Drupal for Evil

Gregg James "greggles" Knaddison has released a book about Drupal security entitled Cracking Drupal. Has anyone here been able to pick up a copy yet?

Barring disastrously negative reviews, I'll probably pick it up. Even if I learn nothing new, there's some value in remembering and reinforcing the basics.

This module is really something for this group:

http://drupal.org/project/misery

Mu ha ha haa!!!

Theme is a loaded word.

Drupal's theme system is a template system.

It even uses .tpl files.

It doesn't theme anything.

That is all.

I'm incorporating a database hack into a module I'm writing (an optional thing) that merges the book and menu outlines. What exactly does this mean? Well, as many of you know in Drupal 6 books work off of the menu architecture (stored in the same table actually). This is why book generated content can be modified by projects like DHTML menus. The issue I have is that I can't structure content in a book and then get a block specific to that book (the way menus does). Also, I can't use book "menus" in projects like Nice-menus and Menu Slice.

Here's the hack.
Create a book

Fellow Drupal evil doers, what do you think of this as a new icon for Drupal For Evil?

Is it evil enough?

http://www.drupal.org.uk/elder-ones-recommend-drupal

Quicksketch and I have an arrangement, whereby we make insane things late at night. Last night he mentioned that a client of ours still had an imagemap buried deep in their site, and I started thinking -- why can't Drupal output imagemaps?

Well.

Now it can.

Forwarding this really cool opportunity to join the Democracy Now! team in New York. If you're a Linux Systems Admin with Drupal experience, this sounds like a fantastic opportunity to join a driven team of smart, passionate people working for justice. One of the responsibilities would be to develop new internal and public websites for them: sounds like Drupal would be a great fit!

Here's the info. It was taken from http://www.democracynow.org/about/jobs#sysadmin

============================================================

Immediate opening for full-time Systems Administrator

On a theme registry rebuild, this evil version of the theme registration function peeks in the theme path for a template file with the same name as the theme function (i.e. if somethemefunction is called, it looks for somethemefunction.tpl.php), and forces the template found to register for that theme call, no matter how it was supposed to work originally.

This will provide all the variables that would have been passed to the preprocessor or the theme function directly to the template. This is quite evil, dangerous, and powerful.

This may not be news to some of you, but if you Google "Welcome to the administration section. Here you may control how your site functions.", you can find various Drupal installations with administration sections you can anonymously go crazy on if you have the inclination.

Made some progress last night with the Drupal Media Player that I blogged about recently. Dynamic logos!

You have to go to my blog to see the action.

This was created with an hour of tweaking the OpenLaszlo XML, and then pasting the following into this node: print theme('media_player_player', 'http://spindowners.com/files.dm/videos/20051210-w50s.flv', array('logo' => '/sites/aaronwinborn.com/files/my-logo.png');

Couldn't be simpler! I see a dev release as soon as we have an icon for the play button!

Of course, playlists and the like will take more. We've talked about including several players, including a light-weight and one with all the bells & whistles, and have the module call the proper one according to passed parameters.

...for Drupal 7 has 666 patches in it.

That is all.

...for Drupal 7 has 666 patches in it.

That is all.

I did a little experiment recently to see how we could get e-Commerce Transactions into views in D5. The reason I did this was because I'd like to de-couple store crud routines from store admin ui code so that someone could write an alternative admin interface for ecommerce. The current admin interface is clumsy and always begging to be hacked.

For those not familiar with ecommerce, transactions are represented by a few tables, I was just interested in the main one ec_transaction for this experiment.

(Note: yes, usernode does something like this for users.)

I did a little experiment recently to see how we could get e-Commerce Transactions into views in D5. The reason I did this was because I'd like to de-couple store crud routines from store admin ui code so that someone could write an alternative admin interface for ecommerce. The current admin interface is clumsy and always begging to be hacked.

