Now that we have fixed the usage of authorize.php when using Installer module for manual module installs (#1920), it's become clear that we should be using authorize.php for all downloading/installing of modules/themes/layouts.
Without using authorize.php, Installer module only works if the owner of web root directory and the web server user are the same. By using authorize.php, we could enable users to more securely set up their site and still allow modules to be downloaded/installed. If the owner of the web root is the web server user (as is the case in most shared hosting environments and Pantheon), then we don't have a problem. But when these users are different, authorize.php could enable the use of the Installer UI.
GitHub Issue #:
2271
Recent comments
Re PHP 8.5 compatibility: not ready yet for review, but tests are passing now. So, still work in progress with issue #7008.
November 20th 2025 Weekly Meetings
This issue in the API module is blocking any upgrade of docs.backdropcms.org to later PHP versions. I had a look but not sure how this can be fixed: https://github.com/backdrop-contrib...
November 20th 2025 Weekly Meetings
The number of questions about lost configurations support my argument. Who knows how many developers use version control systems... UPDATE: The option to store in a database was added...
I need to understand how active and staging folders work – configuration management