also* php files. I dont know the history as to why they have a bash script extention, or whether they should also end in .php, but it definitely confuses my editor to open a .sh file and have php inside. Perhaps this is related to chx's point above?
Comment #122
chx CreditAttribution: chx commentedYes. Absolutely. We can rename those when the ban covers those. They are the best example of why the ban is necessary: something now happens in a global scope that previously did not happen. You don't know what. You either be very very sure every possible file is secure (glhf) or just ban them all from Apache.
Edit:
These two will keep you safe and secure once the # signs are gone.
Comment #123
neclimdulI don't know that this is that big a deal. If we do 1) we'd probably just do
(\.php)?
after the relevant files in the FilesMatch.Comment #124
chx CreditAttribution: chx commentedThe rules are already in .htaccess ; they are merely commented out. Changing them is perhaps another issue.
Comment #125
Crell CreditAttribution: Crell commentedWell we'd need to allow rebuild.php to pass through that htaccess check, otherwise it wouldn't work anymore. :-) I've no major objection to uncommenting those lines though other than that caveat.
Comment #126
pwolanin CreditAttribution: pwolanin commentedignore meComment #127
chx CreditAttribution: chx commentedRe #125 rebuild.php is core/rebuld.php which is covered. Again: the rule is solid it just need to be made live. (edit: #126 is not a ragequit because i got involved merely it was a post to the wrong issue.)
Comment #128
vijaycs85+1 and minor review comment:
IMHO, if the file names are from settings, then should get the full name (including .php).
Comment #129
drupalshrek CreditAttribution: drupalshrek commented+1 to the whole idea. I definitely favour Option 1, as the cost of a few extra characters makes a huge improvement in documentation/usability.
It is a right pain to configure Eclipse to tell it to treat .module and .inc as .php. The first time I used Eclipse with Drupal I was stuck with dull grey text for weeks (months?) because I didn't know how to set Eclipse up to understand. There are no doubt beginners out there who still have no PHP colours in Eclipse because they haven't figured it out. Over the years I must have had to do this dozens of times (installing different versions of Eclipse on different PCs etc.), so this is a big +1 with the whole idea.
Comment #130
kevinchampion CreditAttribution: kevinchampion commentedI generally approve of the idea, and strongly prefer option #1.
Comment #131
Freso CreditAttribution: Freso commented+1, with a preference for option #1.
Comment #132
johannez CreditAttribution: johannez commented+1 for option 2. The shorter the better as you should be able to understand the use of that file through the folder context (PSR-4).
I'm also cool with option 1 as long as we get rid of ".confuseme" file extensions. It has PHP code inside, so it should have the .php extension.
Comment #133
Crell CreditAttribution: Crell commentedjohannez: This is for files with procedural code; PSR-4 is entirely irrelevant here.
Comment #134
Crell CreditAttribution: Crell commentedIt looks like we have a clear consensus here for moving forward with option 1 (switch to .php for everything but keep .module.php etc. for clarity). The next step would appear to be someone rerolling #116, taking chx's points from #120/#122 into account.
Comment #135
ParisLiakos CreditAttribution: ParisLiakos commentedyes, i updated the issue summary, option 1 is the clear winner here.
i merged HEAD, but still..Drush needs to be updated for this change https://github.com/drush-ops/drush/issues/631, or #2206501: Remove dependency on Drush from test reviews to happen..so i am postponing this issue, till one of those happens
Comment #136
YesCT CreditAttribution: YesCT commentedComment #137
chx CreditAttribution: chx commented> taking chx's points from #120/#122 into account.
Comment #138
ParisLiakos CreditAttribution: ParisLiakos commentedjust found out that chx's points have a separate issue
Comment #139
cweagansDiscussed with xjm and alexpott. If this happens in D8, it needs to happen before RC. Otherwise, it's a D9 task.
Comment #140
cdnsteve CreditAttribution: cdnsteve commented@cweagans - does this mean with beta 1 out, this change is off the table until D9?
Comment #141
star-szrI think it means it can still happen during beta but can't happen once the first RC comes out. Beta target, RC deadline.
Comment #142
giorgio79 CreditAttribution: giorgio79 commentedNow that #2206501: Remove dependency on Drush from test reviews is complete this issue can be unpostponed as per #135 ParisLaikos' comment.
Comment #143
ParisLiakos CreditAttribution: ParisLiakos commentedits not complete, its still rtbc
Comment #144
JeroenT#2206501: Remove dependency on Drush from test reviews is now fixed.
Comment #145
ParisLiakos CreditAttribution: ParisLiakos commentedi am curious
Comment #147
ParisLiakos CreditAttribution: ParisLiakos commentedComment #149
ParisLiakos CreditAttribution: ParisLiakos commentedWe have some fails, nice! lets fix some exceptions/fails
Comment #151
ParisLiakos CreditAttribution: ParisLiakos commentedreroll
Comment #153
ParisLiakos CreditAttribution: ParisLiakos commentedComment #155
ParisLiakos CreditAttribution: ParisLiakos commentedmeh
Comment #157
joelpittetOMG so close @ParisLiakos++ woo! meh++
Comment #158
jhodgdonThis patch is in desperate need of a Beta evaluation, since it is a Normal Task and I think it's likely to be classified as Disruptive. Also at this point it is not a beta target -- that has come and gone.
https://www.drupal.org/contribute/core/beta-changes
Comment #159
cweagansPer https://www.drupal.org/node/7269#comment-8833387, it's still a possibility for D8. Just has to land before RC. It's clearly disruptive, but as long as we schedule it, it should be fine, right?
