6.1. Quick Introduction to Theming in Drupal
There is a common split between designers and developers—very few people have strong skills in both fields. Further, it is common for designers to have a very focused task: make this site look like that mockup. They often have neither a background in the underlying technology used to build the site nor the time to learn the specific details of the technology. While Drupal module developers know about PHP and SQL and have at least some knowledge of the Drupal API to protect them, a theme template builder is often new to these areas and will make many of the mistakes you have learned about already in this book.
Drupal has an extremely flexible theme system. It uses theme functions, which can be overridden, and has a powerful template system. One major benefit of these templates is to give designers a file format that is easy for them to interact with and modify. It should also, ideally, reduce the opportunities for themers to create security vulnerabilities.
NOTE
Drupal has a modular theme system and can use multiple theming engines. This chapter covers only the default PHPTemplate engine because it is the most common and because the concepts for one theme engine apply fairly well to the other engines.
This section obviously can't be a complete guide to theming in Drupal, but it does cover where designers and developers are most likely to introduce vulnerabilities. This section uses the terms designer and themer interchangeably to describe ...
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
