- Patch #99011 by merlinofchaos: remove sites/default/settings.php and ship with sites/default/default.settings.php.

CHANGELOG.txt

@@ -25,10 +25,12 @@ Drupal 6.0, xxxx-xx-xx (development version)
     * Improved handling of teasers in posts.
     * Added sticky table headers.
     * Check for clean URL support automatically with JavaScript.
+    * Removed default/settings.php. Instead the installer will create it from default.settings.php.
 - Theme system:
     * Added .info files to themes and made it easier to specify regions and features.
     * Added theme registry: modules can directly provide .tpl.php files for their themes without having to create theme_ functions.
     * Used the Garland theme for the installation and maintenance pages.
+    * Added theme preprocess functions for themes that are templates
 - Refactored update.php to a generic batch API to be able to run time consuming operations in multiple subsequent HTTP requests
 
 Drupal 5.0, 2007-01-15

includes/bootstrap.inc

@@ -266,7 +266,9 @@ function conf_init() {
   global $db_url, $db_prefix, $cookie_domain, $conf, $installed_profile;
   $conf = array();
 
+  if (file_exists('./'. conf_path() .'/settings.php')) {
     include_once './'. conf_path() .'/settings.php';
+  }
 
   if (isset($base_url)) {
     // Parse fixed base URL from settings.php.

includes/database.inc

@@ -102,6 +102,11 @@ function db_set_active($name = 'default') {
   global $db_url, $db_type, $active_db;
   static $db_conns;
 
+  if (empty($db_url)) {
+    include_once 'includes/install.inc';
+    install_goto('install.php');
+  }
+
   if (!isset($db_conns[$name])) {
     // Initiate a new connection, using the named DB URL specified.
     if (is_array($db_url)) {

includes/database.mysql.inc

@@ -57,11 +57,6 @@ function db_connect($url) {
 
   // Check if MySQL support is present in PHP
   if (!function_exists('mysql_connect')) {
-    // Redirect to installer if using default DB credentials
-    if ($url['user'] == 'username' && $url['pass'] == 'password') {
-      include_once 'includes/install.inc';
-      install_goto('install.php');
-    }
     drupal_maintenance_theme();
     drupal_set_title('PHP MySQL support not enabled');
     print theme('maintenance_page', '<p>We were unable to use the MySQL database because the MySQL extension for PHP is not installed. Check your <code>PHP.ini</code> to see how you can enable it.</p>
@@ -94,12 +89,6 @@ function db_connect($url) {
   //   (matched) rows, not the number of affected rows.
   $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2);
   if (!$connection) {
-    // Redirect to installer if using default DB credentials
-    if ($url['user'] == 'username' && $url['pass'] == 'password') {
-      include_once 'includes/install.inc';
-      install_goto('install.php');
-    }
-
     // Show error screen otherwise
     drupal_maintenance_theme();
     drupal_set_header('HTTP/1.1 503 Service Unavailable');

includes/install.inc

@@ -165,6 +165,7 @@ function drupal_detect_database_types() {
  *   An array of settings that need to be updated.
  */
 function drupal_rewrite_settings($settings = array(), $prefix = '') {
+  $default_settings = './sites/default/default.settings.php';
   $settings_file = './'. conf_path() .'/'. $prefix .'settings.php';
 
   // Build list of setting names and insert the values into the global namespace.
@@ -176,7 +177,7 @@ function drupal_rewrite_settings($settings = array(), $prefix = '') {
 
   $buffer = NULL;
   $first = TRUE;
-  if ($fp = @fopen($settings_file, 'r+')) {
+  if ($fp = fopen($default_settings, 'r')) {
     // Step line by line through settings.php.
     while (!feof($fp)) {
       $line = fgets($fp);

install.php

@@ -114,7 +114,7 @@ function install_verify_settings() {
   global $db_prefix, $db_type, $db_url;
 
