Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Drupal.org infrastructure uses this by default and so do lots of Drupal shops, so why can't we add this snippet to settings.php (and settings.default.php) by default?
/**
* Include a local settings file if it exists.
*/
$local_settings = dirname(__FILE__) . '/settings.local.php';
if (file_exists($local_settings)) {
include $local_settings;
}
This could also be a tiny step forwards for local configuration management.
Comment | File | Size | Author |
---|---|---|---|
#91 | drupal-7.x-1118520-90.patch | 5.01 KB | zipymonkey |
#88 | drupal-7.x-1118520-88.patch | 4.4 KB | hmdnawaz |
#84 | drupal-7.x-1118520-84.patch | 1.67 KB | zipymonkey |
#79 | drupal-7.x-dev-1118520-tests.patch | 2.78 KB | solideogloria |
#72 | drupal-7.64-1118520.patch | 1.65 KB | zipymonkey |
Issue fork drupal-1118520
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #1
Dave ReidComment #2
tstoecklerI like that.
I first thought, whether we should always create an (empty) settings.local.php in the install process to save the file_exists(), but since this is called exactly once per page-load it's probably not worth it. Especially as that would be extra trouble for a lot of users who don't actually use it.
Another question is whether this needs some form of in-code documentation or not. An example usage or something. I'm tending to say no, but not sure. Maybe it's sufficient to mention something like this in the upgrade docs.
Leaving this at needs review for some more opinions.
Comment #3
patcon CreditAttribution: patcon commentedI think in-code documentation would be great. Not sure about everyone else, but for the longest time, the only thing I knew about most anything in settings.php was what was explained inline :)
Glad this got suggested, as I was just coming over to say the same thing!
Comment #4
Damien Tournoud CreditAttribution: Damien Tournoud commentedSounds good to me, but I agree with @patcon that we should flesh out the documentation here.
Comment #5
justintime CreditAttribution: justintime commentedWhether it's a bug or a feature is outside the scope of my post, but...
drupal_rewrite_settings() has an undocumented $prefix variable passed into it. If specified, it concatenates the prefix to the settings.php file path. If we go with settings.local.php, then the $prefix var is a bit misleading -- there's no way we can write to that file without changing the logic of the function.
If we went with local.settings.php, that would be compatible with drupal_rewrite_settings(), but that may not be the intention.
Whichever way we go, it should probably be documented.
Comment #6
tstoecklerWell we have default.settings.php so local.settings.php seems to be consistent.
Comment #7
justintime CreditAttribution: justintime commentedWell, I did some probing of drupal_rewrite_settings(), and I take back what I said earlier.
The $prefix option in drupal_rewrite_settings() does indeed work, but if you call it with the prefix, it will dump all settings to the $prefix.'settings.php file, not just the $settings variable that's passed in.
In short, using $prefix isn't used to add more config to settings.php, it's used to completely replace settings.php.
I'm resetting back to needs review in light of this.
Comment #8
Eric_A CreditAttribution: Eric_A commentedThe Aegir hosting system uses local.settings.php in sites/[site] to inject site specific settings. (The sites/[site]/settings.php file is built based on a global template, which uses $_SERVER vars.)
Comment #9
sunYarrrrrrrrrr!
Comment #11
sun#9: drupal8.settings.local_.9.patch queued for re-testing.
Comment #13
mr.baileysStraight re-roll.
Comment #14
sunThank you!
Regardless of the configuration system enhancements for D8, settings.php does not seem to go away anytime soon (and #1484690: Implement $conf overrides in the configuration system was fixed just recently to bring back conditional $conf overrides), so I'd still like to see this happening.
Anyone who does not like the additional filestat of the file_exists() can either remove the entire thing from settings.php or include it unconditionally - settings.php is fully customizable after all.
Comment #15
mr.baileysReviewed and tested the patch and all looks good to me, one aspect I'm not sure of:
We currently warn uses if they leave settings.php writable after installation:
I wonder if we should include the same check on settings.local.php if it exists (since the security risk is the same). On the other hand, the only reason we warn for settings.php is because we explicitly request it to be writable during installation, which is not the case for settings.local.php, and we don't go checking other .php files for writability…
Comment #16
catchI don't see any reason to have this enabled by default, why not in there but commented out? It's a common pattern, but it's not worth the file system hit (file_exists() misses are not cached afaik) for sites that are never going to use it.
Comment #17
sunAlright, comment out by default.
Comment #19
jthorson CreditAttribution: jthorson commentedTestbot issue. Passed on re-test.
Comment #20
tstoecklerAll of the other options, that are commented out in settings.php use a leading '#', so let's do that here as well. The rest of them are all $conf overrides, so it's a bit different, but I think consistency makes sense here.
Comment #21
kbell CreditAttribution: kbell commentedI like this patch! (please add this as a favorable Review) - agree with tstoeckler on leading # but except for that, I'm happy to see this patch.
Thank you Dave Reid, sun and mr.baileys!
