Drupal out of the box: flexible, secure, stable

Kate Marshalkina, Licel

Drupal out of the box
flexible, secure, stable

Kate Marshalkina, Licel

Source: https://www.flickr.com/photos/cindyprins/10572913496/in/faves-kalabro/

About me

Framework? It's about code.

Framework — a reusable set of libraries or classes for a software system.

Framework + UI = CMF

  Drupal 7 Drupal 8
Size, tar.gz 3MB ~13MB
Modules / enabled 44 / 29 63 / 38

Before we dive in...
Where to put the code?

* Patches for geeks :)

Extend with hooks

            * Implements hook_custom_theme().
           function MYMODULE_custom_theme() {
             return $custom_themekey;


Hook is a common IT term. For example, it is used in Windows API, Git, Wordpress etc.

Extend with hooks

~350 hooks in 7's core: Hooks on Drupal.org

You can create your own hooks and call them with module_invoke_all(), module_invoke() and drupal_alter().

You also can alter other mosules' hook implementations with hook_module_implements_alter().

Most popular hooks

Drupal 8 uses hooks, too.

Drupal 7 Drupal 8
hook_menu() hook_help()
hook_form_FORM_ID_alter() hook_form_FORM_ID_alter()
hook_schema() hook_library_info()
hook_theme() hook_theme()
hook_permission() hook_preprocess_HOOK()
hook_(un)install() hook_(un)install()
hook_block_view() hook_views_data()

Add own implementations
for Drupal subsystems

Subsystem How-to Examples
Field Storage hook_field_storage_*() MongoDB, ElasticSearch
Search hook_search_*() Apache Solr, Sphinx
Cache Backends DrupalCacheInterface implementation Memcache Storage, APC
Mail Systems DefaultMailSystem extension MimeMail, DevelMail
Stream Wrappers DrupalStreamWrapperInterface + hook_stream_wrappers() Remote stream wrapper, AmazonS3
Queue DrupalQueueInterface implementation MongoDB, APC

Override subsystems in settings.php

Setting Default value
password_inc includes/password.inc
path_inc includes/path.inc
session_inc includes/session.inc
lock_inc includes/lock.inc
menu_inc includes/menu.inc
drupal_http_request_function drupal_http_request()

What to write?

drupal_strlen() drupal_map_assoc() user_access()
current_path() user_load_by_mail() debug()
drupal_random_key() drupal_render() variable_get()
cache_get_multiple() flood_is_allowed() text_summary()
drupal_explode_tags() watchdog_exception() token_replace()
module_load_include() drupal_goto() ...

Story #1

function t()


t('Translate me');


t('Translate me, %username!',
           array('%username' => $account->name));
@token check_plain()
%token drupal_placeholder() + <em>
!token -

Integrated in UI


You can use format_string() if you need t() without translation.

Story #2

class EntityFieldQuery


$query = new EntityFieldQuery();
$query->entityCondition('entity_type', 'node')
      ->propertyCondition('status', 1)
      ->propertyCondition('type', array('article', 'blog'))
      ->fieldCondition('field_type', 'value', 'A')
      ->propertyOrderBy('created', 'DESC')
      ->range(0, 5);
$result = $query->execute(); // Only entity ids.


OOP, please

class CustomEntityFieldQuery extends EntityFieldQuery {


Story #3

Key #theme

Render Arrays

$build['our_theme_function'] = array(
    '#theme' => 'theming_example_list',
    '#attached' => array('css' => ...),
    '#title' => $title,
    '#items' => $items,

return drupal_render($build);

Render Arrays


How I feel another CMF's

  Drupal 7 1C-Bitrix Wordpress
First step + + ++
Admin panel ++ ++++ ++++
Code Quality ++++ ++ +
News list ++ +++ +++
Flexibility +++ ++ +
Documentation ++++ + ++
Community ++++ + +++
Russian Community ++ ++ ++
Performance Fuu ++ ++
Security +++ ++ Fuu

Last but not least


Out of the box

t('Thanks, %username!', :)

  • Kate Marshalkina, Web Developer at Licel.ru, Moscow
  • @kalabro on and
  • marshalkina@licel.ru