.editorconfig

@@ -12,3 +12,6 @@ indent_size = 2
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
+
+[composer.json]
+indent_size = 4

.eslintignore

 core/assets/vendor/**/*
 core/modules/locale/tests/locale_test.js
-core/vendor/**/*
+vendor/**/*
 sites/**/files/**/*
 libraries/**/*
 sites/**/libraries/**/*

.eslintrc

 {
-  "env": {
-    "browser": true
-  },
-  "globals": {
-    "Drupal": true,
-    "drupalSettings": true,
-    "drupalTranslations": true,
-    "domready": true,
-    "jQuery": true,
-    "_": true,
-    "matchMedia": true,
-    "Backbone": true,
-    "Modernizr": true,
-    "CKEDITOR": true
-  },
-  "rules": {
-    // Errors.
-    "block-scoped-var": 2,
-    "brace-style": [2, "stroustrup", {"allowSingleLine": true}],
-    "comma-style": [2, "last"],
-    "eqeqeq": [2, "smart"],
-    "guard-for-in": 2,
-    "indent": [2, 2, {"indentSwitchCase": true}],
-    "key-spacing": [2, {"beforeColon": false, "afterColon": true}],
-    "no-implied-eval": 2,
-    "no-mixed-spaces-and-tabs": 2,
-    "no-nested-ternary": 2,
-    "no-reserved-keys": 2,
-    "no-trailing-spaces": 2,
-    "no-undef": 2,
-    "no-undefined": 2,
-    "no-unused-vars": [2, {"vars": "local", "args": "none"}],
-    "one-var": [2, "never"],
-    "semi": [2, "always"],
-    "space-after-keywords": [2, "always"],
-    "space-before-blocks": [2, "always"],
-    "space-before-function-paren": [2, {"anonymous": "always", "named": "never"}],
-    "space-in-brackets": [2, "never"],
-    "space-in-parens": [2, "never"],
-    "spaced-line-comment": [2, "always"],
-    "strict": 2,
-    // Warnings.
-    "max-nested-callbacks": [1, 3],
-    // Disabled.
-    "camelcase": 0,
-    "consistent-return": 0,
-    "dot-notation": 0,
-    "new-cap": 0,
-    "no-alert": 0,
-    "no-new": 0,
-    "no-shadow": 0,
-    "no-underscore-dangle": 0,
-    "no-use-before-define": 0,
-    "quotes": 0
-  }
+  "extends": "./core/.eslintrc"
 }

.gitattributes

@@ -16,27 +16,27 @@
 #   - Deny applying with `git apply --whitespace=error-all`.
 #   - Fix automatically with `git apply --whitespace=fix`.
 
-# Auto-detect text files, ensure they use LF.
-*         text=auto eol=lf
-
+*.config  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.css     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.dist    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.engine  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.html    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=html
 *.inc     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
-*.info    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.install text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.js      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.json    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.lock    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.map     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.md      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.module  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.php     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.po      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.profile text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.script  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.sh      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.sql     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
-*.test    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
 *.theme   text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.twig    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.txt     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.xml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.yml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
@@ -47,6 +47,10 @@
 *.gif     -text diff
 *.gz      -text diff
 *.ico     -text diff
+*.jpeg    -text diff
 *.jpg     -text diff
 *.png     -text diff
 *.phar    -text diff
+*.exe     -text diff
+*.svgz    -text diff
+*.ttf     -text diff

.htaccess

@@ -3,7 +3,7 @@
 #
 
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
+<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
   <IfModule mod_authz_core.c>
     Require all denied
   </IfModule>
@@ -15,12 +15,6 @@
 # Don't show directory listings for URLs which map to a directory.
 Options -Indexes
 
-# Follow symbolic links in this directory.
-Options +FollowSymLinks
-
-# Make Drupal handle any 404 errors.
-ErrorDocument 404 /index.php
-
 # Set the default handler.
 DirectoryIndex index.php index.html index.htm
 
@@ -28,13 +22,14 @@ DirectoryIndex index.php index.html index.htm
 AddType image/svg+xml svg svgz
 AddEncoding gzip svgz
 
-# Override PHP settings that cannot be changed at runtime. See
+# Most of the following PHP settings cannot be changed at runtime. See
 # sites/default/default.settings.php and
 # Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
 # changed at runtime.
 
