Doug's Blog

Note: this post was written over a year ago, but languished as a draft. I think the ideas are still important to think about so I tidied it up and posted it. –Doug In the echo chamber of the internet, a story recently made the rounds about how “…Beards Are Covered In Poop.” Of course this […]

December 30, 2016

Recently I needed to test a function that involved the drupal_valid_token function. There are no hooks for this function and it will generate new tokens with each user session. I needed to verify an external API’s cryptographic signature and a part of that signature involved a nonce for which I used the drupal_get_token function. I […]

April 21, 2016

I wanted to invalidate the CSRF token generated by drupal_get_token once the user had submitted a form, to ensure that we didn’t get a double submit. Drupal 7 generates tokens based on a combination of things, including the PHP session id. A simple call to session_regenerate_id() will cause the token generated by drupal_get_token to change […]

March 2, 2016

Drush is a pretty handy tool. I use it whenever I’m working on a Drupal site. I also make extensive use of SSH aliases. It doesn’t seem to be documented anywhere but I discovered that you can combine both. If you have a SSH alias that might look something like: Host example Hostname ssh.example.com Port 22 […]

November 20, 2015

**Warning, Nerd Alert. Code Samples Will Follow** As a developer I notice things about the WordPress interface that a lot of people overlook. One feature that’s pretty awesome to have is the ability to show/hide different columns and meta boxes on various screens. Here’s some of those options on the “Add Post” screen:   A […]