Quick diff command to see if core files have been changed

Make sure your core files aren't hacked or modified!

Check your framework of choice to see if the core files have been changed!

$ diff -rbB clean_source_code suspect_code_folder

the -rbB means "recursive and ignore whitespace differences" more-or-less.

This information was lifted from a very helpful Magento post at Inchoo, see the original at http://inchoo.net/magento/quickly-check-if-magento-core-files-are-modified/


HTTP Trusted Hosts for Drupal 7

Make sure your Drupal 7 site doesn't have an identity crisis!

Drupal 8 introduced a "Trusted Hosts" configuration value which makes sure your site is responding only when it should. Essentially, it stops people from registering their own domain names and pointing them at your site, whereupon Drupal "detects" that bad domain name as the site's default URL and serves stuff anyway. Various versions of this exploit can lead to problems ranging from people duplicating your site to steal your SEO, all the way up to on-site security vulnerabilities allowing people to gain access to your site. For Drupal 7 users, this feature is not in core but there are a variety of ways to handle the problem, depending on what type of behavior you are trying to limit.

There is a great writeup on Drupal.org that clearly outlines the issue and give you some very basic pointers on how to clean-up your situation - check it out at https://www.drupal.org/node/1992030


How to stop PHP code output from caching in Drupal 8

But what if we want Drupal 8 caching to be LESS awesome?

Drupal 8 caching is awesome. I get it, and thank you to the community for that awesomeness.

For those of you wondering why your PHP code (probably entered into a block or a node using the PHP Input Filter) will not execute without clearing the cache in-between runs, this information is for you.

Early in Drupal 8 beta we were able to do things like set a block as non-cacheable. But as D8 development progressed that notion went away. Now you can make modules with awesome cache tagging and invalidation. But what you can't do is include PHP code in content using the infamous PHP filter and then have it execute on every page load. Caching won't run the code a second time the user loads your page.


How to programmatically create a user in Drupal 8

Make user account programmatically with PHP in Drupal 8

No more user_save() and such. What is a nerd to do?

Try the following code, and for those of you programmatically migrating users across from an old site, note that you can set the new user's ID to whatever you want! You don't have to let the system auto-assign the next-available number according to the database. And when you go back to creating users "the normal way" it will resume with the next number after the highest you've assigned. Pretty cool!


Goodbye, Drupal_Goto Command... So How do I Redirect Users?

Drupal_Goto() is dead, long live Drupal_Goto()! Trying to forward your user to a new page with PHP from within Drupal?

There's a years-long discussion on Drupal.org about this, and why we couldn't have our wonderful, precious, easy-like-BASIC-to-remember command to send users on their way, which culminated in statements like this one from "SiliconMind"
To quote "Silicon Mind" from Drupal.org:

This is great yet sad example of why Perfect is the enemy of good. In D7 the only thing that was needed in order to alter a redirection, was to implement a hook. A three liner solution. In D8 two files are needed and a bunch of "use" calls that take more lines than the actual implementation itself :( Who the hell will memorize this?


Getting Drupal8 Config and Variable Info with Twig and/or PHP

Drupal8, Symphony2, Twig and PHP - so happy together?

OK, so here we are. Drupal 8 and Twig. No longer can you do things like drupal_get_title() and instead you have to pull variables through a more stringent Model-View-Controller arrangement, specifically Drupal8/Symfony2 and the Twig templating engine. And many Drupal7 commands are gone, so you have to use the object-oriented approach to get information directly in PHP. So here is a progressively-building cheat-sheet of how to pull certain configs and variables using PHP and/or Twig variables specific to Drupal 8:

Get the Drupal8 Site Name and Slogan in PHP


Ways to recover a hacked Drupal system with 'PCT4BA6ODSE' in its PHP files

How to un-fudge a system after you've patched it for so-called "Drupageddon"

For those seeing 'PCT4BA6ODSE' in their PHP files - I have some easy commands to run for scrubbing your site out completely of these hacks (in case you do not have backups). This will not fix the underlying issue, but if you find that your PHP files have been devoured by the hackers this will at least clean up the files without damaging them.

This attack does two things: firstly, in creates NEW php files scattered throughout your directory structure. The files are all 494 bytes long, and end in "php" so they are easy to find. Run the following command to see if you have any:

find . -size 494c -name "*.php"

...and then run this command to delete them:


Quicktabs not able to pass arguments when using AJAX

QuickTabs AJAX Errors when passing Arguments

I have three tabs in a QuickTabs block on a Panels Page. Each is set to a callback function like so:

Tab 1 Callback: list/autos/%1/ford
Tab 2 Callback: list/autos/%1/chevy
Tab 3 Callback: list/autos/%1/honda

If I set the tabs to load with AJAX, all arguments come through to the callback function as expected - arg(0) is list, arg(1) is autos, arg(2) is the 1st arg from the URL, and arg(3) is the manufacturer. EXCEPT the default tab, which gets only the original URL args, not those specified in the callback string.

If I set the tabs to NOT load via AJAX, they ALL fail, getting only the original URL args. It's as if the callback args are not yet available while the panel is still loading/rendering.



Subscribe to RSS - Drupal