Drupal
A couple of weeks ago I posted an article on creating a drag/drop portal interface with Drupal and Script.aculo.us. Many comments were interested in a jQuery port for Drupal 5.0, and Mark recommended building such a module on top of the brilliant Panels module. I finally had time to continue working on this, so I created an initial drag/drop module built on top of jQuery and Panels. It's far from complete (doesn't save user settings for example), but it's step in the right direction. I also posted an issue to Panels' tracker, pinging merlinofchaos (author of panels), so let's take the discussion there.
I really am looking forward to polishing this module, as I believe it'll be a timely addition to Drupal's arsenal of modules, now that jQuery is part of Core and Drupal 5.0 is around the corner.
You may download the module here. It's only meant to demonstrate functionality. It's for Drupal 4.7 (because Panels hasn't been ported to 5.0 yet), and requires Panels module. To use it, try to add a new panel and you will find a new type called "three column with drag-and-drop". I tested it with bluemarine; it may not work with other themes for reasons outlined in the issue I posted.
Submitted by Ayman on Mon, 2006/10/02 - 11:32pm.
Update: I posted some news on this here.
Ever wondered how to create an interface like Google Personalized Home? In the first section of this article I'll demonstrate how to create a drag/drop portal in a few lines of JavaScript code, using the excellent Prototype and Scriptaculous JavaScript libraries. In the second section, I'll explain how to integrate this code into Drupal as a server backend for storing user settings. You may check the frontend here (tested with Firefox 1.5, IE6, and Opera 8.5), and download a reusable JavaScript Portal class and Drupal module for the backend at the bottom of this post.
Read more
Submitted by Ayman on Mon, 2006/09/04 - 12:23am.
Here is a solution for a problem I read about many times in the Drupal forums, but couldn't find any definite answer to: When upgrading or moving a database dump from MySQL 4.0 to 4.1, Unicode data stored by Drupal becomes gibberish. The attached module iterates over all tables in Drupal's database, and converts text columns to UTF-8. The bulk of work is already in Drupal's code (_system_update_utf8), the module simply makes use of it.
To use the module, install and enable it, then navigate to update.php, and select update 1 for the module, then initiate the update process. You may disable the module when done.
Read more
Submitted by Ayman on Tue, 2006/08/29 - 5:51pm.
This isn't actually news, but I'm adding it for reference. In the last few months, and during my work on Drupal (as part of my job or contributions to Drupal), I discovered 2 security vulnerabilities in Drupal core: the first one is an SQL injection vulnerability that I spotted while reviewing access logs for a website I maintain. Some bot was trying to request malicious URLs and one of them triggered an error message in the logs. I investigated and turned out that it was possible to pass input into queries without sanitization in certain cases.
The other one is a cross-site scripting vulnerability. I was analyzing user.module to understand how certain parts worked when I noticed that a variable was printed to page output without passing through filters first.
Both where reported and discussed on the security mailing list, and new versions were released later.
while I am at it, here are a couple of tips:
- Monitor your website access and error logs regularly. This way, you are more likely to notice and stop malicious activities. Linux text processing commands can greatly help in analyzing large log files.
- Keep your web applications up to date, and subscribe to the application's security announcement list (if any). Here's Drupal's security announcements list.
Submitted by Ayman on Tue, 2006/08/15 - 12:11am.
I've just finished reading through "Essential PHP Security", a book that deals with security issues related to developing PHP applications, and I have to say, this book is a must for every PHP developer. It covers almost every aspect of web security from a PHP developer's point of view, including SQL injection, cross-site scripting, session/cookie/authentication management, file uploads, file inclusion, and many other topics. It includes a run down of possible vulnerabilities in a given topic, and how to deal with them in a secure fashion.
Even if you are an experienced PHP developer, this book has a lot to offer. While I don't claim to be one, the book served as a reminder of security pitfalls and techniques, and I managed to learn several new things from it.
Interestingly, many concepts introduced in the book are already implemented in Drupal, like the authentication and session systems and session fixation prevention techniques.
Bottom line, if you are remotely interested in PHP, this book is a must, period. Anyone who wants to touch PHP has to read this book first!
Submitted by Ayman on Thu, 2006/07/06 - 1:33pm.
Flatforum for Drupal 4.7 has been released, new features include:
- Improved CSS code for both structure and look, changes/improvements should be easier as well (using CSS code).
- Heavily tested with Drupal 4.7, Bluemarine, PushButton, box_grey, and FriendsElectric, under Firefox 1.x, IE 6, and Opera 8.x.
- .install file for Drupal 4.7.
- Forum nodes should appear like normal nodes everywhere outside forums.
- #new and #comment-* link issues should be resolved.
Flatforum is a template that changes the look of Drupal forum so it resembles phpBB/vBulletin style flat forums.
Enjoy the release!
Submitted by Ayman on Sat, 2006/05/13 - 2:14pm.
This site uses a modified version of the Blix theme. The most notable modification is the change from fixed width to a fluid layout. I often receive questions on how I did it. Here is a quick tutorial. As you will see, the process is quite easy.
Read more
Submitted by Ayman on Wed, 2006/05/03 - 12:15am.
