Drupal SA-CORE-2012-003 quick fix

Drupal Recently Drupal released the new version (7.16) to fix a security issue that would allow an attacker to reinstall an existing Drupal site with an external database server and then execute custom PHP code, more information available here: http://drupal.org/node/1815912.

There are many way to prevent this instead of updating a Drupal installation (always recommended), probably the quickest is to deny access to the interested file with few lines for the .htaccess file:


<Files install.php>
  deny from all
  ErrorDocument 403 "Access denied."
</Files>

Enjoy!

Vodafone key on ubuntu 12.04

Ubuntu 12.04 Recently I had to connect to internet using the Vodafone Key from the Vodafone station, here a brief guide about how to do it quickly:

1) Click on the icon that manage the network connections and select “Edit connections”
2) Select “Mobile Broadband”
3) Click on “Add”
4) Now you should see your Internet key connection, select “Modify”
5) Your vodafone APN is web.omnitel.it

That is, this mainly apply to users from Italy.

Drupal 7: how to create a form within a module

Drupal If you develop modules and you need to create a form in one of your page, there is a nice Drupal function that can render an array into a pretty HTML form: drupal_get_form().

This handy function is usually needed in a menu callback as it does not require an existing form.

You can use it like this:

/**
 * Implements hook_menu()
 */
function mymodule_menu() {
 $items['mymodule'] = array(
  'title' => 'My title', //The name of the menu that will be displayed
  'page callback' => 'mymodule_page_callback', //The name of the function that will output a page
 );
 return $items;
}

function mymodule_page_callback() {
 //The argument is the name of the function with the form details
 return drupal_get_form('mymodule_form');
}

function mymodule_form($form, &$form_state) {
 $form = array (
  //The action attribute of the HTML form tag
  '#action' => '#', 
  //We define a simple text field for the "name"
  'name' => array ( 
   '#type' => 'textfield',
   //The label that will be placed with the field
   '#title' => t('My pretty name'),
   //The description will be placed right below the field
   '#description' => t('My descrition'),
   //If true the system will perform a simple check on submit so that it is never empty
   '#required' => TRUE,
  ),
  //We define a simple submit button
  'submit' => array ( 
   '#type' => 'submit',
   '#value' => t('My submit'),
  ),
 );
 
 return $form;
}

After you have defined the form, you can implement 2 extra functions that will handle the validation (_validate) and the processing (_submit) of the form values.

function mymodule_form_validate($form, &$form_state){
 // My validation parameters
 if(strlen($form_state['values']['name']) > 10) {
  form_set_error('', t('Hey, your name is too long!'));
 }
}

function mymodule_form_submit($form, &$form_state) {
 //My success processing
 drupal_set_message(t('Yay, your name is fine!'));
}

And that is, pretty simple uh?

2013 10 10 Edit: Updated with the syntax highlighter!

Magento headers already sent

MagentoSometime while working with Magento, especially while browsing the site with Google Chrome, you may get the following error:

Duplicate headers received from server
The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.

This will be fixed in Magento 1.7.x, but until then, if you like to fix it you need to duplicate a core file in the app/code/local/ folder modifying few lines.

The file you need is app/code/core/Mage/Core/Controller/Varien/Action.php, and you need to modify the method _prepareDownloadResponse, in particular this code:


$this->getResponse()
->setHttpResponseCode(200)
->setHeader('Pragma', 'public', true)
->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', true)
->setHeader('Content-type', $contentType, true)
->setHeader('Content-Length', is_null($contentLength) ? strlen($content) : $contentLength)
->setHeader('Content-Disposition', 'attachment; filename="'.$fileName.'"')
->setHeader('Last-Modified', date('r'));

into:


$this->getResponse()
->setHttpResponseCode(200)
->setHeader('Pragma', 'public', true)
->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', true)
->setHeader('Content-type', $contentType, true)
->setHeader('Content-Length', is_null($contentLength) ? strlen($content) : $contentLength, true)
->setHeader('Content-Disposition', 'attachment; filename="'.$fileName.'"', true)
->setHeader('Last-Modified', date('r'), true);

As said before, you have to duplicate this file before modifying, messing with the core files is always bad!
Your new file will be /app/code/local/Mage/core/Controller/Varien/Action.php.