Comment #160
webchickEither way, it needs a beta evaluation section of the issue summary. It's definitely disruptive. We need to understand what we gain from doing it.
Comment #161
moshe weitzman CreditAttribution: moshe weitzman commentedI'd like to point out that the patch is only disruptive because we choose to use a patch workflow. Imagine the reduction in rerolls if we use merge instead. See http://www.mosheweitzman.me/post/96720635168/improve-drupal-org-code-wor...
Comment #162
Gábor Hojtsy@moshe: that would only be true if we'd ignore disruption for Drupal 8 contrib / custom code.
Comment #163
andypostMaybe it's possible to script this, so contrib can easily migrate, or preserve BC for old files and clean-up at RC
Comment #164
ParisLiakos CreditAttribution: ParisLiakos commentedI cant see a way to preserve BC without adding a bunch of file_exists calls.
I agree it is disruptive in terms that it ll break most contrib modules, but its pretty easy to unbreak them, just by renaming a few files (most modules is gonna be 1-3 max), even non-coders can do that. My point is, that no code will need to be changed, with this change :)
Comment #165
jhodgdonOK. For any patch that you actually want committed at this time, you need a beta evaluation added to the issue summary. And because it's an API change, you need to make a draft change notice. Neither of these has been done, and they do need to be done before the issue can be marked RTBC.
Regarding disruption, this patch will disrupt every contrib project that exists with an 8.x branch, because you will force all of them to rename one or more files, and their modules will not work at all until they do so. Yes, it's easy, but that does not mean it's not also disruptive.
I'm not saying it's too disruptive to be committed right now; that is not my decision to make. I'm just saying that this disruption needs to be described in the change notice and the beta evaluation block.
I have one other gripe: the issue summary. Several of the "Reasons to do" arguments do not really apply:
- "Drupal is part of the PHP world" says to look at core/vendor and notice all the files there end in .php. I would just like to point out that all the PHP files in there are class files, and all of our class files already end in .php -- in both cases, they have to because of PSR-0/4. So this argument is not really valid as it stands.
- "It's going to happen sooner or later" -- Uh. The argument in there doesn't equate to "it's going to happen". The header is misleading. It's not necessarily going to happen. All of our class files already end in .php, but that does not mean that the non-class files will end in .php for sure.
So I've taken the liberty of editing the issue summary slightly. I combined the "Drupal is part of the PHP world" with the first point, and renamed the other one.
Comment #166
jhodgdontag weirdness, I think there is a bug in the auto-complete field
Comment #167
jibranThis is RTBC for me. Added change notice https://www.drupal.org/node/2425065
As per https://groups.drupal.org/node/456108 "Drupal 8 beta 7 on Wednesday, February 25, 2015". Let's commit it just before beta for minimum disruption.
Comment #168
ParisLiakos CreditAttribution: ParisLiakos commentedthanks Jibran! i also added the beta evaluation. Now its up to commiters to decide
Comment #170
ParisLiakos CreditAttribution: ParisLiakos commented#2414255: Subtheme template inheritance working in reverse order added a new .theme file, so just moving that one too
Comment #171
joelpittetCan remain RTBC. Testbot will inform otherwise.
Comment #172
jhodgdonOK... So, take a look at the flowchart on:
https://www.drupal.org/core/beta-changes
Given the current Beta Evaluation block, and the current issue priority/category, this change will most likely be postponed to at least Drupal 8.0.x, and I think if it gets that far, it will be put off until later yet (9.x) due to it breaking contrib modules.
It is currently a Normal Task, and there is nothing in the Beta Evaluation block saying that it is either Unfrozen, Prioritized, or Reduces Fragility. The flowchart says that if it is not Critical or Major or Unfrozen or Prioritized or Reduces Fragility, it has to be postponed.
Therefore, if you want it to actually get into 8.0, you'll need to come up with a reason that it falls into one of these areas. So setting back to NR until that is added to the Beta Evaluation.
Comment #173
cweagansReduces fragility: When installing Drupal on a server that's not Apache or IIS (since that's what we ship config for), having a .php extension more or less guarantees that code won't be exposed to the end user. It'll be handled like a normal PHP file, and that's the *right* behavior because that's what it is. If we want to go really crazy, we can call it a bug report ("PHP file contents displayed to users") and have the proposed solution be "Rename all this crap to the proper extension so we're not in our own little world anymore".
This is clearly a disruptive patch. Pushing it off again isn't going to change that. There's good arguments for doing this, and the only argument against it is that it's going to break a bunch of patches. There's never going to be a time when it's not disruptive. Ever. We should just commit it and finally be done with it.
Comment #174
cweagansAnd for that matter, you could even call it a security issue (possible information disclosure if you have API keys hardcoded somewhere for some strange reason).
Comment #175
jhodgdonYou need to put whatever arguments you want to be considered into the Beta Eval block. ;)
Comment #176
markhalliwellOh for the love of all things... enough about the beta evaluation....
I really fail to see why it needs one in the first place when an "RC deadline" tag was already added in #139.
Regardless, I updated it to appease.
----
This issue is clearly no longer about what or how we do it, but when?
@catch clearly outlined 3 huge wins all the way back in #8 from 7 years ago which is also when the issue's version bumped to 7.x from nothing...
Considering that this actually never made it into 7.x are we really going to keep pushing this until..... when exactly??
There's never going to be a "good time" to do this, but it makes a lot of sense considering all that has been done in 8.x and many using IDEs like PhpStorm.
From the comments #72 and onward, I think the general idea was to revisit this right before an RC release (which clearly means right around now).
