Having a single script config/index.php do upgrades as well as installs may have seemed like a good idea at the time, but:
- It asks a whole lot of complicated questions and then ignores the answers
- It requires the user to delete or move away their LocalSettings.php
- Users who don't read the manual don't understand what they're meant to do, and try to run maintenance/update.php via PHPShell instead
- The code is mostly split into upgrade and install cases anyway
I suggest splitting a config/upgrade.php off from config/index.php. This new script would provide a short and simple form, asking for database username and password only.
Instead of requiring the user to delete their configuration to gain access, a dedicated lock file could be used. This lock file would be created on a successful install or upgrade, and deleted by the user to re-enable the upgrader.
As for users who don't bother to read the manual: the database error page could link to config/upgrade.php. It could even check $wgVersion against a version number in the site_stats table, and display a welcome message!
Version: 1.16.x
Severity: enhancement