Main Menu

Using Input Filters in Drupal - brought to you by sdesign1 - Drupal specialists

An input filter simply filters code that is inputted into your Drupal pages, by your users. They are designed to increase security so that users cannot enter malicious code (whether its purposely or accidentally) onto your pages. They are fully customisable and extensive, however, this article is a brief introduction to them.

For example, you may wish to strip out any php code that users could try to execute. They could simply enter:

<?php echo 'hello world'; ?>

and the output would display ;

hello world


Obviously, this is the most basic form of using PHP to output something on your page. If you're unfamiliar with PHP or any programming, there are plenty of dangerous commands that users may purposely target your site with. Such malicious code could even delete your entire site.

This is precisely why we have "Input Filters" in Drupal. If you are grantnig a user access to post a comment, write  a page, or fill in  a form - you should never give them such privileges. Drupal comes with 4 Input Filters already setup. Here is an overview fo them:

Unfiltered HTML

• Web page addresses and e-mail addresses turn into links automatically.
  Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  Lines and paragraphs break automatically.

PHP code

• You may post PHP code. You should include <?php ?> tags. 

Full HTML

• Web page addresses and e-mail addresses turn into links automatically.
• Lines and paragraphs break automatically.

If you find that you have images linked into your content, but they don't appear - then it is because the filter is "stripping" them out. In such a case you made need to select Unfiltered HTML

You can edit the rules applied to each filter on the /admin/settings/filters page.

• Privacy Policy
• Terms of Use
• A5 Leaflets
• Login

© 2006-2009 - sdesign1 Ltd