Drupal and DNS Prefetch

In a bid to help you gain performance from your web apps, a new feature introduced with HTML5 is the ability to prefetch DNS resources.  Currently widely supported (Firefox 3.5+, Chrome, Safari 5+ and IE 9+), prefetching is where your browser will in the background to a DNS lookup for the addresses that you give. This means when it comes to access a resource at a host, it can skip the DNS lookup, thus saving precious milliseconds on your load time.

This is one way you can implement prefetching with Drupal, inside a THEME_prerpocess_page() hook.

function MYTHEME_preprocess_page(&$variables, $hook) {
    '#tag' => 'link',
    '#attributes' => array(
      'rel' => 'dns-prefetch',
      'href' => '//www.googletagmanager.com',
  ), 'googletagmanager_dns_prefetch');

This will produce the following html in the head of your site

<link rel="dns-prefetch" href="//www.googletagmanager.com" />

How we dealt with Heartbleed and Drupal

I just wanted to share how we have dealt with the Heartbleed bug at work in case there is anyone else out there that runs a Drupal site that needs some help.

Obviously we have patched the servers and got new certificates issued, but the job of resetting passwords is the tricky one.  Now we could use the approach of asking our users to change their passwords, but if more than 5% of users actually did that I would be shocked.

Below is a hook_update snippet of code similar to that we have used to force every user to reset their password.

The code works by forcefully ending every users session (by truncating the sessions table).  We then update every users password with a randomly generated password (that we do not know) to prevent them from being able to log in with their insecure password. Finally, we send every user the reset your password email with the one time login link to make it easy for them to get back in.

function HOOK_update_7???() {
  require_once DRUPAL_ROOT . '/includes/password.inc';

  // Log users out.

  // Generate a password.
  $password = user_password();

  // Hash password.
  $password = user_hash_password($password);

  // Update all the passwords to hashed generated password, not user 0 or 1.
  $updatepass = db_update('users')
      'pass' => $password,
    ->condition('uid', '0', '!=')
    ->condition('uid', '1', '!=')

  // Get users to send email.
  $users = db_select('users', 'u')
    ->condition('uid', '0', '!=')
    ->condition('uid', '1', '!=')
    ->fields('u', array(

  // Send emails to the users
  foreach ($users as $user) {
    $mail = _user_mail_notify('password_reset', $user);

Why not use a module like Mass Password Reset? Simple, we run 100+ sites on our installation and it would be a pain to run that on all sites.  This is in our profile so all we have to do is deploy the code and run updates.

Kudos goes out to pbz1912 who actually wrote the code.


As mentioned in the comment from Luca, it’s not best practice to just send your users the reset password email, but to let them know whats going on.  We also used a similar snippet of code to the one below to add some help text to the login form.

function HOOK_form_user_login_alter(&$form, $form_state) {
  $form['heartbleed'] = array(
    '#type' => 'markup',
    '#markup' => t("

Put your friendly help text in here, it will appear above the login form

"), '#weight' => -50, ); }

Managed file upload in Drupal theme settings

So you want to add a managed file field to your theme settings to allow for an additional logo, great! Using FAPI and a theme-settings.php file it will be a piece of cake.  Not so fast….

The sticking point here is that a managed file once uploaded has to have its status changed to 1 to make it persist.  If you don’t change that status then cron will come along and merrily remove it after 6 hours, leaving you with a broken image on your theme.

Add the field to the theme settings in the usual way

MYTHEME_form_system_theme_settings_alter(&$form, $form_state) {
  $form['secondary_logo'] = array(
    '#title' => t('Secondary logo'),
    '#description' => t('A description'),
    '#type' => 'managed_file',
    '#upload_location' => 'public://secondary-logo/',
    '#upload_validators' => array(
      'file_validate_extensions' => array('gif png jpg jpeg'),
    '#default_value' => theme_get_setting('secondary_logo'),

This gets the field on the settings screen, but doesn’t allow you to persist by altering the status.  On any normal form you could use hook_form_submit(), but unfortunately this does not work with theme settings.

The fix is to add a custom submit handler to the form, but due to a bug in the theme settings system you need to specify your theme settings file as a dependency.  Add the following to the MYTHEME_form_system_theme_settings_alter function

$form['#submit'][] = 'MYTHEME_settings_form_submit';

// Get all themes.
$themes = list_themes();
// Get the current theme
$active_theme = $GLOBALS['theme_key'];
$form_state['build_info']['files'][] = str_replace("/$active_theme.info", '', $themes[$active_theme]->filename) . '/theme-settings.php'

It is important to note that as you are now altering the $form_state variable you need to add an & to the parameter so that it is passed by reference.

Now you can create the submit handler to actually change the status of the file.

function MYTHEME_settings_form_submit(&$form, $form_state) {
$image_fid = $form_state['values']['secondary_logo'];
  $image = file_load($image_fid);
  if (is_object($image)) {
    // Check to make sure that the file is set to be permanent.
    if ($image->status == 0) {
      // Update the status.
      $image->status = FILE_STATUS_PERMANENT;
      // Save the update.
      // Add a reference to prevent warnings.
      file_usage_add($image, 'MYTHEME', 'theme', 1);

And there you have it, you should be able to keep hold of your file for longer than 6 hours.


I was put on the right track to this solution and have used code from this stack overflow question.

Adding classes to the Drupal image_formatter link

So you are using Drupal, and you are outputting an image field from a node to the screen.  You have it set up so that the display is using an image_style to generate a thumbnail, and you are linking to the full size image.  All great, except you want an additional class on the link….

You could override the field template so that it has the field hard coded.  Seems like a bit of hard work, and massively redundant since all you want is a single (or couple of) class(es) on the link (as you’re using a Bootstrap based theme and want to add the thumbnail class)

Preprocess this

Enter theme_preprocess_field(), which is called before any field is rendered, and is your friend.

First thing to do is target the field that you are looking to modify, which is done like this

function THEME-NAME_preprocess_field(&$variables, $hook) {
  if ($variables['element']['#field_name'] == 'field_FIELD-NAME') {

Next thing is to add the class to the link.  The image formatter uses items from the #path array to construct and link, and makes use of the l() function, so we need to bare that in mind when we are adding classes.  The option array with the #path array gets passed into the l function as the options parameter.

The final code looks like this.

function THEME-NAME_preprocess_field(&$variables, $hook) {
  if ($variables['element']['#field_name'] == 'field_FIELD-NAME') {
    foreach ($variables['item'] as &$item) {
      $item['#path']['options']['attributes']['class'] = array(

So there we have it, our class is added to the link, in just a few lines of code, without overriding a template that could easily get stale or hard to maintain.

Using Drupal’s hook_views_default_views_alter

I came across an issue recently with a Drupal installation that I am working on that required me to use hook_views_default_views_alter, and found that the help out there was minimal.  I finally got what I was after working, but with much debugging using the Devel module and dpm.  I thought that I would put down what I found out to help others in a similar position. Continue reading Using Drupal’s hook_views_default_views_alter