 # PHP 5, Apache 1 and 2.
 <IfModule mod_php5.c>
+  php_value assert.active                   0
   php_flag session.auto_start               off
   php_value mbstring.http_input             pass
   php_value mbstring.http_output            pass
@@ -62,6 +57,14 @@ AddEncoding gzip svgz
   </FilesMatch>
 </IfModule>
 
+# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
+# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
+# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
+# http://example.com/), the path to index.php will need to be adjusted.
+<IfModule !mod_rewrite.c>
+  FallbackResource /index.php
+</IfModule>
+
 # Various rewrite rules.
 <IfModule mod_rewrite.c>
   RewriteEngine on
@@ -90,21 +93,21 @@ AddEncoding gzip svgz
   # If you do not have mod_rewrite installed, you should remove these
   # directories from your webroot or otherwise protect them from being
   # downloaded.
-  RewriteRule "(^|/)\." - [F]
+  RewriteRule "(^|/)\.(?!well-known)" - [F]
 
   # If your site can be accessed both with and without the 'www.' prefix, you
   # can use one of the following settings to redirect users to your preferred
   # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
   #
   # To redirect all users to access the site WITH the 'www.' prefix,
-  # (http://example.com/... will be redirected to http://www.example.com/...)
+  # (http://example.com/foo will be redirected to http://www.example.com/foo)
   # uncomment the following:
   # RewriteCond %{HTTP_HOST} .
   # RewriteCond %{HTTP_HOST} !^www\. [NC]
   # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   #
   # To redirect all users to access the site WITHOUT the 'www.' prefix,
-  # (http://www.example.com/... will be redirected to http://example.com/...)
+  # (http://www.example.com/foo will be redirected to http://example.com/foo)
   # uncomment the following:
   # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
   # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
@@ -125,6 +128,9 @@ AddEncoding gzip svgz
   RewriteCond %{REQUEST_URI} !core
   RewriteRule ^ %1/core/%2 [L,QSA,R=301]
 
+  # Rewrite install.php during installation to see if mod_rewrite is working
+  RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
+
   # Pass all requests not referring directly to files in the filesystem to
   # index.php.
   RewriteCond %{REQUEST_FILENAME} !-f
@@ -139,14 +145,14 @@ AddEncoding gzip svgz
   # Allow access to PHP files in /core (like authorize.php or install.php):
   RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
   # Allow access to test-specific PHP files:
-  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php$
+  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
   # Allow access to Statistics module's custom front controller.
   # Copy and adapt this rule to directly execute PHP files in contributed or
   # custom modules or to run another PHP application in the same directory.
   RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
   # Deny access to any other PHP files that do not match the rules above.
   # Specifically, disallow autoload.php from being served directly.
-  RewriteRule "^(.+/.*|autoload)\.php$" - [F]
+  RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
 
   # Rules to correctly serve gzip compressed CSS and JS files.
   # Requires both mod_rewrite and mod_headers to be enabled.
@@ -174,8 +180,10 @@ AddEncoding gzip svgz
   </IfModule>
 </IfModule>
 
-# Add headers to all responses.
+# Various header fixes.
 <IfModule mod_headers.c>
   # Disable content sniffing, since it's an attack vector.
   Header always set X-Content-Type-Options nosniff
+  # Disable Proxy header, since it's an attack vector.
+  RequestHeader unset Proxy
 </IfModule>

README.txt

@@ -36,8 +36,8 @@ thousands of contributed modules (for functionality not included with Drupal
 core) available for download.
 
