Building a Random Quote Block with a Custom Drupal 11 Module
Allowing PHP code to run directly from a database has long been considered a security risk in Drupal, and the once-common PHP Filter module is no longer maintained for modern versions. In a recent tutorial, Joan Catala shows how developers can replace that pattern with a small custom module that keeps logic safely within Drupal’s codebase.
The example builds a Drupal 11 module that creates a block displaying random quotes from the film Kingdom of Heaven. Instead of embedding PHP in the database, the functionality is implemented through a block plugin, ensuring better control over execution, security, and maintainability.
Beyond the specific use case, the tutorial reflects a broader shift in Drupal development practices. Even simple dynamic features are now expected to follow structured, module-based approaches, reinforcing a more secure and sustainable way of extending Drupal sites.