The reasons, from my perspective, that it didn't happen back then was because there was still way too much going on.
Files were changing left and right and it would have severely threw a wrench into things.
Now that things have more or less "settled down" so to speak, this seems like now is a good time as any.
Am I the only one that experiences the notion that core has basically been rewritten in 8.x, but changing PHP files with extensions from a Druplism to a .php standard is way too much (when it really isn't)? Hilarious lol
Can we at least not let that be one of the things we're laughed about???
Lets just rip the band-aid off already and do it...
Comment #177
cweagansComment #178
joelpittet#176 Exactly, well put, thanks for the beta eval @cweagans and @markcarver.
Rip off the band-aid!
Comment #180
catchThis needs to happen before any kind of beta-to-beta upgrade path is supported.
Comment #181
yukare CreditAttribution: yukare commentedAbout the disruption: i am upgrading 3 small modules from drupal 7 to drupal 8, and i do not remember any beta that my modules do not need some change at last small to work with next beta, just as example, there was some disruption when config objects was made imutable from beta 5 to beta 6.
This will require less than 5 minutes to rename some files for almost all contrib modules, so +1 to make it happen now.
Comment #182
Albert Volkman CreditAttribution: Albert Volkman commented+1
Comment #183
mikeryan#ripoffthebandaid
Comment #184
ParisLiakos CreditAttribution: ParisLiakos commentedthanks everyone for your comments! i think this time we are close making this happen.
#2338559: Never serialize password fields by default introduced one more .module file, just renaming it
Comment #186
jhodgdonWe will also need a follow-up to update the module/theme/profile developer guides with this new convention for the .module, .theme, .profile files for D8.
Comment #187
joelpittet@jhodgdon Stubbed out that follow-up and postponed. #2426145: Update the module/theme/profile developer guides with this new uniform .php extension convention.
Comment #188
geerlingguy CreditAttribution: geerlingguy commented#ripoffthebandaid ++
I've hit a breaking change with every alpha and beta release with Honeypot, so let's keep that record going with the next beta ;-)
This is one of the few breaking changes that I'm 100% in support of, though. Hearty +1, and will gladly spend a few minutes tagging another new release pre-RC.
Comment #190
star-szrEasy rebase.
Comment #191
star-szrAdding .engine to the table in the issue summary.
Something like:
can be used to check for any stragglers.
Comment #193
star-szrFix after #2417733: Drupal 8 breaks Twig's round filter. was committed.
Comment #194
star-szrI don't want to be the person to hold this up, and I think it's totally fine that \Drupal::moduleHandler()->loadInclude()/module_load_include() doesn't need the .php extension, but…
I think this means that the 'file' key in batch arrays now needs to be documented as "without the .php extension". Personally I'd rather volunteer to update all batch arrays than have this, I can imagine this being a nightmare to debug if you make the fair assumption that the 'file' array key contains the full filename.
I feel more strongly about this one as a theme system maintainer: If I'm not mistaken this means that the 'file' key in hook_theme() would need to be documented as "the file name without the .php extension". Again, I'd rather volunteer to update all
hook_theme()
definitions than havehook_theme()
be more confusing than it already is.Wouldn't changing these array definitions (and possibly others) so that .php is automatically appended make this a bigger API change than it needs to be? I realize more work will be needed to convert code to use the new filenames, but as much as I support this issue I can't get behind the way these particular changes are sitting now. I may start a patch testing issue to test this out.
Comment #195
ParisLiakos CreditAttribution: ParisLiakos commentedi agree, but i always thought to leave those for a followup, because i feared for the patch size. We can try this here, or just move around all the PHP files here and then fix 'file' key in batch/theme array declarations on another issue....i have no problem.
I gave you access to https://www.drupal.org/sandbox/rootatwc/1969260
We can try and see how much bigger the patch ends up
Comment #196
star-szr#2426563-6: Ignore: Patch testing issue is green, roughly 22KB bigger which is not too terrible IMO.
Comment #197
star-szrHere's that patch and an interdiff from #193 for consideration/discussion.
Comment #198
tim.plunkettI have no strong feelings about doing this now or later, but if we do it I'm +1 to @Cottser's last changes in #197.
Comment #199
joelpittetI'd expect this too would not be adding an extension though nothing in core seems to be using it, I'll chuck it up on the Patch testing issue Cottser was using in #196
Along with some minor doc fixes.
Comment #200
joelpittetIt passed over there. I hope the changes are OK with everybody?
It seems we go all out with things named $file/filename that they are all the actual filename and not prepending extensions as was done for the other similar hunks.
The only exceptions/exclusions in this patch is $type from ModuleHandlerInterface::loadInclude() and module_load_include().
Comment #201
star-szrI came across these but they are migrate related, notice there is no 'core' in the path. So these should be reverted I'm pretty sure.
Comment #202
joelpittetComment #203
joelpittetAh good call, reverted my two docblock changes(to be done in #2426689: Fix Docblocks and Comments refering to PHP files without a .php extension.) as well as those migrate files. Thanks @Cottser.
Comment #204
joelpittetComment #205
joelpittetWell curious if #203 passes, dropped one too many changes.
Comment #207
ParisLiakos CreditAttribution: ParisLiakos commentedwent through the last changes, and everything looks great! thanks both. back to RTBC
Comment #208
ParisLiakos CreditAttribution: ParisLiakos commentedReroll for #2427291: Remove node.pages.inc
Comment #210
ParisLiakos CreditAttribution: ParisLiakos commentedreroll for #1763964: Use #type => link for theme_aggregator_block_item()
Comment #211
cweagansD8 maintainers: What's the next step here? I guess we need a decision as to whether or not it will go in and if it is, then a date where it can be scheduled for commit (since it breaks all the other patches)?