 More about configuration:
- * Install, upgrade, and maintain Drupal:
-   See INSTALL.txt and UPGRADE.txt in the "core" directory.
+ * Install, update, and maintain Drupal:
+   See INSTALL.txt and UPDATE.txt in the "core" directory.
  * Learn about how to use Drupal to create your site:
    https://www.drupal.org/documentation
  * Follow best practices:

autoload.php

@@ -4,11 +4,6 @@
  * @file
  * Includes the autoloader created by Composer.
  *
- * This file can be edited to change the autoloader if you are managing a
- * project's dependencies using Composer. If Drupal code requires the
- * autoloader, it should always be loaded using this file so that projects
- * using Composer continue to work.
- *
  * @see composer.json
  * @see index.php
  * @see core/install.php
@@ -16,4 +11,4 @@
  * @see core/modules/statistics/statistics.php
  */
 
-return require __DIR__ . '/core/vendor/autoload.php';
+return require __DIR__ . '/vendor/autoload.php';

composer.json

 {
-  "name": "drupal/drupal",
-  "description": "Drupal is an open source content management platform powering millions of websites and applications.",
-  "type": "project",
-  "license": "GPL-2.0+",
-  "require": {
-    "composer/installers": "^1.0.20",
-    "drupal/core": "~8.0"
-  },
-  "minimum-stability": "dev",
-  "prefer-stable": true,
-  "config": {
-    "preferred-install": "dist",
-    "autoloader-suffix": "Drupal8"
-  },
-  "extra": {
-    "_readme": [
-      "By default Drupal loads the autoloader from ./core/vendor/autoload.php.",
-      "To change the autoloader you can edit ./autoload.php."
-    ]
-  }
+    "name": "drupal/drupal",
+    "description": "Drupal is an open source content management platform powering millions of websites and applications.",
+    "type": "project",
+    "license": "GPL-2.0+",
+    "require": {
+        "composer/installers": "^1.0.21",
+        "wikimedia/composer-merge-plugin": "~1.3"
+    },
+    "replace": {
+        "drupal/core": "~8.2"
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true,
+    "config": {
+        "preferred-install": "dist",
+        "autoloader-suffix": "Drupal8"
+    },
+    "extra": {
+        "_readme": [
+            "By default Drupal loads the autoloader from ./vendor/autoload.php.",
+            "To change the autoloader you can edit ./autoload.php."
+        ],
+        "merge-plugin": {
+            "include": [
+                "core/composer.json"
+            ],
+            "recurse": false,
+            "replace": false,
+            "merge-extra": false
+        }
+    },
+    "autoload": {
+        "psr-4": {
+            "Drupal\\Core\\Composer\\": "core/lib/Drupal/Core/Composer"
+        }
+    },
+    "scripts": {
+        "pre-autoload-dump": "Drupal\\Core\\Composer\\Composer::preAutoloadDump",
+        "post-autoload-dump": "Drupal\\Core\\Composer\\Composer::ensureHtaccess",
+        "post-package-install": "Drupal\\Core\\Composer\\Composer::vendorTestCodeCleanup",
+        "post-package-update": "Drupal\\Core\\Composer\\Composer::vendorTestCodeCleanup"
+    }
 }

