Book Image

Drupal 8 Module Development - Second Edition

By : Daniel Sipos
Book Image

Drupal 8 Module Development - Second Edition

By: Daniel Sipos

Overview of this book

Drupal 8 comes with a release cycle that allows for new functionality to be added at a much faster pace. However, this also means code deprecations and changing architecture that you need to stay on top of. This book updates the first edition and includes the new functionality introduced in versions up to, and including 8.7. The book will first introduce you to the Drupal 8 architecture and its subsystems before diving into creating your first module with basic functionality. You will work with the Drupal logging and mailing systems, learn how to output data using the theme layer and work with menus and links programmatically. Then, you will learn how to work with different kinds of data storages, create custom entities, field types and leverage the Database API for lower level database queries. You will further see how to introduce JavaScript into your module, work with the various file systems and ensure the code you write works on multilingual sites. Finally, you will learn how to programmatically work with Views, write automated tests for your functionality and also write secure code in general. By the end, you will have learned how to develop your own custom module that can provide complex business solutions. And who knows, maybe you’ll even contribute it back to the Drupal community. Foreword by Dries Buytaert, founder of Drupal.
Table of Contents (20 chapters)

Cross-Site Request Forgery (CSRF)

CSRF attacks are another popular way that applications can be overtaken, by forcing a user with elevated privileges to execute unwanted actions on their own site. Usually this happens when certain URLs on the application trigger a process simply by being accessed through the browser (and by being authenticated): for example, deleting a resource.

The most important thing to consider in this respect is to never have such actions happening simply by accessing a URL. To help with this, we have the powerful Form API, which already had token-based CSRF protection embedded from previous versions of Drupal. So basically you can create forms whose submit handlers perform the potentially damaging actions (as we learned in Chapter 2, Creating Your First Module) or even add a second layer using a confirmation form (as we saw in Chapter 6, Data Modeling and...