Site administrators

Drupal's Input Formats provide a variety of benefits. They can be used to enhance the functionality of your site but one of the main purposes is to ensure that data entered on your site is safe for site visitors. For example, if you allow anonymous commenting with "Full HTML" input format, a visitor could add an inappropriate image or malicious JavaScript code capable of changing your password on the site.

• To create and configure text formats in Drupal 6 navigate to administer -> input formats
• To create and configure text formats in Drupal 7 navigate to administer -> text formats

The default input format configurations and permissions are safe. There are a couple of things you may change which can make them unsafe:

1. Adding tags to input filters be especially careful with the roles allowed to use the following tagsSCRIPT, IMG, IFRAME, EMBED, OBJECT, INPUT, LINK, STYLE, META, FRAMESET, DIV, SPAN, BASE, TABLE, TR, TD.
2. Re-arranging the order of filters especially for untrusted users (anonymous, or those with low level roles) you will want to have the HTML Filter run at the end of the set of filters.
3. Changing permissions on filters you should only allow advanced tags (item 1 above) and "Full HTML" for registered users that you trust.

As of version 2.8, OGUR allows you to create registration codes to be used to subscribe to groups.

Some basic rules:

• Registration codes can be used by users to subscribe to groups in *any* status: Open, closed, invite only and/or moderated.
• There is a global setting (in OGUR Settings: http://drupal.org/node/163567) to turn on registration code usage, but it is in the individual groups where group admins actually determine if a) the group will use registration codes and; b) what those codes will be.
• A single registration code can only be used to subscribe to only one group.
• Every registration code must be unique. It can NOT be duplicated in any other group.
• "Anonymous" users can see the "Enter registration code" tab on the Groups listing page, but cannot enter registration codes here. Only valid users who are logged in, i.e. "authenticated", can enter registration codes on this page. Anonymous users can only use registration codes, if allowed, as part of the initial account signup process.

The process for using registration codes:

1. In OGUR settings (http://drupal.org/node/163567) click on Allow Group Admins to define Registration Codes for new group subscribers to moderated groups option. This will create a new Registration code for new subscribers to this group setting in all groups.
   

The Auto Assign Role module http://drupal.org/project/autoassignrole serves two primary purposes. The first is to provide an automatic assignment of roles when a new account is created. The second is to allow the end user the option of choosing their own roles when they create their account. The administrator has full control over these functions and can have them working together or independently of each other.

General Administration

After installing the module you will want to navigate to admin/user/access to grant access to the appropriate roles. The administration page for this module is at admin/user/autoassignrole. There are two primary categories of functionality can be quickly enabled or disabled from the admin page. In order for either type of role assignment to work you will need to make sure to click the enable button on the admin page and select the roles to be used in the process.

Automatic Role Assignment

The get_content_type module fills an oversight by the D5 developers. When they moved the part of CCK (sometimes called CCK-Lite) into core for creating new content types, they forgot the analog to taxonomy/term/xxx, that is node/type/xxx. This simple module provides that function.

Thanks to milianw this module now supports RSS feeds.

Installation

Normal module installation applies.

Settings

The settings are in the content type admin page (admin/content/node-type/xxx).

You may indicate whether or not to show the content type description as introductory text at the top of the list.

You may also automatically generate a menu item to list the content type, and specify into which menu the item will be placed.

Using the Module

It may be invoked from the URL as "node/type/content-type/teaser/number-per-page" or programmatically as "node_get_by_type(content-type, teaser, number-per-page)" where:

^{This handbook page is based on a similar article by Robert Douglass at http://www.lullabot.com/articles/drupal_input_formats_and_filters. It is modified for inclusion here by permission.}

Processing textual content for output in a browser is one of Drupal's most critical tasks. Without such processing we would all have to become masters at typing in HTML text! This section of the handbook explains what filters and input formats are, why they are important, how they are used, and why they impact site security.

Filters and Input Formats

The pillars of Drupal's text handling are filters and input formats. A filter is a set of rules that can be applied to transform text in some way. Some filters strip certain HTML tags or security hazards from text. Other filters look for special patterns and expand the text in a meaningful way. Other fun-oriented filters, such as the Pirate Filter, rewrite the text altogether (in this case, to make it "talk like a pirate"). Filters know how to do one thing, and do it well; text in, filtered text out.

Some filters have extra configuration options. The HTML filter, for example, strips all but an allowed set of HTML tags from text. The set of allowed tags can be determined by the administrator.

This page is a collection of simple replacement rules you can use for yourself. Before you can use any of this, you should have a filter as a container.

Simple replace (case sensitive)

This will convert all occurence of foo into bar, but it is case-sensitive, means that it won't work for Foo, or fOO.

• Pattern: /foo/
• PHP Code: off
• Replacement: bar