core/.eslintrc

+{
+  "extends": "eslint:recommended",
+  "env": {
+    "browser": true
+  },
+  "globals": {
+    "Drupal": true,
+    "drupalSettings": true,
+    "drupalTranslations": true,
+    "domready": true,
+    "jQuery": true,
+    "_": true,
+    "matchMedia": true,
+    "Backbone": true,
+    "Modernizr": true,
+    "CKEDITOR": true
+  },
+  "rules": {
+    // Errors.
+    "array-bracket-spacing": [2, "never"],
+    "block-scoped-var": 2,
+    "brace-style": [2, "stroustrup", {"allowSingleLine": true}],
+    "comma-dangle": [2, "never"],
+    "comma-spacing": 2,
+    "comma-style": [2, "last"],
+    "computed-property-spacing": [2, "never"],
+    "curly": [2, "all"],
+    "eol-last": 2,
+    "eqeqeq": [2, "smart"],
+    "guard-for-in": 2,
+    "indent": [2, 2, {"SwitchCase": 1}],
+    "key-spacing": [2, {"beforeColon": false, "afterColon": true}],
+    "keyword-spacing": [2, {"before": true, "after": true}],
+    "linebreak-style": [2, "unix"],
+    "lines-around-comment": [2, {"beforeBlockComment": true, "afterBlockComment": false}],
+    "new-parens": 2,
+    "no-array-constructor": 2,
+    "no-caller": 2,
+    "no-catch-shadow": 2,
+    "no-eval": 2,
+    "no-extend-native": 2,
+    "no-extra-bind": 2,
+    "no-extra-parens": [2, "functions"],
+    "no-implied-eval": 2,
+    "no-iterator": 2,
+    "no-label-var": 2,
+    "no-labels": 2,
+    "no-lone-blocks": 2,
+    "no-loop-func": 2,
+    "no-multi-spaces": 2,
+    "no-multi-str": 2,
+    "no-native-reassign": 2,
+    "no-nested-ternary": 2,
+    "no-new-func": 2,
+    "no-new-object": 2,
+    "no-new-wrappers": 2,
+    "no-octal-escape": 2,
+    "no-process-exit": 2,
+    "no-proto": 2,
+    "no-return-assign": 2,
+    "no-script-url": 2,
+    "no-sequences": 2,
+    "no-shadow-restricted-names": 2,
+    "no-spaced-func": 2,
+    "no-trailing-spaces": 2,
+    "no-undef-init": 2,
+    "no-undefined": 2,
+    "no-unused-expressions": 2,
+    "no-unused-vars": [2, {"vars": "all", "args": "none"}],
+    "no-with": 2,
+    "object-curly-spacing": [2, "never"],
+    "one-var": [2, "never"],
+    "quote-props": [2, "consistent-as-needed"],
+    "quotes": [2, "single", "avoid-escape"],
+    "semi": [2, "always"],
+    "semi-spacing": [2, {"before": false, "after": true}],
+    "space-before-blocks": [2, "always"],
+    "space-before-function-paren": [2, {"anonymous": "always", "named": "never"}],
+    "space-in-parens": [2, "never"],
+    "space-infix-ops": 2,
+    "space-unary-ops": [2, { "words": true, "nonwords": false }],
+    "spaced-comment": [2, "always"],
+    "strict": [2, "function"],
+    "yoda": [2, "never"],
+    // Warnings.
+    "max-nested-callbacks": [1, 3],
+    "valid-jsdoc": [1, {
+      "prefer": {
+        "returns": "return",
+        "property": "prop"
+      },
+      "requireReturn": false
+    }]
+  }
+}

core/.gitignore

-# SimpleTest breaks with the following files, so avoid adding them.
-vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1-1.php
-vendor/symfony/class-loader/Symfony/Component/ClassLoader/Tests/Fixtures/php5.4/traits.php
-vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
-
-# The resources for the Validator component are not required.
-vendor/symfony/validator/Symfony/Component/Validator/Resources
-
-# Symfony Validator depends on Symfony Translation but only requires the
-# TranslatorInterface. Thus, we add only the required interface from Symfony
-# Translation by ignoring everything except the interface.
-vendor/symfony/translation/Symfony/Component/Translation/*
-!vendor/symfony/translation/Symfony/Component/Translation/TranslatorInterface.php
-
-# PHPUnit provides some binary dependencies that are already available.
-vendor/phpunit/phpunit/build/dependencies

core/INSTALL.txt

@@ -18,7 +18,7 @@ Drupal requires:
 - A web server with PHP support, for example:
   - Apache 2.0 (or greater) (http://httpd.apache.org/).
   - Nginx 1.1 (or greater) (http://nginx.com/).
-- PHP 5.4.5 (or greater) (http://php.net/). For better security support it is
+- PHP 5.5.9 (or greater) (http://php.net/). For better security support it is
   recommended to update to at least 5.5.21 or 5.6.5.
 - One of the following databases:
   - MySQL 5.5.3 (or greater) (http://www.mysql.com/).
@@ -26,8 +26,8 @@ Drupal requires:
     compatible drop-in replacement for MySQL.
   - Percona Server 5.5.8 (or greater) (http://www.percona.com/). Percona
     Server is a backwards-compatible replacement for MySQL.
-  - PostgreSQL 8.3 (or greater) (http://www.postgresql.org/).
-  - SQLite 3.4.2 (or greater) (http://www.sqlite.org/).
+  - PostgreSQL 9.1.2 (or greater) (http://www.postgresql.org/).
+  - SQLite 3.7.11 (or greater) (http://www.sqlite.org/).
 
