File managed entire folder Drupal

Some information on managed and unmanaged files in Drupal

If a file is on a certain folder of the webserver within the Drupal folders it does not mean that Drupal knows it!

When Drupal “store” the presence of a certain file (i.e. public://myfile.pdf) it became a managed file.

You can add a file to managed with file_save_data function.

Luckly or unfortunaly a function that manage an entire directory of files, maybe in a recursive way, is not present in Drupal core.

How to import a folder of files to Drupal?

I create a script to this in a clean and easy way.

  $destination = 'public://path-to-folder';
  $regex = '/.*\.jpg$/'; // This will identify jpg files

  $paths = file_scan_directory($destination,$regex);
  foreach($paths as $path => $data){
    $realPath = drupal_realpath($path);
    $handle = fopen($realPath, 'r');
    $file = file_save_data($handle, $path, FILE_EXISTS_REPLACE);

Note that dpm function is provided with a contrib module: Devel.


I have used this functionality to put lots of images in the media library (made with Media module) and make them available for redactors.

Drupal 7 blocks external frame due to X-Frame-Options

As documented ( Drupal comunity removed the possibility to embedd a Drupal site into an external frame to avoid clickjacking.

The problem

Basically you can not put an external Drupal website into an iFrame anymore, if you try to embedd a website with X-Frame-Options restrictions you will get a browser console error stating something like this

because it set ‘X-Frame-Options’ to ‘sameorigin’

This behavior is obtained in drupal_deliver_html_page (in in which it is checked what I show you below:

// By default, do not allow the site to be rendered in an iframe on another
// domain, but provide a variable to override this. If the code running for
// this page request already set the X-Frame-Options header earlier, don't
// overwrite it here.
$frame_options = variable_get('x_frame_options', 'SAMEORIGIN');
if ($frame_options && is_null(drupal_get_http_header('X-Frame-Options'))) {
  drupal_add_http_header('X-Frame-Options', $frame_options);

To see your Drupal website displayed into a frame of an external website you must change X-Frame-Options (or remove it).

The solution

Although Drupal documentation ( explains that you can remove the X-Frame-Options header via the page_alter, I discovered that under certain conditions this strategy does not work at all.

In my case I was able to surf the site from a Frame only if I was logged in with an active session.

To achieve a better solution, my suggestion is to modify the Drupal variable x_frame_options before the drupal_deliver_html_page is called.
I did this (and it works like charme) via page_delivery_callback_alter, where I set the variable to FALSE under certain satisfited conditions (i.e. the page is requested from a whitelist domain).

function MYMODULENAME_page_delivery_callback_alter(&$delivery_callback) {
  $domains = variable_get('ur_com_xframe_allowed',array(''));
  //removing frameset limitation for certain referrers
    //setting the variable to false in order to avoid a future setting of the header
    variable_set('x_frame_options', FALSE);
  } else {
    //default behavior
    variable_set('x_frame_options', 'SAMEORIGIN');

Hope this help.

Altering ECK save message

Altering ECK save messages is now possible thanks to these hooks:


defined in eck.api.php.

I strongly suggest you to check that file because is full of interesting hooks that allow developers to customize eck standard (and horrible) behavior.