Drupal security reference

-
1. Always use check_plain(), check_markup(), filter_xss() while you process input data.
2. For Drupal set message use placeholders (or) sanitize using one of check_plain(), check_markup & filter_xss()
placeholder example:
$output = 'coming from somewhere';
drupal_set_message(t('this is @output', array('@output' => $output)));
sanitize example:
$output = 'coming from somewhere';
drupal_set_message(check_plain(t('this is '. $output));

Comments

Post a Comment

Popular posts from this blog

Programatically create layout builder section in Drupal

-
A sample script which can create a one column layout and store body field in it. namespace Drupal\custommodule\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\layout_builder\Section; use Drupal\layout_builder\SectionComponent; use Drupal\node\Entity\Node; use Drupal\block\Entity\Block; use Drupal\block_content\Entity\BlockContent; use Drupal\layout_builder\Entity; $entity = Node::load(10);     $section = new Section('layout_onecol');     $uuid = $entity->uuid();     $region = 'content';     $pluginConfiguration = [         'id' => 'field_block:node:article:body',         'provider' => 'layout_builder',         'label_display' => FALSE,         'view_mode' => 'default',         'entity' => $entity->id(),         'context_mapping' => [         ...
Read more

Code quality analysis of Drupal. Can I use Sonar?

-
For better understanding: https://docs.acquia.com/article/tools-analyzing-your-drupal-codebase Following artcle my experience with Sonar and  Drupal. https://docs.sonarqube.org/display/PLUG/SonarPHP has following number of rules. Sonarway (for PHP) has following number of rules 1. Bug:15 2. Vulnerability:3 3. Code smell:45 Drupal has following number of rules 1. Bug: 3 2. Vulnerability: 0 3. Code smell: 10 Its possible that you can define following inheritance in Quality profile. For example: Sonarway=>Drupal Drupal uses PHPCodeSniffer (Drupal standards) or Coder to verify its coding standards. Both of them dont have integration with Sonar. 3. Sonar comes up with some Drupal Coding Standards. But is is not same as what we do in PHPCodeSniffer and Coder. 4. It's still better to fix critical / blocker issues from Sonar Way and Drupal Quality profiles. Its best to use PHPCodeSniffer with Drupal standards and  some repor...
Read more

Set up Drupal7 to Drupal8 migration in simple steps (using Drush)

-
Step1: Download Drupal8 and its dependencies using composer Note: Drush8 is needed for migrate_upgrade module to execute. migrate_upgrade is not working with Drush9. >sudo composer create-project drupal-composer/drupal-project:~8.4 migrate843 --stability dev --no-interaction This will install drush and drupal-console Reference: https://www.drupal.org/docs/develop/using-composer/using-composer-to-manage-drupal-site-dependencies Step2: Install Drupal using Drush > sudo ../vendor/bin/drush site-install --db-url=mysql://username:password@host/dbname Step3: Enable migration related modules drush en migrate drush en migrate_drupal drush en migrate_tools drush en migrate_plus drush en migrate_upgrade Step4: Now run the migration. -- configure - only  option, which instead of running the migration will generate migration configuration entities, which may then be edited to customize the migration path and run using the  migrate_tools module ...
Read more