 For more detailed information about Drupal requirements, including a list of
 PHP extensions and configurations that are required, see "System requirements"
@@ -88,7 +88,20 @@ INSTALLATION
    directory within your web server's document root or your public HTML
    directory, continue with this command:
 
-     mv drupal-x.y.z/* drupal-x.y.z/.htaccess drupal-x.y.z/.csslintrc drupal-x.y.z/.editorconfig drupal-x.y.z/.eslintignore drupal-x.y.z/.eslintrc /path/to/your/installation
+     mv drupal-x.y.z/* drupal-x.y.z/.htaccess drupal-x.y.z/.csslintrc drupal-x.y.z/.editorconfig drupal-x.y.z/.eslintignore drupal-x.y.z/.eslintrc drupal-x.y.z/.gitattributes /path/to/your/installation
+
+   You can also download the latest version of Drupal using Git on the command
+   line and set up a repository by following the instructions at
+   https://www.drupal.org/project/drupal/git-instructions for "Setting up
+   repository for the first time".
+
+   Once you have downloaded Drupal successfully, you may install Composer
+   globally using the instructions at
+   https://getcomposer.org/doc/00-intro.md#globally
+
+   With Composer installed, run the following command from the Drupal web root:
+
+     composer install
 
 2. Create the Drupal database.
 
@@ -121,60 +134,63 @@ INSTALLATION
 
    a. Missing files directory.
 
-      The install script will attempt to create a file storage directory in
-      the default location at sites/default/files (the location of the files
+      The install script will attempt to create a public file storage directory
+      in the default location at sites/default/files (the location of the files
       directory may be changed after Drupal is installed).
 
-      If auto-creation fails, you can make it work by changing permissions on
-      the sites/default directory so that the web server can create the files
-      directory within it for you. (If you are creating a multisite
-      installation, substitute the correct sites directory for sites/default;
-      see the Multisite Configuration section of this file, below.)
+      If auto-creation fails, you can create the directory yourself. (If you are
+      creating a multisite installation, substitute the correct sites directory
+      for sites/default; see the Multisite Configuration section of this file,
+      below.) Sample commands from a Unix/Linux command line:
 
-      For example, on a Unix/Linux command line, you can grant everyone
+        mkdir sites/default/files
+        chmod a+w sites/default/files
+
+      Alternatively, you can make the install script work by changing
+      permissions on the sites/default directory. The web server can then
+      create the files directory within it for you.
+
+      For example, on a Unix/Linux command line, you can you can grant everyone
       (including the web server) permission to write to the sites/default
       directory with this command:
 
         chmod a+w sites/default
 
-      Be sure to set the permissions back after the installation is finished!
-      Sample command:
+      Then re-run install.php (e.g. by clicking "try again" at the bottom of
+      the Requirements problem page. Once the files directory is created, you
+      will need to grant everyone (including the web server) permission to
+      write to it with this command:
 
-        chmod go-w sites/default
+        chmod a+w sites/default/files
 
-      Alternatively, instead of allowing the web server to create the files
-      directory for you as described above, you can create it yourself. Sample
-      commands from a Unix/Linux command line:
+      Be sure to set the permissions for the default directory back after the
+      installation is finished! (Leave the files directory writeable.)
+      Sample command:
 
-        mkdir sites/default/files
-        chmod a+w sites/default/files
+        chmod go-w sites/default
 
    b. Missing settings file.
 