   // Verify existing settings (if any).
-  if ($_SERVER['REQUEST_METHOD'] == 'GET' && $db_url != 'mysql://username:password@localhost/databasename') {
+  if ($_SERVER['REQUEST_METHOD'] == 'GET' && !empty($db_url)) {
     // We need this because we want to run form_get_errors.
     include_once './includes/form.inc';
 
@@ -146,7 +146,8 @@ function install_change_settings($profile = 'default', $install_locale = '') {
   $db_host = urldecode($url['host']);
   $db_port = isset($url['port']) ? urldecode($url['port']) : '';
   $db_path = ltrim(urldecode($url['path']), '/');
-  $settings_file = './'. conf_path() .'/settings.php';
+  $conf_path = './'. conf_path();
+  $settings_file = $conf_path .'/settings.php';
 
   // We always need this because we want to run form_get_errors.
   include_once './includes/form.inc';
@@ -155,18 +156,30 @@ function install_change_settings($profile = 'default', $install_locale = '') {
 
   // The existing database settings are not working, so we need write access
   // to settings.php to change them.
-  if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_WRITABLE)) {
-    drupal_set_message(st('The @drupal installer requires write permissions to %file during the installation process.', array('@drupal' => drupal_install_profile_name(), '%file' => $settings_file)), 'error');
+  $writeable = FALSE;
+  $file = $conf_path;
+  // Verify the directory exists.
+  if (drupal_verify_install_file($conf_path, FILE_EXIST, 'dir')) {
+    // Check to see if a settings.php already exists
+    if (drupal_verify_install_file($settings_file, FILE_EXIST)) {
+      // If it does, make sure it is writeable
+      $writeable = drupal_verify_install_file($settings_file, FILE_READABLE|FILE_WRITEABLE);
+      $file = $settings_file;
+    }
+    else {
+      // If not, makes sure the directory is.
+      $writeable = drupal_verify_install_file($conf_path, FILE_READABLE|FILE_WRITEABLE, 'dir');
+    }
+  }
+
+  if (!$writeable) {
+    drupal_set_message(st('The @drupal installer requires write permissions to %file during the installation process.', array('@drupal' => drupal_install_profile_name(), '%file' => $file)), 'error');
 
     drupal_set_title(st('Drupal database setup'));
     print theme('install_page', '');
     exit;
   }
 
-  // Don't fill in placeholders
-  if ($db_url == 'mysql://username:password@localhost/databasename') {
-    $db_user = $db_pass = $db_path = '';
-  }
   $output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path);
   drupal_set_title(st('Database configuration'));
   print theme('install_page', $output);
@@ -178,6 +191,9 @@ function install_change_settings($profile = 'default', $install_locale = '') {
  * Form API array definition for install_settings.
  */
 function install_settings_form($profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path) {
+  if (empty($db_host)) {
+    $db_host = 'localhost';
+  }
   $db_types = drupal_detect_database_types();
   if (count($db_types) == 0) {
     $form['no_db_types'] = array(
@@ -311,11 +327,6 @@ function install_settings_form_validate($form_id, $form_values, $form) {
 function _install_settings_form_validate($db_prefix, $db_type, $db_user, $db_pass, $db_host, $db_port, $db_path, $settings_file, $form = NULL) {
   global $db_url;
 
-  // Check for default username/password
-  if ($db_user == 'username' && $db_pass == 'password') {
-    form_set_error('db_user', st('You have configured @drupal to use the default username and password. This is not allowed for security reasons.', array('@drupal' => drupal_install_profile_name())));
-  }
-
   // Verify the table prefix
   if (!empty($db_prefix) && is_string($db_prefix) && !preg_match('/^[A-Za-z0-9_.]+$/', $db_prefix)) {
     form_set_error('db_prefix', st('The database table prefix you have entered, %db_prefix, is invalid. The table prefix can only contain alphanumeric characters, underscores or dots.', array('%db_prefix' => $db_prefix)), 'error');