For those not familiar with ecommerce, transactions are represented by a few tables, I was just interested in the main one ec_transaction for this experiment.

(Note: yes, usernode does something like this for users.)

I found this coming in from Drupal planet http://www.tech-wanderings.com/drupal-nofollowed-too-pervasive.

Greg Holsclaw talks about how nofollow attributes could be hurting Drupal (rel=nofollow being a well intentioned way of deterring spam. Something that has managed to keep the ratio of spam to real content on the web down to a respectable 10:1 :P) Basically, he points out that most internal links on drupal.org get the nofollow attribute attached to them.

Greg makes a number of good points, but I think the two most important are:

I found this coming in from Drupal planet http://www.tech-wanderings.com/drupal-nofollowed-too-pervasive.

Greg Holsclaw talks about how nofollow attributes could be hurting Drupal (rel=nofollow being a well intentioned way of deterring spam. Something that has managed to keep the ratio of spam to real content on the web down to a respectable 10:1 :P) Basically, he points out that most internal links on drupal.org get the nofollow attribute attached to them.

Greg makes a number of good points, but I think the two most important are:

Yesterday I downloaded and played with the Drigg module. Among its features is an option to let a privileged role submit content as a different user. The list of spoof users is also an administration option. The motivation for this is clear... it lets a handful of people easily make a site look like a bustling community. This is great for jumpstarting your Drigg site (which is designed to be a Digg clone), but how ethical is it?

Yesterday I downloaded and played with the Drigg module. Among its features is an option to let a privileged role submit content as a different user. The list of spoof users is also an administration option. The motivation for this is clear... it lets a handful of people easily make a site look like a bustling community. This is great for jumpstarting your Drigg site (which is designed to be a Digg clone), but how ethical is it?

Disclamer: this only contains usernames with certain words in their nicks. If you want to block them, please check if they are legit

<

ul>

Disclamer: this only contains usernames with certain words in their nicks. If you want to block them, please check if they are legit

<

ul>

A small follow-on to brilliant past posts by Moshe and Angie:
How to dizzy the next guy
#DANGEROUS_SKIP_CHECK: the most evil of the Form API properties

Since core is mostly frozen, I'm thinking of evil ways to use new features in the Forms API for 6.x.

A small follow-on to brilliant past posts by Moshe and Angie:
How to dizzy the next guy
#DANGEROUS_SKIP_CHECK: the most evil of the Form API properties

Since core is mostly frozen, I'm thinking of evil ways to use new features in the Forms API for 6.x.

Hello,

I wanted to announce a new module, just released today: Node Cloud. If you're familiar with tag clouds this module should look pretty familiar: it themes the output of a view like a tag cloud.

The primary ordering of the view is from the first sort. The sizing of each item is based on the second sort order. This makes the plugin very versatile for making clouds of popular content, highly rated content (say with the voting api), highly commented content, etc.

Hello,

I wanted to announce a new module, just released today: Node Cloud. If you're familiar with tag clouds this module should look pretty familiar: it themes the output of a view like a tag cloud.

The primary ordering of the view is from the first sort. The sizing of each item is based on the second sort order. This makes the plugin very versatile for making clouds of popular content, highly rated content (say with the voting api), highly commented content, etc.

To make our evil plan to genocide "patch (code needs review)" issues today (under the guise of "patch review day") go off without a hitch, we will need dww to do our bidding as follows:

1. Find the list of issues that are in a patch* state but have no attachments, and leave the list under the bridge in a paper sack.

To make our evil plan to genocide "patch (code needs review)" issues today (under the guise of "patch review day") go off without a hitch, we will need dww to do our bidding as follows:

1. Find the list of issues that are in a patch* state but have no attachments, and leave the list under the bridge in a paper sack.

Deletion API documentation here: http://drupal.org/node/153904

Before doing anything else, we should fix http://drupal.org/node/154046

Additional links to issues:

Deletion API documentation here: http://drupal.org/node/153904

Before doing anything else, we should fix http://drupal.org/node/154046

Additional links to issues:

The über-evil Steven Wittens wrote this great piece of information/inspiration.

