Insecure code

this is a variant of the above code, which displays the book contents using nice_menus.module:

<?php
$book_top_page = 159;
$book_top_title = "menu name";
$levels_deep = 2;
$nice_direction = "right";
$emulate_book_block = true;

if (!function_exists('book_struct_recurse')){
function book_struct_recurse($nid, $levels_deep, $children, $current_lineage = array(), $emulate_book_block = true) {
$struct = '';
if ($children[$nid] && ($levels_deep > 0 || ($emulate_book_block && in_array($nid, $current_lineage)))) {
$struct = '

';
foreach ($children[$nid] as $key => $node) {
if ($tree = book_struct_recurse($node->nid, $levels_deep - 1, $children, $current_lineage, $emulate_book_block)) {
$struct .= '

• ';
  $struct .= l($node->title, 'node/'. $node->nid);
  $struct .= $tree;
  $struct .= '

';
}
else {
if ($children[$node->nid]){
$struct .= '


• '. l($node->title, 'node/'. $node->nid) .'

';
}
else {
$struct .= '


• '. l($node->title, 'node/'. $node->nid) .'

';
}
}
}
$struct .= '

';
return $struct;
}
}
}

$current_lineage = array();

Add this line in all your settings.php files :

Note

This causes an infinite redirect loop in drupal 5.3 for me.

But this works instead:

$cookie_domain = 'domain.com';

Allow users to safely post CSS code while editing their profile to customize their profile (like MySpace).

Create a text-field profile category profile_css
Add to the top of your user_profile.tpl.php file:

You can even create your own wizard for users to use to customize their profile based on your stylesheets.

Note from the moderator: Thank you for sharing the snippet with the Drupal community. As it is now the snippet might present security risks. See Writing secure code for a background on the most common mistakes.

Specifically, the snippet

• does not check output, potentially allowing Cross Site Scripting attackso (XSS, see How to handle text in a secure fashion for more information).

You may be interested in the functions node_view and/or check_markup.

The following code will generate a list of nodes, using the titles as links and showing a custom-length teaser (can be either shorter or longer than the drupal default).

<?php
/* Variables here include:
// $list_length:
// the amount of nodes shown on one page
// $tid:
// the number of the taxonomy category you want to display the nodes of
// $teaser_length:
// the _minimum_ length of the teaser. Specify a number for a custom teaser length.
*/

$list_length = 5;
$tid = 11;
$teaser_length = 150;

$query = "SELECT n.nid" .
" FROM {node} AS n" .
" LEFT JOIN {term_node} AS tn ON n.nid = tn.nid" .

Please note: This procedure could result in unexpected results, depending on which tables you choose to share, including broken version updates and/or security holes.

For instance, if one site is compromised, an attacker could compromise the shared database tables and compromise your other sites. Think about both the settings to be shared and be aware of the risks involved. You can, however, host multiple sites in the same database (with no shared tables) by using site-wide table prefixes.

By using table prefixes on some tables but not others, you can cause multiple Drupal installations to share a set of common tables. One interesting application for this is to share the taxonomy tables (vocabularies, term_data). Another interesting use is to share users across Drupal installations.

In order to use this capability, create two drupal installs in same DB using different database prefixes. In this example, one is prefixed 'master_' and the other 'slave1_'. Then edit the settings.php file of 'slave1_' so that it points some tables to the 'master_'. For sharing users, add the following:


$db_prefix = array(
"default" => "slave1_", // the prefix for tables that are not shared.
"users" => "master_",
"sessions" => "master_",
"authmap" => "master_",