Comment #212
catchI personally think we should just go ahead and do this if we're ever going to do it at any point in the future, there's never a good time for renames. If it didn't happen for some reason I wouldn't be upset either though. Would've been nice to do shortly after the first beta, but it does meet the beta criteria in terms of being slight security hardening and while it impacts lots of files it's a trivial change. I would like to hear from people like Berdir with actual 8.x sites in the wild though since it's going to have the worst impact on those.
On commit scheduling I'd probably put it in the day after the next beta release - that gives people porting modules around a full month to update before the next beta blows things up.
Comment #213
vijaycs85Just to note, if we plan to use auto-fixer like https://github.com/FriendsOfPHP/PHP-CS-Fixer, it would be nice to get this in ASAP.
Comment #214
BerdirHm. I've been trying to ignore this issue :)
Personally, I think this is not worth doing at this time. I'm involved in/using *many* D8 contrib modules, and changing them all is going to be annoying.
That said, a lot of people seem to want this, so I'm not going to fight it. What's really important for me is that this doesn't kill existing installations. Which, based on a quick test, seems not to be the case, but I had to manually delete the container and truncat some cache tables, because drush is broken with this at the moment, it can't bootstrap Drupal anymore.
Specific feedback:
I think it is kinda funny that the only extension that IMHO is a problem is not changed in this issue: the php scripts in the scripts folder, naming them .sh is weird, because unlike the other drupal specific extensions that might be a drupalism, this is just plain wrong, as it is not a shell script. This was also mentioned in #121 but nobody responded to it. It should IMHO at least be mentioned in the issue summary somehow, possibly with a reason why we are not doing it here and a link to an issue.
Next, I'm not sure what the feedback from @chx in #122 and later has been addressed, I did not read all the comments here. Didn't see anything related to that in the patch or issue summary. We need to be *really* sure that a "possible security fix" (whatever that means ;)) doesn't introduce actual security issues. So again, at least an issue summary update that explains that part, and why we don't have to make changes if we really don't...
Edit: Looks like this was done by #1587270: Forbid execution of PHP files in subfolders by default (except those needed by core)
Nickpick on the change record, "In Drupal we have more or less 6 different extensions to represent PHP files", isn't really correct, we actually use .php now for most of our files ;) So maybe something like ".. 6 non-standard extensions.. " or so?
Almost last thing, is there a script somewhere (bash, php, ...) that can be used to do those renames? I guess this patch wasn't done by hand... We should mention and include/link to that in the change record.
Maintaining D8 modules doesn't work like that, at least not if you have your module on drupal.org. Testbot always uses the latest core commit for testing contrib modules, not a beta. So immediately after this is committed, all tests in those modules would explode. Same for anyone on github with the common travis configurations.
Not a huge issue, that happens quite frequently still for many contrib modules. What I'm saying is that it would not help the people porting/maintaining the modules, only "users" who want to try out D8/those modules.. but they have a hard time anyway to figure out which version of core and those modules to use.
Comment #215
ParisLiakos CreditAttribution: ParisLiakos commentedAbout the scripts/ folder..i would like to keep it out of the scope of this issue.
It will bring issues with bot due to run-tests.sh, and you dont have to ever edit/open a file in there unless you are a core contributor. So, its not a problem for most of people..we can open a separate issue for it,
Comment #216
ParisLiakos CreditAttribution: ParisLiakos commentedComment #217
star-szr#655178: Rename run-tests.sh to run-tests.php is one possible issue talking about the scripts. I think I have seen at least one other one but can't find it at the moment.
Comment #218
Eric_A CreditAttribution: Eric_A commentedSeems to me we can prepare for this by having the new files in place now and include them from the old ones?
Comment #219
jrockowitz CreditAttribution: jrockowitz commentedCould module_load_include maintain backwards compatiblity (ie support for files without .php) for one or two beta release cycles to allow contrib modules to catch up and not break every existing contrib patch.
This won't catch every issue but could stop most contrib modules from exploding.
Comment #220
neclimdul@Eric_A that seems less then ideal. It requires contrib to know about this an plan ahead, it requires them to maintain 2 files, and it requires them to commit 2 versions of the files which is most certainly going to mess with git's ability to track changes across renames.
Comment #221
joelpittet@jrockowitz we could do that. Though IMO, the modules will be fixed faster if there is a problem evident and more concentration should be about "getting the word out" and some file moving scripts to aid file renaming.
@Berdir Totally agree we should add those scripts to the Change Record, I've added the script from the IS. And @ParisLiakos fixed the wording around "non-standard extensions" on the CR.
Comment #222
BerdirSee also https://github.com/drush-ops/drush/pull/1153#issuecomment-75135206 on the implications of breaking drush with core changes.
IMHO, if you really want to do this, then it might actually be easier to do it before a new beta release instead of after. Maybe not immediately before a release, but a few days earlier or so.
Comment #223
markhalliwellI would like to state though, the above link is 100% Drush's issue. They should be (IMO) promoting stable alpha releases along side core's beta releases. They've made it clear that composer is the way to install, but having people use dev-master instead of a release is problematic if you're not chasing head. At the very least it's just a release/documentation issue on their part. I just haven't been involved with actual 8.x sites in a while and had to upgrade Drush.... just to downgrade to a few commits prior, just annoying... nothing critical.
Doing this before a release would be far more acceptable IMO, but not doing so doesn't mean anything. People will have just another month or so before it hits them then. So it really doesn't matter when it happens. I would imagine though from 3rd-party tools like Drush though, doing this before and having a solid before/after release would allow them to chase HEAD a little more cleanly so something like the above doesn't happen again.
Comment #224
xjmLooking at the beta evaluation, I think that the disruption of this patch (which is large) does not justify its impact in terms of the suggested hardening for fragility and security. There is no regression from Drupal 7, 6.... etc. and therefore this change should be postponed to Drupal 9 given that we are in beta and have been for many months.
Comment #225
xjmOh, also, I removed the line about it being "unfrozen" from the summary. The following kinds of changes are unfrozen:
This change is not any of those things. :)
Comment #226
cweagansYeah, we're in beta, but this has an RC deadline per a conversation between you, me, and alexpott in Austin. If we weren't planning on doing this during betas, we probably should have said beta deadline instead and saved parisliakos the trouble.
Again, there's never going to be a good time to do this, but it seems that a lot of people think it's something we should do.
If people are upset about patches or contrib modules breaking, I'm happy to volunteer to reroll patches or fix contrib modules as needed. It's not going to be that painful.
Comment #227
xjm@cweagans, the beta evaluation is in the summary, so someone at least who has worked on this issue knows that we rolled out a new policy on issue scope after Amsterdam, and that for normal tasks we need to consider the impact vs. the disruption, for which the final call is at maintainer discretion. I agree that the rc deadline is the hard deadline, but also, the fact that a change is considered does not mean it will be accepted. I'll of course defer to @catch, but this is one of those places we probably need to make a tough decision.
Comment #228
Fabianx CreditAttribution: Fabianx commentedI think the time is quite right to do it.
We are close to finishing upgrade path and we either do it now or as the _very_ first thing after D9 is started, but according to the new plan this could be still a while.
So +1 to doing it now.
Most core patches deal with core/lib/ things anyway, so are not affected.
I would propose to provide:
- a find script doing a normal rename
- a find script doing a git rename
- a grep script to re-roll patches with just one command (fortunately the regexp to detect the relevant diff lines are not that complicated)
Yes, its disruptive, but there is never the 'right' moment and if we provide both:
a) scripts for renaming contrib modules
b) maybe an online JS / PHP re-patcher
disruption could indeed be as minimal as can be.
Comment #230
ParisLiakos CreditAttribution: ParisLiakos commentedmerged 8.0.x, no conflicts.
i added in the change notice a way to do git rename..if i find time in the weekend will work on script to reroll patches
Comment #231
effulgentsia CreditAttribution: effulgentsia commentedTwo things have changed since Drupal 7 however:
/core
directory and not the.htaccess
or other root files (#2372815-9: [meta] Make the <root>/composer.json file a working example lists a way to use Composer to get those files, but people building a website where Drupal is just one of several pieces of software for the site might not think to or want to do it that way (why get your .htaccess from Drupal rather than from one of the other software projects you're using for your site?).It would be a shame for people installing Drupal on Nginx or via a Composer methodology that doesn't bring in the root files to be running an insecure site by default. We can fix the first part by shipping with an Nginx conf file, and maybe we'll want to do so regardless of this issue. And maybe we'll decide we don't care about the advanced Composer users as they're probably savvy enough to figure things out for themselves. But those are some things for us to think about if we choose not to proceed with this issue.
In terms of disruption, I think after next week's beta will be a great time to do this with respect to core. We're down to <60 critical issues, only 13 of which are at needs review or RTBC, and most of those don't touch .inc or .module files, so wouldn't need a reroll. So the impact of rerolls slowing down the critical path of Drupal 8 getting released is minor, IMO. People needing to reroll the many more Major and Normal issues will be annoyed, but that can be mitigated by people like cweagans following through on #226 to help them out.
However, the disruption on every single contrib module that has already begun porting to D8 is definitely a cost to consider. Even though each such module can rename its files quickly (especially with #228a), it's still something that needs to be done, and I dislike the idea of inflicting that on so many contrib maintainers who've been gracious enough to start porting their modules with the expectation that things were at least becoming somewhat stable after beta.
Tough call, but if we can do it right (announce the change and provide the script), I think the benefits of increased security to Nginx and advanced Composer users is worth it.
Comment #232
RainbowArrayThere seems to be a lot of interest in making this change, and while there are legitimate concerns about immediate pain, I think looking long-term is important as well. If this change isn't made now, and it needs to wait until 9.x that means in all likelihood this change won't be usable by a stable version of Drupal until 4-5 years from now: people will likely continue to use Drupal 8 sites for 7-10 years. That's also very disruptive. I don't even know how many times I've had to configure code editors to recognize that Drupal's file extensions are actually PHP files, and that's a minor inconvenience compared to the potential security concerns.
The lack of .php extensions has long been one of the weirder Drupalisms. This seems as good a time as any to remedy that. Yes, there will be short-term pains and annoyances, but comparing that to really long-term pains, I think it's worth it.
Comment #233
catchTo mitigate the effect on contrib module ports, I think we should look at a bc layer which falls back to the old filenames. This can be very ugly, and it would need to be removed about a month after the patch lands. This would mean the test bot not failing every contrib module immediately after commit.
Comment #234
bojanz CreditAttribution: bojanz commentedAs a contrib maintainer (Commerce, Address, Composer Manager, and a Workflow sandbox being my current D8 code), I'm fine with having to rename a few files right after this lands. All of my Travis tests run against -dev everything and break often, so I'm used to that.