-Kelly
Comment #22
sunRe-rolled against HEAD, and changed the inline comment syntax as requested.
Comment #23
tstoecklerCan't find anything wrong with that. I personally would have liked to see this uncommented by default, but I guess catch is right, that this it is not the default use-case.
Comment #24
catchSorry can we change
if existent
to "if available", it's not exactly wrong but it's a bit flowery for a code comment I think.Comment #25
sunPrego.
Comment #26
catchThanks! Committed/pushed.
Comment #27
Patrick R. CreditAttribution: Patrick R. commentedIt might be better checking the existence of the file using is_file() and is_readable() instead of file_exists(). The latter will also return true if you have a directory named settings.local.php with the subsequent inclusion then throwing a warning. No big deal though as this is a very unlikely scenario.
Comment #28
tstoecklerWe currently use file_exists() all over core in the exact same manner as this patch introduced. It might or might not make sense to turn a bunch of those into is_file() but that should be a different issue.
Comment #29
Dave ReidThere is a separate issue for is_file: #1333940: Consistently use either is_file() or file_exists()
Comment #30
TravisCarden CreditAttribution: TravisCarden commentedFollow-up issue: #1611686: Add test for unprotected settings.local.php
Comment #31
patcon CreditAttribution: patcon commentedMaybe I'm not up on Drupal common practice, but shouldn't that followup simply be part of this issue? It would seem that this isn't complete until a test has been written, right? Like why have a separate discussion to follow for "those interested in writing tests"?
Or am I just too caught up in all that "agily" Definition of Done™ business? :)
Comment #32
jthorson CreditAttribution: jthorson commentedpatcon: You're probably right ... except in this case, the patch being developed in this issue has already been committed.
So the followup issue sort of becomes "Ooops, we forgot to add a test in x". ;)
Comment #33
patcon CreditAttribution: patcon commentedAh gotcha. regardless, you're all heroes. :)
Comment #34
dwwThe test we added in the other issue is a runtime requirements check on live sites. Could have been part of this, but it was an afterthought. There was no automated test for either issue, which is normally what gets the "no code without tests" rule.
Comment #36
hackwater CreditAttribution: hackwater commentedJust a quick documentation note for the settings.local.php description: Instead of "and other things that should not happen on development and testing sites" it should probably read "and other things that should ONLY happen on development and testing sites," unless I'm misunderstanding the settings.local.php documentation's intent.
Comment #37
Dave ReidFor those of us with makefiles that want to encourage the use of settings.local.php, here's an untestable makefile version.
Comment #38
mikeker CreditAttribution: mikeker commentedFYI: I opened #2419213: Rename settings.local.php to local.settings.php to be consistent with other filenames in hopes of making the file naming more consistent.
Comment #39
nerdcore CreditAttribution: nerdcore commentedI've decided to use the PHP constant DIRECTORY_SEPARATOR instead of "/" because I am sharing this config between a GNU and a Windows server. I suspect the Windows server could interpret "/" correctly, at least in fairly modern versions of PHP. Can anyone confirm this?
Here's my snippet:
Comment #40
nerdcore CreditAttribution: nerdcore commentedComment #41
mikeker CreditAttribution: mikeker commented@nerdcore: when building paths, you don't need to use DIRECTORY_SEPARATOR, forward-slash is fine. Linux uses forward slashes natively and Windows will accept either forward or backward slashes (PHP translates forward into backward for you so you can mix-and-match if you want). DIRECTORY_SEPARATOR is only needed when parsing a path given to you by the system.
Comment #42
cilefen CreditAttribution: cilefen commented#2535196: Uncomment the inclusion of the local setting file
Comment #43
jcnventura CreditAttribution: jcnventura at Wunder commentedThis would be a nice to have back in D7.
I've ported the current code from D8's default.settings.php including having this section commented.
Comment #44
tstoecklerI think that's a good idea!
Comment #45
TravisCarden CreditAttribution: TravisCarden at Acquia commentedIf we're going to do this, we probably need to test the file permissions on that file, like we did when we added the same feature to D8: #1611686: Add test for unprotected settings.local.php.
Comment #46
tstoecklerAh, was completely unaware of that. It totally makes sense to do this in one shot for D7, thanks!
Comment #47
Chi CreditAttribution: Chi commented__DIR__ is not available in PHP 5.2 which is minimal required PHP version for Drupal 7.
Comment #48
sierkje CreditAttribution: sierkje commentedComment #49
nerdcore CreditAttribution: nerdcore at OpenConcept Consulting Inc. commentedReroll of #43 in response to comment #47 (using
file_exists(dirname(__FILE__)
instead of__DIR__
because__FILE__
has existed since PHP 4.0.2)Comment #51
mccrodp CreditAttribution: mccrodp at X-Team commentedShouldn't this be
include_once
like in core?boostrap.inc:drupal_settings_initialize() line 731 :
Comment #53
Sailatha Gaddagunti CreditAttribution: Sailatha Gaddagunti at Melity commentedComment #54
Sailatha Gaddagunti CreditAttribution: Sailatha Gaddagunti at Melity commentedComment #55
geerlingguy CreditAttribution: geerlingguy as a volunteer and at Acquia commentedSetting proper status; note that critique in #51 still applies...
