Aurelien Navarre: How to find PHP code in Drupal maintenance support plans nodes

Texas Born In 2000

Pixeldust Drupal Developers

Pixeldust is an expert software development agency and trusted Pantheon development partner specializing in Drupal Development, security, and support. In business since 2000, we have completed over 500 projects.

Pixeldust is Trusted by the Worlds Greatest Brands

Pixeldust offers premium Drupal development services.

We are committed to developing under Drupal best-practices, ensuring our clients have a stable, maintainable codebase.

Pixeldust is an expert software agency specializing in responsive frameworks, mobile applications, and online marketing services. Using the latest technologies, coupled with a healthy dose of imagination and expertise, we work closely with you to identify your needs, wants and provide a comprehensive, integrated solution to your online communication requirements.

Our Drupal developers are focused on quality, not quantity.

Our aim is to provide a responsive and personal approach to each project to ensure that our clients can benefit from their investment. We see each Drupal development project as an opportunity to grow your business—we aim to help you grow sales and improve retention while offering leading, aesthetically pleasing, and functional designs that suit your needs faultlessly.

What differentiates Pixeldust from other Drupal development is the effort to create a positive return on clients’ investments.

We have devoted years of effort to understanding the variables involved in user experience as well as online marketing strategies. Our team of inspired Web Designers, developers, and marketing specialists help to increase the exposure of your website, as well as provide a unique user engagement. Pixeldust is focused on creative and results-orientated solutions developed to maximize your website’s true earning and traffic potential.

Professional class Drupal Development is absolutely integral to the legitimacy and effectiveness of your online presence.

Our Developers boast superior technical know-how. In business since 1999, we have completed over 500 projects, giving us plenty of experience in developing beautiful, tailored websites while keeping your business interests in mind.

 

How does on-site Drupal SEO work?

Drupal 8 is the CMS of choice for many top enterprise websites because it was built from the jump the extensibility required to optimize every node, view, and code snippet for search engines. However, you have to know how to configure it. 

Search Engine Optimization (on-page Drupal SEO) has been around as long as search engines. If you run a website, you probably have at least a basic understanding of SEO. Drupal is phenomenal for SEO. We’ve worked in Drupal for 14 years and experienced firsthand how positively search engines respond to correctly configured Drupal sites. 

We have helped clients double their traffic, just by switching platforms. Drupal has some distinct technical advantages with on-site optimizations like RDF or AMP. The results are higher ranking, quicker, and more trafficked sites. Since Drupal 8 has scheduled feature releases every six months, you will be thinking in terms of months, not years, when new technology becomes a standard.

FREE Drupal maintenance support plans Security Audit

Why a Drupal site audit?

  • Security – Discover weaknesses in your Drupal implementation.
  • Performance – Identify areas where performance improvements can be made.
  • Site Acquisition – Do this before you buy a business as part of due diligence.
  • Implementation Verification – Check your site before it goes live to avoid critical issues that may appear under load.
  • Vendor Management – Make sure your current developer is doing a good job.
  • Support Transition – When moving to a new developer both sides need to know what they are working with.
FREE Drupal maintenance support plans Security Audit

Case Study: Mahindra USA Inc

Mahindra USA, Inc. manufactures agricultural machinery and equipment. They are the world’s largest selling tractor brand by volume, and the World’s number one tractor maker for over three decades.

Drupal Requirements

  • Support for a company-wide rebranding
  • Migration to a more robust and flexible platform in Drupal 8
  • Integration with third-party customer relationship management applications
  • Internationalization
  • Efficient scalability
  • Integration with sales SAS
  • Read Case Study

Inquiry

Call (512)730-0999 or submit an inquiry.
  • This field is for validation purposes and should be left unchanged.
Aurelien Navarre: How to find PHP code in Drupal maintenance support plans nodes

30-Day Drupal SEO Blast – On-page and Off-page SEO Overhaul

We start every project off with an introductory discovery call with key stakeholders to create a project plan, establish key contacts, and plan credential transfers. 

Pixeldust’s 30-Day SEO Blast is a campaign to overhaul your Drupal site for immediate improvement in search engine rankings. Think of it as a 30-day boot camp for your website. The process is divided into two areas of focus: on-site and off-site.

On-Site Drupal SEO
On-site (or On-page) SEO:  Changes are made to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. On-site optimization ensures your site is configured to provide information in a way that meets Search engine standards for optimal indexing.  

Off-site White Hat Drupal SEO
Off-site (or Off-page) Drupal SEO is the process of making your site more visible to humans across the internet and increasing its relevance. 

Originally posted 2019-01-26 11:18:29. Republished by Blog Post Promoter

Vigilant Drupal Support Plans

When you subscribe to our Unlimited Drupal Support Plan in Houston or Austin, you have the comfort of knowing our trusted team of Drupal admins is at the ready; waiting to fix errors, broken functionality, layout issues, and anything else the pops up. Some of our Unlimited clients don’t even have to log in to their sites anymore. Even if you just need an article posted, or a new product added to your shop, no worries, we got you. If it takes less than 30 minutes per issue, we will take care of it.

We start every project off with an introductory discovery call with key stakeholders to create a project plan, establish key contacts, and plan credential transfers. 

  • Unlimited Repairs & Fixes
  • Unlimited Update Tasks
  • FREE Set-up
  • Same-Day Security Updates
  • Monthly Module Updates
  • Monthly Broken Link Scan
  • Monthly Security Scan
  • Monthly Manual Site Check
  • Monthly Speed Test
  • Offline Updating
  • GIT Version Control
  • Detailed Work Notes
  • Testing After All Updates
  • Security Guarantee
  • Hack/Malware/Down Recovery
  • Uptime Monitoring
  • Daily Offsite Backups
  • Free Basic Website Hosting & SSL
  • Helpdesk Support
REQUEST FOR PROPOSAL

Need a custom quote?