On the other hand, I really don't have a strong opinion about adding ".php" to the extensions, just wanted to weigh in on the breakage argument, since we break modules with each beta anyway.
Comment #235
ParisLiakos CreditAttribution: ParisLiakos commentedhere is how a BC layer would look like
http://cgit.drupalcode.org/sandbox-rootatwc-1969260/commit/?id=2a1e394
Personally i also think its not needed. Like bojanz mentioned D8 contrib is used to stuff breaking all the time..I left the monolog module for 2 months between betas and when i got back i spent almost an hour to make it working again.
If thats what it takes to move on here though, no problem..i will test it more later and upload a patch
Comment #236
donquixote CreditAttribution: donquixote commentedRe #228 (Fabianx):
If I understand correctly, this is meant for contrib maintainers to update their modules.
I think it would be useful to also have a variation of the script that fixes all downloaded modules on a site, or in a folder.
This way a site maintainer does not need to wait for all contrib maintainers to catch up.
The PSR-4 migration script also had the option to do this, and I think it was a good idea.
Also, what about adding a check for deprecated (not renamed) module files to the status report?
(Apologies if this is already happening, I am only following this casually.
-------------------
For the rename itself, I have not given it enough thought to have a strong opinion about it. I think it is a good idea if files end with *.php, but I'm not sure if just appending ".php" to everything is the right way. Especially "views.theme.inc.php" seems weird.
It is certainly a lot easier and requires less bikeshed to just do it like this, but it will leave a "legacy feel". People will ask "Why is this modulename.module.php" and not just "module.php" or "modulename.php". And the only legit explanation is "Because it was *.module in the past, and we just appended '.php' in D8, without actually designing a meaningful naming scheme.". Old car with new wheels.
I am not saying this is wrong, just pointing it out.
Comment #237
ParisLiakos CreditAttribution: ParisLiakos commentedSo here it is with BC. I opened #2431347: Remove BC layer for #7269 to remove a month or two later. That gives contrib time to catch up without breaking them.
I think this also allows it to get in before the upcoming beta?
Comment #238
cweagansLGTM.
Comment #240
ParisLiakos CreditAttribution: ParisLiakos commented#2388629: remove drupal_is_front_page().
Comment #241
ParisLiakos CreditAttribution: ParisLiakos commentedReroll for #2144669: Improve/Refactor TestBase Through Expanded Unit Testing
Comment #242
Crell CreditAttribution: Crell commentedRelated note: There was discussion on PHP Internals of defaulting to disallowing non-.php extensions, in which potential breakage for Drupal was discussed. The RFC appears quite unlikely to pass, though: https://wiki.php.net/rfc/script_only_include
Comment #243
alexpott@catch, @effulgentsia, @webchick, @xjm, and I have been deliberating this issue. As the issue summary outlines there are many plus points, including:
However the issue summary underestimates the level of disruption correctly. It states,
In addition to the disruption noted in the issue summary:
Yes we are still committing breaking changes to 8.0.x but this is to fix critical and (rarely) major issues. Given that no one is arguing that this patch is anything other than a normal it fails our beta evaluation policy.
In Drupal 9 we will continue to modernise and it is highly likely that all code will move to the autoloading standards as outlined by PSR-0 & 4. This problem will solve itself. Therefore, marking as won't fix.
Comment #244
vijaycs85IMHO, we should (at least) keep this issue open until the above statement become true in D9.
Comment #245
catch@vijaycs85 I wouldn't want us to get into a situation where we do this early in the 9.x cycle (where it's likely we'll still need to backport things from 8.x, or forward port features from 8.x to 9.x for core inclusion or similar). Then a few months later there's no .module or .inc in core anyway.
Comment #246
Anonymous (not verified) CreditAttribution: Anonymous commentedTo me, this sounds like this will never happen because the same reasoning will be used later.
Comment #247
cweagans^ agree.
Thanks for making a decision, I guess.
Comment #248
Fabianx CreditAttribution: Fabianx commentedI think with D9 this will become obsolete anyway, let see:
- Move all .inc files to classes => .inc gone
- Move all modules to classes itself => .module gone
etc.
So while not being fixed for D8, it will resolve itself over time.
Comment #249
markhalliwellThe reason this didn't make it in this time is because we were told to wait. Now because of some new "beta review policy" we have to completely ignore that we actively decided to wait and allowed that time to pass? How is this "effective community collaboration" when we can't even follow through with what was previously decided?
I'm not going to continue to argue this for D8 as it is clear that ship has sailed, but I wholeheartedly agree with #244. Until there is a clear decision on how these files will be dealt with (i.e. an issue open to address/convert each file extension to a said "class"), this issue is valid since the file extensions still exist. The phrases "highly likely" and "I think with D9 this will become obsolete anyway" isn't proof that this will be addressed, it's speculation. We had "hoped" the same would be true for D8 and yet here we are...
This should be the very first thing that is done in D9. No more putting this off, regardless of what we "think" will happen.
Comment #250
catchA couple of people might have hoped that Drupal 8 wouldn't ship with any procedural code, but I never thought that was realistic at all. We've not had any proposal that adequately replaces the entire hook system yet, and a lot of low-level procedural code hasn't been converted yet either.
It would be reasonable for the first patch when 9.x opens to introduce a replacement for the remaining hooks, which we could then have the usual critical conversion follow-up to apply everywhere, then no more .module. Then there's no chance of getting into a 'too early, too late' situation again with this issue since no more .module would be a release blocker.
