!variable, which indicates that the text should be inserted as-is. This is useful for inserting variables into things like e-mail.
<?php
    $message = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => l(t('My account'), "user/$account->uid"))); 
?>

@variable, which indicates that the text should be run through check_plain, to escape HTML characters. Use this for any output that's displayed within a Drupal page.

<?php
    $title = t("@name's blog", array('@name' => $account->name));
?>

%variable, which indicates that the string should be HTML escaped and highlighted with theme_placeholder() which shows up by default as emphasized.

<?php
    $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name));
?>

Perform cleanup tasks.

This hook is run at the end of each page request. It is often used for page logging and printing out debugging information.

Only use this hook if your code must run even for cached page views. If you have code which must run once on all non cached pages, use hook_init instead. Thats the usual case. If you implement this hook and see an error like 'Call to undefined function', it is likely that you are depending on the presence of a module which has not been loaded yet. It is not loaded because Drupal is still in bootstrap mode.

Parameters $destination: If this hook is invoked as part of a drupal_goto() call, then this argument will be a fully-qualified URL that is the destination of the redirect. Modules may use this to react appropriately; for example, nothing should be output in this case, because PHP will then throw a "headers cannot be modified" error when attempting the redirection.

Return value None.

User-submitted data in Drupal can be divided into three categories:

1. Plain-text
2. Rich text
3. Admin-only HTML

No piece of user-submitted content should ever be placed as-is into HTML.

    * Use check_plain or theme('placeholder') for plain text.
    * Use check_markup or filter_xss for markup containing text.
    * Use the t() function with @ or % placeholders to construct safe, translatable strings.

Refer: http://drupal.org/node/28984

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user.

The data is usually gathered in the form of a hyperlink which contains malicious content within it.

The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message.

Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on.

After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website.

Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them.

If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post.

filter_xss() will Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.

Syntax:filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'))


This code does four things:

• Removes characters and constructs that can trick browsers.
• Makes sure all HTML entities are well-formed.
• Makes sure all HTML tags and attributes are well-formed.
• Makes sure no HTML tags contain URLs with a disallowed protocol (e.g. javascript:).

Parameters $string: The string with raw HTML in it. It will be stripped of everything that can cause an XSS attack.

$allowed_tags: An array of allowed tags.

Return value An XSS safe version of $string, or an empty string if $string is not valid UTF-8.


Refer: http://api.drupal.org/api/drupal/modules!filter!filter.module/function/filter_xss/6

Make file is used for compiling no of files by using single command MAKE.

It will be very useful in big projects, if we changed one file the time sence will be different for that particular file for that we have to compile all the files, by using this we can able to compile all by using single command.


The make utility:

If we run make command.

this program will look for a file named makefile in your directory, and then execute it.

If you have several makefiles, then you can execute them with the command:

make -f MyMakefile

There are several other switches to the make utility. For more info, man make. Build Process

1. Compiler takes the source files and outputs object files
2. Linker takes the object files and creates an executable