Update Bug To Watch

Photo of Greg Harvey
Wed, 2009-01-14 10:35By greg

(This may well apply to Drupal 5.x as well, but I have not tested it so for now this post is only tagged 6.x.)

I discovered a nasty potential issue with the Drupal update system yesterday. Basically, if your MySQL user does not have complete permissions as described on the Drupal requirements page then update.php can fail. And if it fails, the schema_version column in the system table of the Drupal database is updated to the latest version number regardless. In other words, the update fails to apply correctly but the system thinks it did. Bad! =(

(As an aside, you might be asking "but why would you not have the correct permissions?" Fair question. For one, I may just have been silly, but even so, Drupal should fail safe. And besides, on my current project we have an admin user and a standard user in MySQL - the standard user is usually active in settings.php and cannot alter the db structure, which is fine for day-to-day running of Drupal but will not be able to run update.php. We have to switch the user in settings.php to the admin user before we execute updates. These are the conditions imposed upon us by the IT department here for additional security.)

The even nastier potential follow-on issue to this (which I have *not* tested) is if a developer accidentally releases unstable upgrade code in module.install this could potentially mean their update could fail to execute as expected, meaning the module could break, but the system will still record the update as though it were a success.

To my mind this represents a bug in the update system, since I would expect a failure to result in the schema_version column remaining unchanged. Perhaps an additional update_failed flag is required here and must be cleared by restoring the previous system table before update.php can be run again?

Anyway, the issue is now raised on the Drupal website. At time of writing I am still awaiting a response from the update system team: