File managed entire folder Drupal

Some information on managed and unmanaged files in Drupal

If a file is on a certain folder of the webserver within the Drupal folders it does not mean that Drupal knows it!

When Drupal “store” the presence of a certain file (i.e. public://myfile.pdf) it became a managed file.

You can add a file to managed with file_save_data function.

Luckly or unfortunaly a function that manage an entire directory of files, maybe in a recursive way, is not present in Drupal core.

How to import a folder of files to Drupal?

I create a script to this in a clean and easy way.

  $destination = 'public://path-to-folder';
  $regex = '/.*\.jpg$/'; // This will identify jpg files

  $paths = file_scan_directory($destination,$regex);
  foreach($paths as $path => $data){
    $realPath = drupal_realpath($path);
    $handle = fopen($realPath, 'r');
    $file = file_save_data($handle, $path, FILE_EXISTS_REPLACE);
    fclose($handle);
    if(!$file){
      dpm('ERROR');
    }
    else{
      dpm("YEAH!!");
      dpm($file);
    }
  }

Note that dpm function is provided with a contrib module: Devel.

Hint

I have used this functionality to put lots of images in the media library (made with Media module) and make them available for redactors.

Drupal 7 blocks external frame due to X-Frame-Options

As documented (https://www.drupal.org/node/2735873) Drupal comunity removed the possibility to embedd a Drupal site into an external frame to avoid clickjacking.

The problem

Basically you can not put an external Drupal website into an iFrame anymore, if you try to embedd a website with X-Frame-Options restrictions you will get a browser console error stating something like this

because it set ‘X-Frame-Options’ to ‘sameorigin’

This behavior is obtained in drupal_deliver_html_page (in common.inc) in which it is checked what I show you below:

// By default, do not allow the site to be rendered in an iframe on another
// domain, but provide a variable to override this. If the code running for
// this page request already set the X-Frame-Options header earlier, don't
// overwrite it here.
$frame_options = variable_get('x_frame_options', 'SAMEORIGIN');
if ($frame_options && is_null(drupal_get_http_header('X-Frame-Options'))) {
  drupal_add_http_header('X-Frame-Options', $frame_options);
}

To see your Drupal website displayed into a frame of an external website you must change X-Frame-Options (or remove it).

The solution

Although Drupal documentation (https://www.drupal.org/node/2735873) explains that you can remove the X-Frame-Options header via the page_alter, I discovered that under certain conditions this strategy does not work at all.

In my case I was able to surf the site from a Frame only if I was logged in with an active session.

To achieve a better solution, my suggestion is to modify the Drupal variable x_frame_options before the drupal_deliver_html_page is called.
I did this (and it works like charme) via page_delivery_callback_alter, where I set the variable to FALSE under certain satisfited conditions (i.e. the page is requested from a whitelist domain).

function MYMODULENAME_page_delivery_callback_alter(&$delivery_callback) {
  $domains = variable_get('ur_com_xframe_allowed',array('http://www.myalloweddomain.xxx/'));
  //removing frameset limitation for certain referrers
  if(in_array($_SERVER['HTTP_REFERER'],$domains)){
    //setting the variable to false in order to avoid a future setting of the header
    variable_set('x_frame_options', FALSE);
  } else {
    //default behavior
    variable_set('x_frame_options', 'SAMEORIGIN');
  }
}

Hope this help.

Altering ECK save message

Altering ECK save messages is now possible thanks to these hooks:

hook_eck_entity_save_message_alter
hook_eck_bundle_save_message_alter

defined in eck.api.php.

I strongly suggest you to check that file because is full of interesting hooks that allow developers to customize eck standard (and horrible) behavior.

Enjoy!