If you plan to upgrade to Magento 1.7.x keep in mind that it is better to remove this patched file!

Enjoy!

How to solve Gtk-WARNING about “pixmap”

Ubuntu 11.10If you are running Ubuntu 11.10, some applications my generate the following error:

Gtk-WARNING **: Unable to locate theme engine in module_path: "pixmap",

How to solve that?

Easy, install gtk2-engines-pixbuf!

From shell you my run:
sudo apt-get install gtk2-engines-pixbuf

Type your password and get it done in few seconds.

Enjoy!

SSH/Shell update Drupal from a minor version to another

Drupal Hello everyone,
last day I had to update Drupal 7.10 to the most recent at the moment (7.12), I never did something like that so I was like “here we go, 1 work day that will go burned! :D”, but thanks to the Drupal community I was able to update the installation.

Since isn’t very easy at first (reading UPGRADE.txt was not helpful unfortunately), therefore here a quick list of the steps:

  1. Put your site into maintenance mode or close accesses from the outside.
  2. First of all, backup your installation folder (usually a rsync -av startfolder destinationfolder, or a cp -a startfolder destinationfolder will do the job just fine)
  3. Then you have to backup your database (you can do it all in one step using screen, but I bet that if you are reading this and you are experienced you already know that), depending if you are running MySQL or PostgreSQLthe instructions changes, but I think could be sum up as follows:
    • MySQL: mysqldump -uUser -pPassword -hHost dbname > dumpname.sql
    • PostgreSQL: pg_dump databasename > dumpname.sql

    If you use PostgreSQL you need to remember that the operations have to be done with the correct user. Refer to the documentation for further details.

  4. After you have done the backups, reach your site root folder and create a folder to hold the new Drupal version, something like mkdir upgrade, then enter inside it with cd upgrade.
  5. Download the archive with wget http://ftp.drupal.org/files/projects/drupal-7.12.tar.gz.
  6. Open the archive with tar -xzvpf drupal-7.12.tar.gz.
  7. Then enter the newly created directory like we did before, cd drupal-7.12.
  8. At this point we have all that we need, this step is the actual upgrade, we have to move some files in the root directory, assuming you followed this steps, the command you need is the following:
    rsync -av CHANGELOG.txt COPYRIGHT.txt cron.php includes index.php INSTALL.mysql.txt INSTALL.pgsql.txt install.php INSTALL.txt LICENSE.txt MAINTAINERS.txt misc modules profiles scripts themes update.php UPGRADE.txt xmlrpc.php ../../
  9. After you have done that, should be an instant action, open your browser and go to your website URL and add a /update.php at the end, you should have http://www.myawesomedrupalsite.com/update.php.
  10. Follow the instruction on-screen to complete the update process on the database, don’t change anything from the dropdowns.
  11. Once the update is complete you may remove the directory we created to download and extract drupal.

Is not very short but is all you need to do.

Enjoy!

SEO and 404 redirect

Have you ever felt the need of redirecting 404 errors to your homepage, or some relevant contents?

Doing these actions is extremely bad for the internet and for your website visibility.

The 404 is there to explain to the user and the search engine that what it was looking for doesn’t exist.

And I think this step is pretty clear to everyone, but, what to do then after you reach this point? You don’t want that the users leave the website without looking for something they might be interested into.

As obvious as it will sound, you want to keep them there, you want that the users find the 404 page, you want that they know that it doesn’t exist, you want that from there they reach something else.

So, spending time and putting effort into creating a custom and rich 404 page will pay you back for each 404 error you may have.

As explained better here, improving that side of your website is important as developing meta descriptions.

Also, as general purpose guide, Google released an handy guide that explain some many tricks about the Search Engine Optimization.

Enjoy!