How to Create a Patch for a Drupal Module

I recently downloaded the Drupal Security Kit module to implement a Content Security Policy on a site I’m working on. One of the drawbacks was the 128 character limit it has for the allowed source fields. That was a bit too restrictive for my needs due to the number of external scripts the site uses. The solution, create a patch for a Drupal module.

If you’re not familiar with what a CSP is, I recommend looking into adding one to increase your sites’ security. Mike West wrote a great introduction to CSPs.

After digging around for awhile trying to figure out how to create a patch for a Drupal module, most of the posts I found assumed that you already had a pretty good understanding of Drupal. Being fairly new to Drupal myself, this was a bit of a pain to figure out—a common theme I’ve found with all Drupal development. With some help from a fellow Drupal developer, after about 15 minutes, I got it figured out and submitted my first patch to (currently pending review).

In my experience, I’ve found documentation for Drupal development is a bit scarce and when you do find some, it’s usually written for Drupal veterans. So, I thought it would be a good idea to share my experience with others like me how are just getting started with the CMS.

Creating a Patch for a Drupal Module

For this post, I’m going to use the Security Kit module as an example. If you’re not familiar with what a patch is, check out Drupal’s patch page. Basically, patches are pieces of code that solve an existing issue. Once a patch has been applied, the issue should no longer exist.

Step 1: Clone the Drupal Module

The first step is cloning the module. If you don’t already have Git installed, you’re going to need to install it. Once you have, head over to the module’s project page (ex.

Security Kit

Click “Version Control” under the title (ex. Where it says, “Version to work from”, select the version of the module you’re wanting to patch. In this case, I want to patch 7.x-1.8, so selected “7.x-1.x” and then clicked “Show”.

Drupal Module Version

Now open up a terminal window with Git installed and clone the project’s repo. In this example:

This will copy the project’s files onto your system so you can make the updates needed.

Step 2: Update the Module

Since I needed to increase the maxlength limit for the allowed source fields, I opened: sites/all/modules/contrib/seckit/includes/ which includes the admin form settings for that module’s configuration page. There I found that they weren’t defining the maxlength for the fields, so defaulted to the 128 character limit.

This is easily fixed by adding the #maxlength option to the fields array. See the example below:

For more information on how Drupal handles form fields, see their Form API Reference docs.

Step 3: Create the Patch

Now that you’ve made the changes to the module, you’ll need to create the patch for it. This is easily accomplished with Git. Open terminal and go into the module’s directory:

With this being a simple update, the following command will work for most improvements:

In my case, there hadn’t been an issue created for my problem yet, so I did:

For more complex improvements that require adding/removing files, work over the course of multiple days including Git commits, or collaboration with others, see the Advanced patch workflow.

This will create the patch file you need in the module’s directory. Pretty simple, huh? So, what about applying a patch?

Appyling a Patch to a Drupal Module

Applying a patch is as simple as adding the patch file to your module’s directory, then running the following command:

In my case, I did:

Once the patch has been applied, be sure to remove it so it doesn’t accidentally get included in future commits:

Pretty simple stuff!

I’d love to hear any feedback, suggestions or questions. Keep in mind, I’m fairly new to Drupal so would love to hear what the veterans think.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

All comments are held for moderation and only published when on topic and not rude. You'll even get little stars if you do an extra good job.

You may write comments in Markdown. This is the best way to post any code, inline like `<div>this</div>` or multiline blocks within triple backtick fences (```) with double new lines before and after.

Want to tell me something privately, like pointing out a typo or stuff like that? Contact Me.

icon-search icon-link