[meta] Add .php extension to PHP files

Created on 21 April 2004, about 21 years ago

Updated 5 May 2025, 2 months ago

Problem/Motivation

Currently we have more or less 6 non-standard extensions to represent PHP files with. This is most certainly a Drupal-ism.

This issue proposes that PHP files should always have the extension: .php

Reasons to do this:

Unnecessarily complex for newcomers

Newcomers not only have to learn Drupal, they need to configure their IDE and/or OS to open a file with the correct program and get some syntax highlighting working. This is a DX win that makes drupal more out of the box accessible for development. (see #4, #18) And it helps us get off the island :)

Security

Not all sites run on apache or IIS where we have config files to stop them from serving those files displayable directly to the browser. Many people store sensitive info in PHP files, like API keys, or passwords and we can’t add configuration files for every web server that currently exists (or ever will exist). (see #17)

Consistency

As Crell points out (#20) PSR-0 mandates that classes end must end in .php for autoloader interoperability. Drupal is becoming more OO so most of the code will be in .php files. Why not all of the code?

Reasons to not do this:

It’s the Drupal Way

We have thousands of modules, themes, and profiles on drupal.org and countless more bespoke modules on sites... every current Drupal developer will have to do things differently, and all the contrib projects with D8 branches will need to rename files.

Non-standard extensions are not executable

Files with non-standard extensions are not executable and some people might rely on this behavior. (see #12, #67 and below)

Proposed resolution

We have two options...

In order to proceed with option 2 we have to complete #1292284: Require 'type' key in .info.yml files →
See #28
Update: There seems to be a clear consensus for Option 1.

Bulk renaming files in a directory using bash:
for f in $(find . -name "*.module" -o -name "*.profile" -o -name "*.theme" -o -name "*.install" -o -name "*.inc" -o -name "*.engine"); do mv $f ${f}.php; done

Remaining Tasks

Commit
Publish the change record
Follow-up: Update documentation on drupal.org in module, theme, and profile developer guides

Related tasks

Original report

There shouldn't be .inc files.
.inc.php is better since webservers won't allow users to view their content.
Just in case someone modifies one with confidential information.

Beta phase evaluation

🌱 Plan

Status

Active

Version

11.0 🔥

Component

extension system

Created by

mbkaba22

Live updates comments and jobs are added and updated live.

DX (Developer Experience)
Enhances developer experience.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 2 months ago →
🇺🇸United States nicxvan
I think am easier way around this is to deprecate and replace the things inside the files.

.module has very few things that are required in it. We can make this oop then just deprecate .module entirely.
Comment 4 days ago →
🇺🇸United States xjm
Crediting discussion from #243, although this issue seems to keep coming back from the grave. 📌 Road to deprecating .module files Active has us a lot closer, but still leaves .install, plus themes and profiles.
Comment 4 days ago →
solideogloria

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024