Anatomy of the SQL injection in Drupal’s database comment filtering system SA-CORE-2015-003

In the Drupal security advisory that was released on August 19th, 2015 Drupal’s security team announced that it solved an SQL injection vulnerability in the Drupal database API.

The security advisory contained the following description of the SQL injection vulnerability:

A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments.


Configure PHP APC to speed up Drupal

The APC PHP extension is a PECL extension that saves compiled versions of your code in memory, in order that your PHP code is not compiled on every page load.

Below I provide an overview of how I configured APC on my Debian server to improve the performance of my Drupal site.

My Debian server was already running Apache 2 and PHP 5, so installing PHP APC was as easy as doing the following:
apt-get install php-apc


Protecting your website from spam in comments

This article shows how you can effectively protect your website against spam-submissions in comments.

In order to improve the interaction with the visitors of this website, I allowed anonymous users to post comments to all published stories. Since feedback is quite low, I enforced administrator approval of all comments to stay in full control.

However, shortly after enabling comments for anonymous users, I received more and more emails telling me that new comments were posted which needed my approval.

CAPTCHA to the rescue!


Drupal 6: finding out which button is clicked when using a image_button element

When using multiple image_button elements in a form, there's no easy way to found out which one was clicked. This page contains a solution which allows you to identify the clicked image_button.

Recently I was building a module which showed a rather complex form. The form contained a mix of submit button and image_button elements.

In the submit handler I wrote some code to discover which button was clicked.

I made it work in the following case:


You might also be interested in...

Subscribe to RSS - Drupal