How to update a Drupal site built by others

Have you ever worked on a Drupal site you hadn’t built yourself? If you have you may already know not every developer follows the Drupal development’s best practices and there are many sites containing “hacked” code. Unrelated to espionage and bond villains the phrase “hacked” refers to any community contributed code that has been independently modified since its original download. Some hacks are necessary including hot-fix patches for specific issues that have not made it into the released version of the code repository yet so not all hacks are bad, many are bug fixes and some are the result of sloppy coding.

One of the main support tasks on any Drupal site is performing core/module/theme updates and that’s when your hacked/patched modules can give you a sad face, if the hacked code is accidentally overwritten you may lose its functionality hence extra care is needed when updating hacked code. Before updating any site you need to check if the codebase had been hacked, and how is that done you may ask?

Hacked Report

Introducing Hacked!

Hacked is a great module that checks to see if your Drupal core files or your installed themes and modules have been changed since they were first downloaded and installed. Get it from http://drupal.org/project/hacked and upon install run its report by visiting /admin/reports/hacked

Hacked Files

Depending on the number of installed themes and modules the hacked report will take a little time to download the original versions of each and compare them with your current version to see if they have changed. Once you know what’s changed you can decide if it can be updated or not if you knew exactly what was changed, right?

Introducing Diff

What’s nice about the Hacked! module is that it seamlessly integrates with the Diff module allowing you to see all the exact differences between the two versions of the code side-by-side for comparison. This allows you to see if the changes in the hacked files are worth keeping or replicating as sometimes they may not be.

Before learning about Hacked and Diff I had to pray to the Droplet on every update to avoid overwriting any hidden implemented tweak but with these two modules I can now update selectively and intelligently without surprises. Lastly, for any update always try it on a test environment first, make sure everything works on your test server before rolling it out on your live production site.