Gopisathya

When you want to access resource from another domain via ajax call then that domain has to allow it by setting "Access-Control-Allow-Origin" in the response header. 1. If "Access-Control-Allow-Origin" is * then all the domains can access the resource 2. It is also possible t whitelist the domain names example: Access-Control-Allow-Origin: http://foo.example 3. Multiple domain names in the Access-Control-Allow-Origin is not allowed. Rather the server side script should read the "Origin" in the request header and match with whitelisted domain names and set that domain name in the  Access-Control-Allow-Origin response header. 4. In XHR request "Origin" header is automatically set.

Sl. NO Drupl7 Drupal8 1 drush vset  drush config-set TODO...

Upgrade Drush from 7.x to 8.x in MAC (which was installed via composor) > composer global update > composer global require drush/drush:8.* > which drush > drush --debug ( to debug drupal installation and others)

CSRF: A program/blog/email performs an unwanted action on a site where the current user is authenticated. Objectives of CSRF: Transfer money from one bank account to another. Use a content management system to add/delete content from a website. Change a user’s password. Add items to a user’s shopping basket. Change the delivery address of an order. Solution: Include a CSRF token in every form submission Example: A user has logged into his bank site. He didnt log out and he clicked some link from another hack site. Because his session is still valid with bank site. the link he clicked in the hack site which mitigated a bank form did a HTTP post to bank site. The fund was transfered. http://haacked.com/archive/2009/04/02/anatomy-of-csrf-attack.aspx/ Example for creating your own CSRF token and validating it in Drupal. In the <form> create a hidden token 'token' whose value is $formtoken = md5(drupal_get_hash_salt().$nid.$origin.$build_id.$form_nam...

Add your query probably in your custom hook_init() function mymodule_hook_init() { $query = new EntityFieldQuery();   $result = $query->entityCondition('entity_type', 'node')       ->entityCondition('bundle', 'mybundle')       ->propertyCondition('status', 1)       ->propertyOrderBy('created', 'DESC')       ->fieldCondition('field_news_type', 'tid', '282', '=')       ->addTag('efq_debug')       ->range(0, 10)       ->execute(); } In the custom module add this function mymodule_query_alter($query) {   if ($query->hasTag('efq_debug')) {     $sql = (string) $query;     $connection = Database::getConnection();     foreach ((array) $query->arguments() as $key => $val) {       $quoted[$key] = $connection->quote($val);     }     $sql = strtr($sql, $quoted)...

Call a drupal service (service module) using curl example: curl -i http://localhost/voc/taxonomy_vocabulary/getTree --header 'Content-Type: application/json' --header 'Accept: application/json' --data '{"vid":"yourvid"}' You should be using 'operations' in services module for the post. Post examples; curl -H 'Content-type: application/json' -X POST -d '"param1":"value1","param2": [{"value":"test"}]' [{"value":"test"}] is a array GET examples; http://localhost/gopi/taxonomy_term?page=0&fields=name,weight&options[orderby][name]=desc q = endpoint / taxonomy_term . json & fields = tid , name & parameters [ name ] = % foo % & options [ parameters_op ] [ name ] = like & options [ orderby ] [ name ] = asc

ps aux | egrep '(apache|httpd)' If you can't find which user or group Apache is running as, perhaps try opening the httpd.conf file. There should be an entry there for "User" and "Group". Not only can you see which user Apache is supposed to be running as, but you can change it if you feel the need to do so.

Bitbucket Installation: 1. bitbucket-installation-directory> ./bin/start-bitbucket.sh 2. Go to http://localhost:7990/ 3. Create a project and repository 4. The respository name is "sites". (sites normally points to sites folder in Drupal) Git clone the respository to your local: 1. Go to your Drupal installation directory. in my case /Applications/MAMP/htdocs/drupal 2. > git clone http://gopisathya@localhost:7990/scm/drup/sites.git 3. > cd sites 4. > git add . 5. > git commit -m "initial commit" 6. > git push origin master You can see the commits in the commits section of bitbucket. Bamboo: Create a new plan in the Bamboo While creating the plan you can choose the existing bitbucket repository from 'Link new repository' The linked repositories can be managed in Bamboo Every plans linked repository can be seen at Repository tab For now our Plan has one default stage and one default Job (source code ...

The BA mechanism provides no  confidentiality  protection for the transmitted credentials. They are merely encoded with  Base64  in transit, but not  encrypted  or  hashed  in any way.  HTTPS  is, therefore, typically preferred used in conjunction with Basic Authentication.

* Generates and validates CSRF tokens. The generated token is based on the session ID of the current user. Normally, anonymous users do not have a session, so the generated token will be different on every page request. To generate a token for users without a session, manually start a session // You can validate POST by testing token. $token = drupal_get_hash_salt(); if($form_state['values']['token'] != md5($token)) { drupal_access_denied(); } We can check the HTTP origin header to validate the origin. The idea is to get the $_SERVER['HTTP_ORIGIN'] header in the request and after validation send the Access-Control-Allow-Origin in the response. Example code taken from https://github.com/systemseed/services_accept_origin/blob/7.x-1.x/services_accept_origin.inc $whitelist = explode ( " \n " , $settings [ ' whitelist ' ]); $origin = ! empty ( $_SERVER [ ' HTTP_ORIGIN ' ]) ? $_SERVER [ ' HTTP_ORIGIN ...

Make use of view modes if you want to display different HTML of a content type or entity based on certain conditions.

Sometimes we want to change the style of a field whose style is generated from display suite field template. In template.php place the following code. function mytheme_field__expert__title(&$variables) { // Inspect the contents of $variables.   krumo($variables);   if ($variables['element']['#bundle'] == 'flexible_campaign_page') {     $variables['items'][0]['#markup'] = '<h1 class="gopi">' . $variables['element']['#object']->title . '</h1>';   } // Pass back to the display suite theme function for final theming.   return theme_ds_field_expert($variables); }

Adding .js in info files adds that js file to every page of the website. Scripts added in a theme's .info file are added at the theme level of ordering and will come after core/library JavaScript and module JavaScript. Ordring: core modules => contributed modules => theme  Altering the scope of the JS file function YOURTHEME_js_alter(&$javascript) { $header_scripts = array( 'sites/all/libraries/modernizr/modernizr.min.js', 'misc/drupal.js', 'sites/all/modules/jquery_update/replace/jquery/1.5/jquery.min.js', ); foreach ($javascript as $key => &$script) { if ($script['scope'] == 'header' && !in_array($script['data'], $header_scripts)) { $script['scope'] = 'footer'; } } }

php scripts/run-tests.sh --php /Applications/MAMP/bin/php/php5.6.10/bin/php --list => lists all test cases php ./scripts/run-tests.sh --php /Applications/MAMP/bin/php/php5.3.29/bin/php --all => runs all test cases php ./scripts/run-tests.sh --php /Applications/MAMP/bin/php/php5.3.29/bin/php Webform => it runs all the test cases in webform module

http://www.drupaldeconstructed.com/content/01-request.html , https://www.gitbook.com/book/mcrittenden/drupal-7-deconstructed/details is a very nice book written to understand Drupal7 and Drupal8 core.