Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By dreadfulcode on
So I'm getting ready to take a stab at designing my own custom drupal theme, for the drupal 6x core with the default 'phptemplate' theme engine. After poring over the details in the many forums and covering this subject, I've stumbled across quite a few comments from drupallers discussing the issue of security holes, vulnerabilities from poor custom theming practices.
What are these security vulnerabilities, and how do I make a secure custom theme?
Comments
=-=
security issues would only come from incorrect and lazy usage of php and MySQL where coding and security standards aren't being followed.
follow the standards of a core theme or a well known base theme (zen, fusion, genesis, adaptive among others). if you stick to using drupal hooks, preprocess functions and following coding standards you should be fine.
Thanks VeryM Makes sense. I
Thanks VeryM
Makes sense. I never cut corners for my pet projects, so no worries then....
This is a good start:
This is a good start: http://drupal.org/node/360052