-      Drupal will try to automatically create settings.php and services.yml
-      files, which are normally in the directory sites/default (to avoid
-      problems when upgrading, Drupal is not packaged with this file). If
-      auto-creation of either file fails, you will need to create the file
-      yourself. Use the template sites/default/default.settings.php or
-      sites/default/default.services.yml respectively.
+      Drupal will try to automatically create a settings.php configuration file,
+      which is normally in the directory sites/default (to avoid problems when
+      upgrading, Drupal is not packaged with this file). If auto-creation fails,
+      you will need to create this file yourself, using the file
+      sites/default/default.settings.php as a template.
 
       For example, on a Unix/Linux command line, you can make a copy of the
-      default.settings.php and default.services.yml files with the commands:
+      default.settings.php file with the command:
 
         cp sites/default/default.settings.php sites/default/settings.php
-        cp sites/default/default.services.yml sites/default/services.yml
 
       Next, grant write privileges to the file to everyone (including the web
       server) with the command:
 
         chmod a+w sites/default/settings.php
-        chmod a+w sites/default/services.yml
 
       Be sure to set the permissions back after the installation is finished!
       Sample command:
 
         chmod go-w sites/default/settings.php
-        chmod go-w sites/default/services.yml
 
    c. Write permissions after install.
 
@@ -184,7 +200,6 @@ INSTALLATION
       from a Unix/Linux command line:
 
         chmod go-w sites/default/settings.php
-        chmod go-w sites/default/services.yml
         chmod go-w sites/default
 
 4. Verify that the site is working.
@@ -197,7 +212,7 @@ INSTALLATION
 
 5. Change file system storage settings (optional).
 
-   The files directory created in step 4 is the default file system path used to
+   The files directory created in step 3 is the default file system path used to
    store all uploaded files, as well as some temporary files created by
    Drupal. After installation, you can modify the file system path to store
    uploaded files in a different location.
@@ -224,11 +239,19 @@ INSTALLATION
         mkdir uploads
         chmod a+w uploads
 
-   b. Navigate to Administration > Configuration > Media > File system, and
-      enter the desired path. Note that if you want to use private file storage,
-      you need to first enter the path for private files and save the
-      configuration, and then change the "Default download method" setting and
-      save again.
+   b. Open your settings.php in a plain-text editor, and uncomment (remove the #
+      at the start of line) this line:
+
+        # $settings['file_public_path'] = 'sites/default/files';
+
+      Enter the desired path and save the file.
+
+      If you want to use private file storage, you need to uncomment (remove
+      the # at the start of line) the following line in settings.php:
+
+        # $settings['file_private_path'] = '';
+
+      Enter the path for private files and save the file.
 
    Changing the file system path after files have been uploaded may cause
    unexpected problems on an existing site. If you modify the file system path