The über-evil Steven Wittens wrote this great piece of information/inspiration.

We still have space for several more lightening talks at the OSCMS/DrupalCon. I'd like to have around 10 or so, if possible, so please step up. You can sign up for a lightening talk by leaving a comment on the LT page. This would be an excellent opportunity to show off something evil. I'll be talking about viewfield, first announced here in D4E.

We still have space for several more lightening talks at the OSCMS/DrupalCon. I'd like to have around 10 or so, if possible, so please step up. You can sign up for a lightening talk by leaving a comment on the LT page. This would be an excellent opportunity to show off something evil. I'll be talking about viewfield, first announced here in D4E.

Us: A decent sized Drupal development firm, working with some of the biggest sites in the Drupal Community

You: A talented individual with php skills, MySQL skills, CSS skills, Drupal skills, sword fighting skills, etc, etc.

The offer: A short term 1 month contract working on a client site, leading to full time employment in March if you know your stuff.

If you like us and we like you, the possibility to join the company on a long term basis, or if you don't want that, a sweet 1 month gig.

Us: A decent sized Drupal development firm, working with some of the biggest sites in the Drupal Community

You: A talented individual with php skills, MySQL skills, CSS skills, Drupal skills, sword fighting skills, etc, etc.

The offer: A short term 1 month contract working on a client site, leading to full time employment in March if you know your stuff.

If you like us and we like you, the possibility to join the company on a long term basis, or if you don't want that, a sweet 1 month gig.

Hey Evil Drupalers,

I wanted to point you to the Drupal Lightning Talks at DrupalCon. They're a great opportunity to showcase something truly evil about Drupal.

Now back to your regularly scheduled evilness.

Hey Evil Drupalers,

I wanted to point you to the Drupal Lightning Talks at DrupalCon. They're a great opportunity to showcase something truly evil about Drupal.

Now back to your regularly scheduled evilness.

To my dear New York City, Drupalistas and soon to be Druaplistas,

We are two weeks away from DrupalCamp NYC 2, 20 & 21 Jan. A few of us have been thinking what if we concentrated our efforts on a single project instead of working solely on individual projects? I'm not talking about a classroom setting, but a project (ie install profile, module stuff and theme) to educate each other?

Well here is your opportunity to change the future of one lucky group. Big or small, non-profit or community organization... If you know of a project that can use the assistance of a Drupal site, we need you to nominate them. The lucky organization will also get one year of CivicSpace on Demand (hosted and managed install of Drupal 4.7 and CiviCRM + EMAIL)!

To my dear New York City, Drupalistas and soon to be Druaplistas,

We are two weeks away from DrupalCamp NYC 2, 20 & 21 Jan. A few of us have been thinking what if we concentrated our efforts on a single project instead of working solely on individual projects? I'm not talking about a classroom setting, but a project (ie install profile, module stuff and theme) to educate each other?

Well here is your opportunity to change the future of one lucky group. Big or small, non-profit or community organization... If you know of a project that can use the assistance of a Drupal site, we need you to nominate them. The lucky organization will also get one year of CivicSpace on Demand (hosted and managed install of Drupal 4.7 and CiviCRM + EMAIL)!

Every day I get two or three spam mails through the contact form on one of my homepages.
This is why I think, that the contact.module and Drupal is evil ;)

Do you have the same problems?
What are your solutions against this?

Regards Tobi

Every day I get two or three spam mails through the contact form on one of my homepages.
This is why I think, that the contact.module and Drupal is evil ;)

Do you have the same problems?
What are your solutions against this?

Regards Tobi

Hello views aficionados. If anyone has the time, could you review the module posted in

http://drupal.org/node/103171

It's a module (that I will recode as a patch to views itself, eventually) that provides views within forms. These views can be used to select nodes. It includes exposed filters and a pager, and it generally behaves exactly the same as any other view would.