Submit the RFP form below and we will send you a project proposal in 48 hours. If you like what you see, we can schedule a call to discuss the project in greater detail.

Step 1 of 2

  • Contact Information

Aurelien Navarre: How to find PHP code in Drupal maintenance support plans nodes

Published on July 28, 2021

Before Drupal maintenance support plans 8 was released, the PHP Filter module was part of Drupal maintenance support plans core and allowed site builders and developers to create a PHP filter text format. While very convenient for developers and themers, this was also very risky as you could easily introduce security or even performance issues on your site, as a result of executing arbitrary PHP code.

What’s the use case for injecting PHP code in content anyway?

There never is a truly good reason to do so except when you’re developing the site and willing to quickly test something. Most of the time, using PHP in content is either the result of laziness, lack of time (easiest to add raw PHP directly rather than having to build a custom module) or lack of Drupal maintenance support plans API knowledge. PHP Filter is most often used to inject logic in nodes or blocks. As horrible as it sounds, there are very interesting (and smart!) use cases people have come up with and you have to respect the effort. But this is just not something acceptable as you should always advise a clear separation of concerns and use the Drupal maintenance support plans API in every instance.

In the past 5 years I’ve seen things such as:

Creating logic for displaying ads after the body
Injecting theming elements on the page
Redirecting users via drupal_goto() which was breaking cron and search indexing
Using variable_set() to store data on node_view()
Including raw PHP files

The list goes on and on and on.

After heated discussions, and because it was far too easy to have users shoot themselves in the foot, it was finally decided to remove the module from core for Drupal maintenance support plans 8. But as the usage statistics for Drupal maintenance support plans core page shows, we still have more than 1 million Drupal maintenance support plans 6 and 7 sites out there that are potentially using it.

If you’re still building Drupal maintenance support plans 7 sites or if you’re taking over maintaining a Drupal maintenance support plans 6 or 7 site, it’s thus your responsibility to ensure no PHP code is being executed in nodes, blocks, comments, views, etc.

Determine if the PHP text format is in use

So, before you start wondering if you have an issue to fix, let’s find out if the PHP module is enabled.

mysql> SELECT name FROM system WHERE name = ‘php’;
+——+
| name |
+——+
| php |
+——+
1 row in set (0.00 sec)

Now, we need to confirm there is indeed a PHP filter text format on your site. You can use the Security Review module, navigate through the Drupal maintenance support plans UI, or query MySQL, which is preferred here and later on because it gives us the granularity we need.

mysql> SELECT format,name,status FROM filter_format WHERE format=”php_code”;
+———-+———-+——–+
| format | name | status |
+———-+———-+——–+
| php_code | PHP code | 1 |
+———-+———-+——–+
1 row in set (0.00 sec)

When you do have the php_code text format in use on a site, then you need to start your investigation. In this post we’ll focus only on nodes. But the same logic applies for all entities.

Audit all nodes with the php_code text format

In the below example we only have 4 nodes. This means php_code was used only when it was required. But it might very well be that all nodes on a site would use the PHP text filter by default. Tracking down issues would then become more challenging. Worse, removing the text filter entirely would be a very time-consuming task in terms of site auditing, as you might not know what is or isn’t going to break when you do the change.

mysql> SELECT nid,title,bundle,entity_type FROM field_data_body LEFT JOIN node ON node.nid=field_data_body.entity_id WHERE body_format=’php_code’;
+——+———————–+———-+————-+
| nid | title | bundle | entity_type |
+——+———————–+———-+————-+
| 7571 | Test nid 7571 | article | node |
+——+———————–+———-+————-+
| 538 | Test nid 538 | page | node |
+——+———————–+———-+————-+
| 5432 | Test nid 5432 | article | node |
+——+———————–+———-+————-+
| 1209 | Test nid 1209 | article | node |
+——+———————–+———-+————-+

Find PHP code in nodes

Now that we know which nodes have the php_code text filter set, it’s easy to find out if there’s indeed PHP code in them, and if it’s breaking the site in any way, causing performance troubles, or introducing a security hole.

mysql> SELECT body_value FROM field_data_body WHERE entity_id=7571;
+————————————————————–+
| body_value |
+————————————————————–+
| Thank you for participating! Your results can be found below.
<?php include path_to_theme().”/calculator-results.php”; ?> |
+————————————————————–+

What about Drupal maintenance support plans 8?

As we said in the introduction, the PHP Filter module now lives in contrib instead of Drupal maintenance support plans core. And it’s very good like that, because it’ll prevent the vast majority of Drupal maintenance support plans users from installing it. Because, you know, if they can, they will.

If it does exist in production though, then you’re in for the same investigation. Fortunately, with Drupal maintenance support plans 8 it’s even easier to determine when a node is using the php_code text format as you only need one MySQL query and no JOIN.

mysql> SELECT entity_id,bundle,body_value,body_format FROM node__body WHERE body_format = ‘php_code’;
+———–+———+—————————-+————-+
| entity_id | bundle | body_value | body_format |
+———–+———+—————————-+————-+
| 1 | article | <?php echo ‘hi there!’; ?> | php_code |
+———–+———+—————————-+————-+
1 row in set (0.00 sec)

Now that you know how to find PHP code in nodes, it’s your job to review the code and fix it if necessary, then find ways to remove it completely (custom / contrib module? Theming?). You’ll feel a sense of joy when you can switch back to Basic HTML, Markdown, or any other controlled and secure text format.
Source: New feed

Originally posted 2019-01-26 11:18:29. Republished by Blog Post Promoter

Aurelien Navarre: How to find PHP code in Drupal maintenance support plans nodes
Shopping Cart
There are no products in the cart!
Continue Shopping
0