Comment #58
mccrodp CreditAttribution: mccrodp at X-Team commentedI believe this should be on default.settings.php also. I'll reroll with changes suggested in #51.
Comment #59
mccrodp CreditAttribution: mccrodp at X-Team commentedReverted back to the
dirname
instead ofDIR
changes from #49 and changes suggested in #51 re:include_once
.Comment #60
PieterDCTo comply to the remarks of #51, I rerolled #25 against Drupal 7.x
Comment #63
zipymonkey CreditAttribution: zipymonkey commentedThis patch in #60 does not apply cleanly for with Drupal 7.51. Rerolling the patch.
Comment #65
PolHere's the patch for Drupal >= 7.53
Comment #67
mikeker CreditAttribution: mikeker as a volunteer commentedTest failures seem unrelated...
Comment #71
keramsey CreditAttribution: keramsey commentedThe 65: drupal-7.53-1118520.patch fails on drupal-7.64. I am trying to install the patch as part of an installation profile.
Can someone reroll the patch for drupal-7.64 or point me to directions on how I can do that? Thanks.
Comment #72
zipymonkey CreditAttribution: zipymonkey commentedI've re-rolled the patch for Drupal 7.64.
@keramsey There are instructions for rerolling patches here: https://www.drupal.org/patch/reroll.
Comment #73
solideogloria CreditAttribution: solideogloria commentedComment #74
solideogloria CreditAttribution: solideogloria commentedComment #75
keramsey CreditAttribution: keramsey commentedThanks for the link and patch @zipymonkey!
Comment #76
sveldkamp CreditAttribution: sveldkamp commentedJust applied patch in #72 to 7.67 for 2 of my sites (PHP 7.2 though) and it works great.
This is a pretty simple patch, is it not? I would love to see it committed.
Comment #77
jcnventura CreditAttribution: jcnventura commentedI think we never addressed #45.
Comment #78
Gnanasampandan Velmurgan CreditAttribution: Gnanasampandan Velmurgan as a volunteer commentedI Have tested and reviewed the #72 patch it works Perfect. Thanks.
Comment #79
solideogloria CreditAttribution: solideogloria commentedPer #45, I ported the Drupal 8 hook_requirements changes to Drupal 7, in order to test the configuration file permissions.
I also looked at the current version of the tests/requirements in Drupal 8, but I decided against incorporating any of the other changes that have been made, such as adding an option to disable file permissions checking.
I tested to make sure the code displays the requirements correctly, but I didn't test it with patch #72 or with a non-empty settings.local.php file.
Comment #80
solideogloria CreditAttribution: solideogloria commentedComment #82
hmdnawaz CreditAttribution: hmdnawaz commentedThe patch in #72 is working for Drupal version 7.72
Comment #83
hmdnawaz CreditAttribution: hmdnawaz commentedComment #84
zipymonkey CreditAttribution: zipymonkey commentedRerolled the 7.x patch to work with Drupal 7.x-7.77.
Comment #85
solideogloria CreditAttribution: solideogloria commented@hmdnawaz @zipymonkey If you read #45 and #46, the tests I added are needed if this is to ever get committed.
Comment #87
zipymonkey CreditAttribution: zipymonkey commentedI rerolled the patch to work with 7.79/7.80 and added the testings to
system.install
recommended by @solideogloria and @TravisCarden. I opened a merge request for review.Comment #88
hmdnawaz CreditAttribution: hmdnawaz commented@zipmonkey
I have uploaded your latest patch here so that it can be used in projects from here.
Comment #89
zipymonkey CreditAttribution: zipymonkey commented@hmdnawaz You can get the raw patch file from the merge diff by adding ".patch" to the url. Example:
Comment #90
leymannx@zipmonkey – I wanted to say the same but consider that there is no way (yet) to integrate commits in the Composer patch workflow.
Means https://git.drupalcode.org/project/drupal/-/merge_requests/586.patch can change if new commits get added and you wouldn't even notice when your local site runs with a different version of the patch while your live site runs on another – and maybe breaks because of it.
https://www.drupal.org/files/issues/2021-04-23/drupal-7.x-1118520-88.patch doesn't change.
See https://drupal.stackexchange.com/q/298567/15055 for example where this has been asked already.
It would be nice to be able to pin the MR patch to a certain commit. Like https://git.drupalcode.org/project/drupal/-/merge_requests/586-[LATEST-C... and later if more commits come in https://git.drupalcode.org/project/drupal/-/merge_requests/586-[UPDATED-... for example.
Comment #91
zipymonkey CreditAttribution: zipymonkey commentedI rerolled the patch and attached a copy of the updated patched file.