core/UPDATE.txt

+INTRODUCTION
+------------
+This document describes how to update your Drupal site between 8.x.x minor and
+patch versions; for example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0.
+
+To upgrade from a previous major version (for example, Drupal 6 or 7), the
+process involves importing site configuration and content from your old site
+into a new Drupal 8 site. The tools and process are currently experimental,
+rather than being fully supported, so be sure to test in a development
+environment. You will need to use the core Migrate Drupal UI module which
+provides a user interface for the Migrate and Migrate Drupal modules included
+in core. See https://www.drupal.org/upgrade/migrate for details, and
+https://www.drupal.org/node/2167633 for known issues.
+
+First steps and definitions:
+
+  * If you are upgrading to Drupal version x.y.z, then x is known as the major
+    version number, y is known as the minor version number, and z is known as
+    the patch version number. The download file will be named
+    drupal-x.y.z.tar.gz (or drupal-x.y.z.zip). Previous Drupal versions used
+    only x.y (MAJOR.MINOR) to designate their versions.
+
+  * All directories mentioned in this document are relative to the directory of
+    your Drupal installation.
+
+  * Make a full backup of all files, directories, and your database(s) before
+    starting, and save it outside your Drupal installation directory.
+    Instructions may be found at
+    https://www.drupal.org/upgrade/backing-up-the-db
+
+  * It is wise to try an update or upgrade on a test copy of your site before
+    applying it to your live site. Even minor updates can cause your site's
+    behavior to change.
+
+  * Each new release of Drupal has release notes, which explain the changes made
+    since the previous version and any special instructions needed to update or
+    upgrade to the new version. You can find a link to the release notes for the
+    version you are upgrading or updating to on the Drupal project page
+    (https://www.drupal.org/project/drupal).
+
+UPDATE PROBLEMS
+----------------
+If you encounter errors during this process,
+
+  * Note any error messages you see.
+
+  * Restore your site to its previous state, using the file and database backups
+    you created before you started the update process. Do not attempt to do
+    further updates on a site that had update problems.
+
+  * Consult one of the support options listed on https://www.drupal.org/support
+
+More in-depth information on updating and upgrading can be found at
+https://www.drupal.org/upgrade
+
+MINOR AND PATCH VERSION UPDATES
+-------------------------------
+To update from one 8.x.x version of Drupal to any later 8.x.x version, after
+following the instructions in the INTRODUCTION section at the top of this file:
+
+1. Log in as a user with the permission "Administer software updates".
+
+2. Go to Administration > Configuration > Development > Maintenance mode.
+   Enable the "Put site into maintenance mode" checkbox and save the
+   configuration.
+
+3. Remove the 'core' and 'vendor' directories. Also remove all of the files
+   in the top-level directory, except any that you added manually.
+
+   If you made modifications to files like .htaccess, composer.json, or
+   robots.txt you will need to re-apply them from your backup, after the new
+   files are in place.
+
+   Sometimes an update includes changes to default.settings.php (this will be
+   noted in the release notes). If that's the case, follow these steps:
+
+   - Locate your settings.php file in the /sites/* directory. (Typically
+     sites/default.)
+
+   - Make a backup copy of your settings.php file, with a different file name.
+
+   - Make a copy of the new default.settings.php file, and name the copy
+     settings.php (overwriting your previous settings.php file).
+
+   - Copy the custom and site-specific entries from the backup you made into the
+     new settings.php file. You will definitely need the lines giving the
+     database information, and you will also want to copy in any other
+     customizations you have added.
+
+   You can find the release notes for your version at
+   https://www.drupal.org/project/drupal. At bottom of the project page under
+   "Downloads" use the link for your version of Drupal to view the release
+   notes. If your version is not listed, use the 'View all releases' link. From
+   this page you can scroll down or use the filter to find your version and its
+   release notes.
+
+4. Download the latest Drupal 8.x.x release from https://www.drupal.org to a
+   directory outside of your web root. Extract the archive and copy the files
+   into your Drupal directory.
+
+   On a typical Unix/Linux command line, use the following commands to download
+   and extract:
+
+     wget https://www.drupal.org/files/projects/drupal-x.y.z.tar.gz
+     tar -zxvf drupal-x.y.z.tar.gz
+
+   This creates a new directory drupal-x.y.z/ containing all Drupal files and
+   directories. Copy the files into your Drupal installation directory:
+
+     cp -R drupal-x.y.z/* drupal-x.y.z/.htaccess /path/to/your/installation
+
+   If you do not have command line access to your server, download the archive
+   from https://www.drupal.org using your web browser, extract it, and then use
+   an FTP client to upload the files to your web root.
+
+5. Re-apply any modifications to files such as .htaccess, composer.json, or
+   robots.txt.
+
+6. Run update.php by visiting http://www.example.com/update.php (replace
+   www.example.com with your domain name). This will update the core database
+   tables.
+
+   If you are unable to access update.php do the following:
+
+   - Open settings.php with a text editor.
+
+   - Find the line that says:
+     $settings['update_free_access'] = FALSE;
+
+   - Change it into:
+     $settings['update_free_access'] = TRUE;
+
+   - Once the update is done, $settings['update_free_access'] must be reverted
+     to FALSE.
+
+7. Go to Administration > Reports > Status report. Verify that everything is
+   working as expected.
+
+8. Ensure that $settings['update_free_access'] is FALSE in settings.php.
+
+9. Go to Administration > Configuration > Development > Maintenance mode.
+   Disable the "Put site into maintenance mode" checkbox and save the
+   configuration.
+