Contrib.social

findSitePath() may behave differently on core/install.php than in index.php

Open on Drupal.org β†’
Created on 5 June 2014, about 11 years ago
Updated 25 July 2025, 9 days ago

Assume there are two site directories A and B.
The request resolution will identify A as the first candidate, and then B.
(e.g. A = sites/foo, B = sites/default)
A has no settings.php, but B has.

On core/install.php, findSitePath() will stop at A and attempt an install.
On index.php, if A is not installed yet, findSitePath() will move on to B and boot that.

I wonder if this behavior is intended.
IMO it would feel more consistent to let findSitePath() always stop at the first existing directory, and then simply fail or redirect to install.php, if there is no settings.php and it is not an installation request.

Or seen from a different angle:
Assume you have
- sites/example.com WITHOUT a settings.php
- sites/default WITH settings.php

If you visit http://example.com/whatever, it will show the site from sites/default.
If you visit http://example.com/core/install.php, it will attempt to install in sites/example.com.

IMO this is inconsistent and confusing.
It MIGHT also be dangerous, not sure.

Proposed solution:

DrupalKernel::findSitePath() should always stop at the first existing directory it finds, no matter if there is a settings.php.
Then if settings.php is missing, it should either show an error page or redirect to core/install.php.

This will force people to not leave empty site directories around, that could be hijacked for unintended site installation.

This will allow us to eliminate the $require_settings parameter from DrupalKernel::findSitePath(), which is great if we continue to refactor the kernel and bootstrap.

πŸ“Œ Task
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

base system

Created by

πŸ‡©πŸ‡ͺGermany donquixote

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 9 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thank you for creating this issue to improve Drupal.

    We are working to decide if this task is still relevant to a currently supported version of Drupal. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or is no longer relevant. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024