I do think it is very unfortunate that this issue got held up on the test bot, then by the time it was ready eventually failed the beta evaluation (and when discussing this we really tried to apply that as generously as possible). However, this isn't a problem with having the beta evaluation, it's a problem with 1. having the beta evaluation 6 weeks after the first beta release instead of six months before 2. Not having clear guidelines for any previous release milestones at all. If we sort ourselves out in terms of milestone criteria (both when the milestones are called, and what it actually means in practice) in the future, then we should not run into this nearly as much.
Comment #251
markhalliwellI wasn't referring to procedural code, I was referring to having all PHP files ending in a .php file extension.
Procedural code vs. classes is just being used as a reason to justify that we "think" it will ultimately make this a "non-issue". Yes, it may very likely happen down the, I agree. These two are really not all that related though.
I'm just tired and rather annoyed that we rationalize away smaller benefits for larger more complex ones that will "eventually" come.
It is all very unfortunate; for the reasons stated above. I'm just upset because this should have happened.
Comment #252
yukare CreditAttribution: yukare commentedThis is how things somethimes works in drupal, almost all want that change, but just need the same very few to all people opnion do not matter. Will never be a good time for this that do not breaks a lot of things, but other changes that breaks things happens any time they want.
Comment #253
webchickBecause all classes, interfaces, etc. end in .php (due to autoloading requirements), if all of Drupal 9's code was OO (or really just hooks, since "in theory" that should be the only thing in a .module/.install anymore even in 8.x, as procedural functions in .inc can always go into a wrapping class), then this problem would go away entirely. That's the basic point. I actually think we could even introduce such a change to "OO-ify" hooks in 8.1.x+ if we can figure out a way to make it backwards-compatible without destroying performance.
That's why the proposal was marked "won't fix," because the real fix should simply be removing the requirement for Drupal to have procedural code in order to function; not to monkey with file extensions. As catch points out in #250, all monkeying with file extensions by itself would do is make it harder to backport bug fixes between D9 and D8.
Comment #254
cweagans@webchick, I don't think anyone is arguing to the contrary. *Right now*, though, we still have procedural PHP code in files whose names don't end in .php. Getting to the point of not having procedural code is clearly the goal, but it seems like there's still a substantial amount of work to be done to make it happen, and until that's complete, we're stuck with the status quo.
Comment #255
webchickYes. The question is whether undoing the status quo early in Drupal 9 is worth the constant drawback from there on of making bug fixes that affect these procedural files harder to backport. We landed on "won't fix" for that reason.
Comment #256
effulgentsia CreditAttribution: effulgentsia commentedI think #253 brings up a great point, which is that we might have OO alternatives to hook implementations and preprocess functions in 8.1 or 8.2, which would be a) before a 9.x branch is even opened, b) enough before then, that we can start seeing how quickly contrib modules and themes switch over to them, and c) perhaps even have core modules switch over to them, if we decide and document somewhere that functions that implement hooks and preprocess functions are not part of the public API (i.e., contrib code should not be calling those functions directly, and if it is, then it's ok for that code to break in a minor core upgrade). At which point, when 9.x opens, we can evaluate how close we are to being able to simply drop support for procedural implementations.
Comment #257
markhalliwellComment #258
michaelfavia CreditAttribution: michaelfavia commentedWhile I understand and respect the rationale, it is disappointing that 11 years later this will remain an issue in a release of drupal where so many other drupalisms have been cast off.
I'm sure I speak for everyone when I say "thank you" to markcarver, ParisLiakos, joelpittet and Cottser for the persistence on an issue that, despite your best efforts, didn't get the attention/commit it deserved.
At least our toolsets are getting smarter over the last decade. PHPStorm now literally asks me in a toast notification, "Looks like this is a Drupal module. Enable Drupal support?". All we're missing is an animated paperclip and we're
microsoftgolden. ;)Comment #259
Albert Volkman CreditAttribution: Albert Volkman commentedYes, I concur, very disappointing.
Comment #260
Fabianx CreditAttribution: Fabianx commentedLets see what we can do to replace the hook system with a performant future proof version that is suited to Drupals needs in 8.1.x :).
And if someone wants to start .engine conversions probably can be a 8.1.x thing, too. (that would be one down and the interface is very suited to be a class instead).
Comment #261
David_Rothstein CreditAttribution: David_Rothstein commentedI think separate issues should be created for those ideas.
This issue already has a clear technical plan and a working patch, so it shouldn't be closed in favor of other things that don't. (There are 250+ hooks in Drupal 8 core, ranging from regular hooks to alter hooks to unusual things like hook_update_N() and hook_module_implements_alter()... replacing them all with some kind of new system would be neither a small nor simple task. On top of that there is tons of procedural code in core/includes and elsewhere which is unrelated to the hook system.)
I see no reason the patch in this issue couldn't be committed early in the Drupal 9 cycle. Since Drupal 9 isn't intended to be opened for development until Drupal 8 has been out for a while, concerns around ease-of-backport from Drupal 9 to Drupal 8 should be lessened. For comparison, see #22336: Move all core Drupal files under a /core folder to improve usability and upgrades which was committed to Drupal 8 around 10 months after Drupal 7.0 was released.
Comment #262
David_Rothstein CreditAttribution: David_Rothstein commentedSince it doesn't look like this will be changed in Drupal for a very long time (if ever) I want to point out one consolation:
If your editor has this problem, it's actually a bug (or at least a limitation) in your editor and you should file an issue with them. PHP itself does not impose restrictions on what kinds of files can have executable PHP code, so text editors shouldn't act like it does.
