(This may well apply to Drupal 5.x as well, but I have not tested it so for now this post is only tagged 6.x.)
I discovered a nasty potential issue with the Drupal update system yesterday. Basically, if your MySQL user does not have complete permissions as described on the Drupal requirements page then
update.php can fail. And if it fails, the
schema_version column in the
system table of the Drupal database is updated to the latest version number regardless. In other words, the update fails to apply correctly but the system thinks it did. Bad! =(
(As an aside, you might be asking "but why would you not have the correct permissions?" Fair question. For one, I may just have been silly, but even so, Drupal should fail safe. And besides, on my current project we have an admin user and a standard user in MySQL - the standard user is usually active in
settings.php and cannot alter the db structure, which is fine for day-to-day running of Drupal but will not be able to run
update.php. We have to switch the user in
settings.php to the admin user before we execute updates. These are the conditions imposed upon us by the IT department here for additional security.)
The even nastier potential follow-on issue to this (which I have *not* tested) is if a developer accidentally releases unstable upgrade code in module.install this could potentially mean their update could fail to execute as expected, meaning the module could break, but the system will still record the update as though it were a success.
To my mind this represents a bug in the update system, since I would expect a failure to result in the
schema_version column remaining unchanged. Perhaps an additional
update_failed flag is required here and must be cleared by restoring the previous
system table before
update.php can be run again?
Anyway, the issue is now raised on the Drupal website. At time of writing I am still awaiting a response from the update system team: