Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user.
The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post.
1 Comment
filter_xss() will Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
Syntax:filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) This code does four things:
$allowed_tags: An array of allowed tags. Return value An XSS safe version of $string, or an empty string if $string is not valid UTF-8. Refer: http://api.drupal.org/api/drupal/modules!filter!filter.module/function/filter_xss/6 Make file is used for compiling no of files by using single command MAKE.
It will be very useful in big projects, if we changed one file the time sence will be different for that particular file for that we have to compile all the files, by using this we can able to compile all by using single command. The make utility: If we run make command. this program will look for a file named makefile in your directory, and then execute it. If you have several makefiles, then you can execute them with the command: make -f MyMakefile There are several other switches to the make utility. For more info, man make. Build Process
Syn: hook_preprocess(&$variables, $hook)
hook_preprocess used to Preprocess theme variables for template files. This hook allows modules to preprocess theme variables for theme templates. It is only called for theme hooks implemented as template files, but not for those implemented as theme functions. The purpose of this hook is to allow modules to add to or override variables for all template files. Parameters: $variables: The variables array (modify in place). $hook: The name of the theme hook.
Syn: custom_url_rewrite_outbound(&$path, &$options, $original_path)
This function should change the value of $path and $options by reference. Parameters: $path: The alias of the $original_path as defined in the database. If there is no match in the database it'll be the same as $original_path $options: An array of link attributes such as querystring and fragment. See url(). $original_path: The unaliased Drupal path that is being linked to. Syn: custom_url_rewrite_inbound(&$result, $path, $path_language)
This function should change the value of $result by reference. Parameters: $result: The Drupal path based on the database. If there is no match in the database it'll be the same as $path. $path: The path to be rewritten. $path_language: An optional language code to rewrite the path into. Hook Allow modules to interact with the Drupal core.
Drupal's module system is based on the concept of "hooks". A hook is a PHP function. Each hook has a defined set of parameters and a specified result type.
Using a hook_update_n() function we can able to add New Columns to the table.
Here, 'n' represents the number. Suppose if we want to add a new column called 'newcol' to mytable1. First, we have to update our schema structure in modulename_schema() so that newly created tables get the new column. Then, add an update function to modulename.install: <?php function modulename_update_1() { $ret = array(); db_add_field($ret, 'mytable1', 'newcol', array('type' => 'int')); return $ret; ?> |