Drupal Sites Hacked Worldwide in October 2014

Security Exploit revealed in October allows total control of YOUR Drupal site

In mid-October Drupal announced a serious defect in the Database Abstraction Layer allowing guest users to gain full access to a site and server. The security noticed can be found at the FAQ on SA-CORE-2014-005 on the Drupal website.

This exploit creates the ability for attackers to place their own PHP files on your server for remote execution, or to inject their own code into pre-existing files.

Ways to detect a breached system - and steps to remediate:

Look for files with a datestamp in October 2014

If you didn't upload any new versions or modules in October 2014, there should be no php or include files with these datestamps. Use the Linux FIND command to find files last edited on or after October 1st, 2014 and then check those files.

Locate files with PCT4BA6ODSE_ in them


Drupal Views Contextual Filters OR Logic

Drupal's eyes bug out when you try either/or logic with Views Contextual Filters.

Drupal Views (standard) filters allow for AND/OR logic and groupings. However, when one wants to specify multiple CONTEXTUAL filters (previously referred to as arguments) you do NOT have contextual filters available. There is a "master thread" running on this issue located at https://drupal.org/node/1451218 for you to track news & progress on the issue.

In the meantime, I am having a bit of luck on most use cases by using a "Global PHP" filter in the regular filters section.

In this example, I wish to show a record if EITHER THE AUTHOR OR THE RECIPIENT FIELD equal the currently-logged-in user. My code in the "Filter code" area of the filter dialogue looks like this:


SERVER-SIDE version of "remembering" user's last Drupal quicktab

Have Drupal remember a user's last QuickTab - on the SERVER side!

In this blog post I gave an example of client-side script to remember the last Drupal QuickTab a user loaded so that when he came back to that page it was already selected again, instead of the default tab. It's a fine solution, but in some cases it's a drag to have that first tab grind the server when you are immediately going to flick over to a different tab anyway.

So here's a server-side version that stores the last tab in the $_SESSION variable - it will recall the last tab that *executed* (which is not necessarily the last on the user viewed) but in most cases that's perfectly acceptable. Put this in your Global PHP header in the view:


How to stop Node Comments Spam in Drupal 7

Getting buried in Spam?

Spammers generally use comment feature to post spam links on your Drupal powered websites. Here is how you can control spam comments to large extent.

Use Mollom Module
Mollom is a great Drupal module to control spams. Mollom handles incoming posts intelligently, in much the same way a human moderator decides what posts are acceptable.

Use CAPTCHA Module
A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human.

Make Preview comment necessary
Enable Preview comment necessary from Administrator >> Content types >> page / story >> Edit >> Comments settings.

You can further control spam, by allowing only registered users to post comment.


How to Make Drupal Quicktabs "Remember" the Last Tab on Page Refresh

With a little JavaScript you can make your QuickTabs Fergalicious!

It's annoying to have Drupal QuickTabs revert to the default tab on every page load. There are a number of hacks out there that require changes to default ("core") files to make the last tab get re-selected on page refresh. However, the following fix will make the last tab re-select on page load. In my particular case I had 26 tabs, labelled A through Z, which each contained the same view, but with different parameters.

At the top of the view I included a Global PHP header with the following code:

jQuery(document).ready(function() {
thing = jQuery('#quicktabs-techspec').find('.active').find('.active').attr('id');
jQuery.cookie("techspec-tab", thing);

..which records the active tab (from my QuickTabs named "techspec") in a cookie. Then in the Panels page, where the QuickTabs were located, I included a panel with the following code:


How to add a product search to Drupal Commerce using Views and the Search API

Bill's Hog Reserved Parking in the Men's Shitter

Having problems finding support with adding a product search in Drupal Commerce? Assuming you've gotten as far as installing the Search API, Views Search integration and set up your service/server/index, you're now wrestling with why the name of your index is not showing up in the drop-down for "Show: in Views add. Note: If you haven't gotten that far, go back to Google (GBTG?) cuz help is available. If you have, read on.


Drupal versus Joomla versus Wordpress - the Site-Building Shootout!

War Among Developers, Designers and Project Managers

From http://www.computerworld.com/s/article/9219685/Site_builder_shootout_Dru... where ComputerWorld pits the php open source site-building frameworks against each other for fun and profit!!!

Site builder shootout: Drupal vs. Joomla vs. WordPress
Need to build a high-end website? We test three of the top free site-building applications.

By Brian Proffitt
September 14, 2011 06:00 AM ET

Building a website has never been easier. Gone -- mostly -- are the days of having to hand-code HTML and PHP scripts in order to get a slick, fully functional website, thanks to the capabilities of content management systems that do most or all of the heavy lifting for site creators.


Drupal Logon Access Denied in Internet Explorer but not Chrome or Firefox

When logging in to a Drupal site via IE9 I get an 'Access Denied' error. It works fine on Chrome and Firefox. What gives?!?

Do you have this problem? I know of two possible solutions. One is that you could have a very, very short domain name (like two letters and a two-letter TLD, like az.de or something?) Sometimes the rewrite rules don't work with a domain name that is so short.

Another possibility is that you are redirecting from one domain name to another, and the cookie handling is different across the browsers. It could have to do with whether you are using a frame-redirect or an HTTP/301 redirect.

Either way, check this helpful article for next steps: http://drupal.org/node/884458#comment-3429824

Good luck.


Applying One Exposed Filter Against Multiple Fields in Drupal Views

You are trying to have a single, exposed filter in Drupal Views which allows you to apply the value against more than one field to filter results.

You've tried Views PHP, CustomField and similar tactics. You've considered using some sort of jQuery function but know it's relatively hacky and possibly unreliable. You're about to give the whole idea the boot.

You've looked everywhere but cannot find a solution.

Now you have.


(Yeay - that really works! Yeay...)



Subscribe to RSS - Drupal