For example, using
gedit
(which mostly handles this correctly) I've never had to do any special configuration to get PHP syntax highlighting working on .module/.install/etc files. It just works out of the box. I assume it's keying off the<?php
tag at the top of the file. (Sadly, though, it refuses to work for .theme extensions for some reason, which is an extension that Drupal 8 introduced to the codebase.)Not that filing bug reports with a bunch of text editing programs vs. just changing this in Drupal is particularly efficient, but look at it this way, Drupal 9.0 is not exactly on the horizon so you have plenty of time :)
Comment #263
jibranComment #264
cweagansI've been thinking about this issue again lately. I think it would be entirely reasonable to reroll and commit the latest patch here + a BC layer that allowed modules/themes/whatever to work with the <= 8.0.0 file extensions. The preferred file extension would be .php, but not required until D9. D9, then, would just be ripping out the BC layer.
That way, we can start using the right file extension now without breaking all the things, and in D9, we won't have to worry about breaking all the things.
Would that resolve the objections here?
Comment #265
cweagans(and to further clarify, I'm wondering if that approach would be eligible for 8.1.x)
Comment #266
alexpott@cweagans we might decide that the disruption is not worth it for 8.1.x because we expect that release to be quite limited. But the theory of doing this in a bc layer is a good one and would be eligible for a minor release. However, given that this could involve extra disk access and therefore affect performance it will need good performance tests especially on cold caches.
Comment #267
cweagansI'm thinking that there might be a couple parts to this:
1) Changing all of the remaining core files with php code in them to have the php extension. This is fairly self contained, and I *think* most of the files in /includes are only pulled in in the Kernel (->loadLegacyIncludes() or something like that), so this could potentially go into 8.0.x?
2) Changing modules/themes/profiles to have .php extensions, ideally in a way that doesn't break modules that haven't made the switch yet. If BC can be done in a way that doesn't introduce performance regressions, then -> 8.1.x. Otherwise -> 9.0.x.
3) Removing any BC introduced in part 2 -> 9.0.x
Is this an accurate assessment of things?
If so, I'll convert this into a meta and open separate issues for all three parts.
Comment #268
catch#1 would have to be 8.1.x, I just added a comment to https://www.drupal.org/node/2607980#comment-10606186 since that's something I think we should consider @internal, but moving the locations of files or functions within those files potentially breaks code (like drush or custom scripts) that might rely on them, and that's something we should do in minor releases.
#2 I think it's possible in a minor release if the bc layer isn't a big performance burden, so we should at least have an 8.1.x issue to discuss it, whether the change actually makes 8.1.x or a later minor release or 9.x is a different question.
Comment #269
cweagansOkay, I'll open some issues. Thanks for the feedback.
Comment #270
catchOh there's also potentially a part #4, which would be triggering E_USER_DEPRECATED in 8.X.x, but that's covered by #2575081: [policy, no patch] Use E_USER_DEPRECATED in Drupal 8 minor releases at the moment.
Comment #271
cweagansComment #272
joelpittetThanks for keep this one going, feel free to ping me if you want some profiling done.
Moving to plan for [meta]
Comment #273
catchMoving this back to 8.3.x per discussion above.
Comment #274
joelpittetMaybe we could do one follow-up issue per "type" conversion listed in the issue summary and add a BC layer for the loader of that type of file? Leaving any we can't provide a BC layer to for D9?
Since this is 8.3.x I'll un-postpone it as well.
Comment #275
alexpottWhy don't we just copy the files and change the ones that end with .php to include the new files? And fire a E_USER_DEPRECATED message if they are included. That way we break nothing for the core files like bootstrap.inc.
Also for the automatically included files we should prefer the .php versions and minimise
file_exists()
oris_file()
checks.Comment #276
joelpittetThat's a cool idea, may be a bit messy looking with the dupes, but I'm still +1 for #275
Comment #277
andypostSuppose oposit
- append file with .php
- create new file (with old name) with contents
Comment #278
dawehnerComment #279
BerdirSomething like that makes sense, but I'm wondering if it is worth doing that especially for the /includes/ files as many of them mostly consist of deprecated functions or hopefully soon wil. utility.inc has a single function for example that we could also just as well move to a place where it can be autoloaded and completely deprecate the file?
Comment #280
alexpott@Berdir that sounds really sensible to me - so we try and deprecate every function in the .inc's, converting all usages and then deprecated the entire file. So for the utility.inc example we create
Drupal\core\Utility\Rebuild::doIt()
(or something like that) and deprecatedrupal_rebuild()
we then have another issue to remove any includes and add a deprecate notice to the entire file.Comment #281
catchYeah skipping the includes is great. I don't think we can add a deprecation notice to the entire files though, since DrupalKernel includes them every request?
For the duplicates the above plan sounds great to me. Also since we allow modules not to have .module files at all, we should ideally be able to determine whether there's a .php suffix available or not, so the file_exists() and deprecation notice only happens on rebuild.
Comment #282
dawehnerSure, let's figure that out: #2811571: Figure out how to include .module/.module.php files without file_exists on runtime
Comment #283
andypostComment #288
giorgio79 CreditAttribution: giorgio79 commentedWhat happened with this initiative? I just installed VS Code, and extensions like phpmd and phpcs do not run on Drupal module files because their extension is not ".php"...
Comment #289
volegerComment #292
andypostComment #295
volegerDrupal 8 related issue #2999721: [META] Deprecate the legacy include files before Drupal 9 is finished
Drupal 9 related issue is here - #3097045: [META] Provide modern replacements for and deprecate the legacy include files