Anatomy of the SQL injection in Drupal’s database comment filtering system SA-CORE-2015-003

In the Drupal security advisory that was released on August 19th, 2015 Drupal’s security team announced that it solved an SQL injection vulnerability in the Drupal database API.

The security advisory contained the following description of the SQL injection vulnerability:

A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments.

Tags:

Drupal: create a view block of all children of a book page

This article explains how you can create a view block that contains all the children of a certain book page.

Tags:

Upgrade PHP on Debian 6 Squeeze to support Drupal 8

Drupal administrators who are running servers with Debian 6 Squeeze who want to try out Drupal 8 will face a big problem: Debian 6 still uses PHP version 5.3.3 whereas Drupal 8 requires at least PHP 5.3.10. This page shows how you can easily upgrade your PHP version to the latest 5.3 release.

Tags:

Configure PHP APC to speed up Drupal

The APC PHP extension is a PECL extension that saves compiled versions of your code in memory, in order that your PHP code is not compiled on every page load.

Below I provide an overview of how I configured APC on my Debian server to improve the performance of my Drupal site.

My Debian server was already running Apache 2 and PHP 5, so installing PHP APC was as easy as doing the following:
apt-get install php-apc

Tags:

Protecting your website from spam in comments

This article shows how you can effectively protect your website against spam-submissions in comments.

In order to improve the interaction with the visitors of this website, I allowed anonymous users to post comments to all published stories. Since feedback is quite low, I enforced administrator approval of all comments to stay in full control.

However, shortly after enabling comments for anonymous users, I received more and more emails telling me that new comments were posted which needed my approval.

CAPTCHA to the rescue!

Tags:

Drupal 6: finding out which button is clicked when using a image_button element

When using multiple image_button elements in a form, there's no easy way to found out which one was clicked. This page contains a solution which allows you to identify the clicked image_button.

Recently I was building a module which showed a rather complex form. The form contained a mix of submit button and image_button elements.

In the submit handler I wrote some code to discover which button was clicked.

I made it work in the following case:

Tags:

Drupal 6 hardening guide

The goal of this page is to build a Drupal 6 hardening guide.

Tags:

Disable core pages in a Drupal site

How to disable standard path's and pages from core (or third party) modules.

Drupal

Anatomy of the SQL injection in Drupal’s database comment filtering system SA-CORE-2015-003

Tags:

Drupal: create a view block of all children of a book page

Tags:

Upgrade PHP on Debian 6 Squeeze to support Drupal 8

Tags:

Configure PHP APC to speed up Drupal

Tags:

Protecting your website from spam in comments

Tags:

Drupal 6: finding out which button is clicked when using a image_button element

Tags:

Drupal 6 hardening guide

Tags:

Disable core pages in a Drupal site

Tags:

You might also be interested in...

Tagcloud

Search form

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

You might also be interested in...

Tagcloud