The module even includes a test harness where you can click a few buttons and test the new form element with any view on your website.

This is not production code, but I wanted to alert people early. Please do review this module and let us know what you think. It's a lot of code, and may require some changes to the underlying views implementation, so the more people who try it, break it, and suggest changes the better. Also, you can use this to start testing with your own modules.

Hello views aficionados. If anyone has the time, could you review the module posted in

http://drupal.org/node/103171

It's a module (that I will recode as a patch to views itself, eventually) that provides views within forms. These views can be used to select nodes. It includes exposed filters and a pager, and it generally behaves exactly the same as any other view would.

The module even includes a test harness where you can click a few buttons and test the new form element with any view on your website.

This is not production code, but I wanted to alert people early. Please do review this module and let us know what you think. It's a lot of code, and may require some changes to the underlying views implementation, so the more people who try it, break it, and suggest changes the better. Also, you can use this to start testing with your own modules.

Sorry, drupalistas, but this is a goodwill project for NYC teachers. Coquille, my good friend/teacher/activist wants to create a really really simple site to teach other NYC teachers how to recycle. By law the schools are to recycle, but the school system refused to educated nor provide supplies for recycleing. So enter my friend, armed with a dozen or fellow teachers to do data input and create content. They need something simple that will be functional and hopefully get a bit of press (IE... free advertisement for you.)

I'm just the connector here... So please be nice. ;)

Noel

I'm looking to create a website to encourage recycling in NYC schools. I'd like the site to start with teacher and student-generated content created by our school, with the idea that our resources/recycling system could be easily replicated in other schools. Eventually, other schools could join in authoring content. Currently, few schools are recycling in NYC, which is totally frustrating because it's the law and, more importantly, the right thing to do.

Sorry, drupalistas, but this is a goodwill project for NYC teachers. Coquille, my good friend/teacher/activist wants to create a really really simple site to teach other NYC teachers how to recycle. By law the schools are to recycle, but the school system refused to educated nor provide supplies for recycleing. So enter my friend, armed with a dozen or fellow teachers to do data input and create content. They need something simple that will be functional and hopefully get a bit of press (IE... free advertisement for you.)

I'm just the connector here... So please be nice. ;)

Noel

I'm looking to create a website to encourage recycling in NYC schools. I'd like the site to start with teacher and student-generated content created by our school, with the idea that our resources/recycling system could be easily replicated in other schools. Eventually, other schools could join in authoring content. Currently, few schools are recycling in NYC, which is totally frustrating because it's the law and, more importantly, the right thing to do.

Hello,

I've posted a timeline of viewfield development, if anyone is interested:

http://drupal.org/node/100971

Cheers,
-Mark

Update: I've attached a screen shot of viewsfield working with filters. Also pictured: ajaxviews - loading a teaser on top of a views table. Way cool.

Hello,

I've posted a timeline of viewfield development, if anyone is interested:

http://drupal.org/node/100971

Cheers,
-Mark

Update: I've attached a screen shot of viewsfield working with filters. Also pictured: ajaxviews - loading a teaser on top of a views table. Way cool.

I've been thinking about some of the specifics of creating a personal workspace within Drupal -- although my main area of interest is education, these thoughts have applications outside education -- these are some rough notes, and I'm curious to see/hear reactions about what I'm missing/overlooking. These notes are not intended to be comprehensive, but a starting point in a conversation about some specific functionality

Some basic functionality--

<

ol>

I've been thinking about some of the specifics of creating a personal workspace within Drupal -- although my main area of interest is education, these thoughts have applications outside education -- these are some rough notes, and I'm curious to see/hear reactions about what I'm missing/overlooking. These notes are not intended to be comprehensive, but a starting point in a conversation about some specific functionality

Some basic functionality--

<

ol>