01.03.2010 14:06
Jakub Suchý
Top 22 resources and links about Drupal security for coders, admins and management.
Developers
Writing secure code - SQL security.
Why does Drupal filter on output?
User input - Cross Site Scripting - using check_plain/markup.
Handling user input again - using placeholders for t(), user input in...
09.02.2010 00:14
Jakub Suchý
How to create content types and or CCK fields in your module install/update code? I actually found this howto somewhere but I keep looking for it all the time. Here it is:
Step 1
Click the content type in UI and export it using Content Copy module into yourmodule.content.crud.inc file. Add <?php...
01.02.2010 19:54
Jakub Suchý
Unfortunately, there is no API way to programatically enable a theme in Drupal 6, therefore you have to use a direct query:
db_query("UPDATE {system} SET status = 1 WHERE type = 'theme' and name = '%s'", $theme);
29.01.2010 09:05
Jakub Suchý
I am quite surprised about it but not many people know Suhosin extension, particularly shared webhosts and even administrators of dedicated web servers. Suhosin is a well-known PHP extension made by Stefan Esser, PHP security researcher.
With any PHP software, you cannot protect yourself from...
16.11.2009 23:16
Jakub Suchý
There are three future Drupal events in London where you can meet me or Dynamite Heads:
Drupal Maintenance - speaking at!
Date: Thu, 26/11/2009 - 18:00 - 21:00
Many organisations put a lot of time and effort into the initial launch of a website, but give little thought to how it will be maintained...
05.11.2009 15:56
Jakub Suchý
I was just solving a problem for one of my friends, having a weird situation with Drupal statistics module:
His daily popular statistics block wasn't actually showing as "daily". Usually at 5pm, the statistics started to show zero values for top nodes today.
What I found out is that core (Drupal 6...
21.10.2009 20:48
Jakub Suchý
In past months, I have been working hard on Single Sign On module for Drupal. As a Drupal security team member, I have stumbled upon the module while searching for a SSO solution for Prima project.
The original Shared Sign-on module was considered critically insecure so Steven Wittens from Strutta...
17.10.2009 19:06
Jakub Suchý
I just gave a presentation about Drupal used at iPrima site at Webexpo.
Please find a copy of the slides below.
11.10.2009 12:12
Jakub Suchý
Drupal Quiz module allows administrators to create quizes for users. Quizes may include multiple questions with several types (selects, options, text fields, checkboxes). Every quiz is then rated based on score of every question.
We had a need to select random winners from quiz takers in order to...
