Drupal out of the box: flexible, secure, stable

Drupal out of the box
flexible, secure, stable

Kate Marshalkina, Licel

Source: https://www.flickr.com/photos/cindyprins/10572913496/in/faves-kalabro/

About me

Kate Marshalkina, Web Developer at Licel.ru, Moscow
@kalabro on and
Co-maintainer of Path Breadcrumbs, UI Cache Clear, Yandex.Metrics.
DrupalSPB
1. Speaker on local events
2. Writer
3. Coder on codesprints
4. St. Petersburg lover

Framework? It's about code.

Framework — a reusable set of libraries or classes for a software system.

Framework + UI = CMF

	Drupal 7	Drupal 8
Size, tar.gz	3MB	~13MB
Modules / enabled	44 / 29	63 / 38

Before we dive in...
Where to put the code?

Do not hack core!
Modules for logic (M, C)
Themes for representation (V)

* Patches for geeks :)

Extend with hooks

           /**
            * Implements hook_custom_theme().
            */
           function MYMODULE_custom_theme() {
             return $custom_themekey;
           }

Hook is a common IT term. For example, it is used in Windows API, Git, Wordpress etc.

Extend with hooks

~350 hooks in 7's core: Hooks on Drupal.org

You can create your own hooks and call them with module_invoke_all(), module_invoke() and drupal_alter().

You also can alter other mosules' hook implementations with hook_module_implements_alter().

Most popular hooks

Drupal 8 uses hooks, too.

Drupal 7	Drupal 8
`hook_menu()`	`hook_help()`
`hook_form_FORM_ID_alter()`	`hook_form_FORM_ID_alter()`
`hook_schema()`	`hook_library_info()`
`hook_theme()`	`hook_theme()`
`hook_permission()`	`hook_preprocess_HOOK()`
`hook_(un)install()`	`hook_(un)install()`
`hook_block_view()`	`hook_views_data()`

Add own implementations
for Drupal subsystems

Subsystem	How-to	Examples
Field Storage	`hook_field_storage_*()`	MongoDB, ElasticSearch
Search	`hook_search_*()`	Apache Solr, Sphinx
Cache Backends	`DrupalCacheInterface` implementation	Memcache Storage, APC
Mail Systems	`DefaultMailSystem` extension	MimeMail, DevelMail
Stream Wrappers	`DrupalStreamWrapperInterface` + `hook_stream_wrappers()`	Remote stream wrapper, AmazonS3
Queue	`DrupalQueueInterface` implementation	MongoDB, APC

Override subsystems in settings.php

Setting	Default value
`password_inc`	includes/password.inc
`path_inc`	includes/path.inc
`session_inc`	includes/session.inc
`lock_inc`	includes/lock.inc
`menu_inc`	includes/menu.inc
`drupal_http_request_function`	drupal_http_request()

What to write?

`drupal_strlen()`	`drupal_map_assoc()`	`user_access()`
`current_path()`	`user_load_by_mail()`	`debug()`
`drupal_random_key()`	`drupal_render()`	`variable_get()`
`cache_get_multiple()`	`flood_is_allowed()`	`text_summary()`
`drupal_explode_tags()`	`watchdog_exception()`	`token_replace()`
`module_load_include()`	`drupal_goto()`	...

Story #1

function t()

Simple

t('Translate me');

Secure


t('Translate me, %username!',
           array('%username' => $account->name));

@token	`check_plain()`
%token	`drupal_placeholder()` + `<em>`
!token	-

Integrated in UI

Configurable

Contexts
$conf['locale_custom_strings_en']

You can use format_string() if you need t() without translation.

Story #2

class EntityFieldQuery

EFQ


$query = new EntityFieldQuery();
$query->entityCondition('entity_type', 'node')
      ->propertyCondition('status', 1)
      ->propertyCondition('type', array('article', 'blog'))
      ->fieldCondition('field_type', 'value', 'A')
      ->propertyOrderBy('created', 'DESC')
      ->range(0, 5);
$result = $query->execute(); // Only entity ids.

EFQ

Field API support
Storage agnostic
Built-in params sanitizing
Access checks (can be bypassed)
Tags ->addTag('debug')
Metadata ->addMetaData('node', $node)
Extenders (Pager, tableSort)
\Drupal::entityQuery() in Drupal 8

OOP, please


class CustomEntityFieldQuery extends EntityFieldQuery {

}

Story #3

Key #theme

Render Arrays


$build['our_theme_function'] = array(
    '#theme' => 'theming_example_list',
    '#attached' => array('css' => ...),
    '#title' => $title,
    '#items' => $items,
  );

return drupal_render($build);

Render Arrays

Do not hardcode HTML
Theme suggestions: #theme => 'links__mymodule'
#attached, #attributes etc
#cache support
Built-in theme functions: table, tableselect, item_list, ...
Drupal 8: Render Arrays + Twig

Holy-break

How I feel another CMF's

	Drupal 7	1C-Bitrix	Wordpress
First step	+	+	++
Admin panel	++	++++	++++
Code Quality	++++	++	+
News list	++	+++	+++
Flexibility	+++	++	+
Documentation	++++	+	++
Community	++++	+	+++
Russian Community	++	++	++
Performance	Fuu	++	++
Security	+++	++	Fuu

Last but not least

Community

Out of the box

t('Thanks, %username!', :)

Kate Marshalkina, Web Developer at Licel.ru, Moscow
@kalabro on and
marshalkina@licel.ru