6.3. Summary
Chapter 5 introduced you to the various text-filtering functions. This chapter aimed to give you some practical examples of how to use those functions. Drupal's theming system is a very powerful tool that can provide separation both in the functionality of your code and in the specific skill sets necessary for performing a task. Abusing that separation—by putting code in the templates or having inexperienced themers write code—can lead to disastrous results.
Mistakes in the theme are often extreme. They run the range, including XSS, SQL injection, and access bypass. These weaknesses allow a malicious user to completely control a site. You seldom hear about these problems because they aren't often present in the contributed themes on drupal.org and are only found by the site owner, who tends to keep the problem quiet. Rest assured that a custom theme is something to be very concerned about.
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
