Build, Grow🌱, Repeat.

CSRF: Avoid security holes in your Drupal forms.

While everyone is now aware of SQL injections and 99% of Drupal developers now use placeholders in their db queries, some of other important security aspects are often forgotten. Today I've encountered another example of CSRF (Cross-site request forgery in Wikipedia) in Drupal contributed module. It's so easy to create a CSRF security hole while creating a module. Here is the short description of the issue. Some module manipulates the list of custom items, say, user can create lots of 'fruit'

New UI in Views

It's so exciting to see how such huge improvements happen. I've just updated one of my 7.x websites to latest dev of views and ctools, and noticed that Views UI got major overhaul: 1. New Views wizard Related thread on d.org 1. Overall interface changes: 1. All secondary forms are now rendered in overlay: 1. As you may have noticed on previous screenshot, there is a quick search for fields in add-fields-to-view dialog! That's a huge time saver, even alone. 2. No arguments anymore. Meet

New website we developed - Apcards.ru

Be careful with Views Custom Field

I was tearing my hair out over mysterious bugs in my recent Drupal project. Our complex views pages, which used Views custom field extensively, were constantly breaking. The php field output could break when new CCK field was added to some node type, or some value was selected in views exposed filters. The code of my phpfields was very simple, something like this: field_node_status_value > 2) {     echo l("Some action", 'test/url'); } ?> I've spent several hours debugging the problem. When exa

EMS shipping module for Ubercart

I've just created EMS Russian Post shipping module. It will be useful for store owners in Russia. http://drupal.org/project/uc_ems The module supports delivery price calculation outside Russia (and in Russia, obviously). Caching was implemented to minimize requests to EMS Russian Post website. "No connection to EMS website" use case demonstration: There are some advanced settings, like extra charge amount (calculated against total delivery price) and fallback-price (used when EMS website is d

It's time for updates

There were no updates to our themes section for a while. We were busy building big customer projects, but at last, we managed to take a break to bring our own products to new level of maturity. The main news are: 1. Our premium themes now use Pixeljets Core theme (which is free), so every subtheme inherits its styles, theme settings, and all the other stuff under the hood. I'm excited with all these new cool admin section styles and iPhone sliders in theme settings, that is what I call premiu