A one-liner for Drupal 7.32 security update

Yesterday an important security update was released for Drupal. This update, Drupal 7.32 is a highly critical update for everyone running a Drupal 7 site.

You may have seen a tweet where I posted the following suggestion which works on OS X:

sudo find . -name database.inc | grep "/includes/database/database.inc" | xargs sed -i '' 's/$data /array_values($data) /'

On linux the arguments for 'sed -i' work a little differently and this works better:

sudo find . -name database.inc | grep "/includes/database/database.inc" | xargs sed -i 's/$data /array_values($data) /'

Twitter might be good for getting the message out but it doesn't provide the space to explain. Why would one use this? Wouldn't it be better to just upgrade to Drupal 7.32?

Ignoring for a moment that there may be people who have needs to do testing or other checks before upgrading, there are a number of people with more than one Drupal site. There is a chance there are even some older sites that aren't maintained any longer. Or aren't actively anyway. In addition there may be older versions of a site on the server still in case of a rollback or restore. With this snippet it's possible to update all of these instances at once. It also means for developers working on many sites they can have all their currently checked-out sites updated and ready for the next time you go to work on the branch. Even that one-off site you did for your friend/kid/school/project that you forgot about a while ago is good to go.

Note that other variants are possible like using sudo before xargs as well. I chose this because it does a reasonably good job of targeting only Drupal 7 sites and making sure I find all the instances in that directory structure. Also note that it uses the current directory as the starting point. On operating systems where network drives or directories are visible in the file system you'll likely want to limit where it can run.

Category: