emGee Software Solutions Custom Database Applications

Share this

Drupal CMS

Dries Buytaert: Thirteen recommendations for how to evolve Drupal's governance

Drupal.org aggregator - Tue, 11/13/2018 - 11:44

Drupal exists because of its community. What started from humble beginnings has grown into one of the largest Open Source communities in the world. This is due to the collective effort of thousands of community members.

What distinguishes Drupal from other open source projects is both the size and diversity of our community, and the many ways in which thousands of contributors and organizations give back. It's a community I'm very proud to be a part of.

Without the Drupal community, the Drupal project wouldn't be where it is today and perhaps would even cease to exist. That is why we are always investing in our community and why we constantly evolve how we work with one another.

The last time we made significant changes to Drupal's governance was over five years ago when we launched a variety of working groups. Five years is a long time. The time had come to take a step back and to look at Drupal's governance with fresh eyes.

Throughout 2017, we did a lot of listening. We organized both in-person and virtual roundtables to gather feedback on how we can improve our community governance. This led me to invest a lot of time and effort in documenting Drupal's Values and Principles.

In 2018, we transitioned from listening to planning. Earlier this year, I chartered the Drupal Governance Task Force. The goal of the task force was to draft a set of recommendations for how to evolve and strengthen Drupal's governance based on all of the feedback we received. Last week, after months of work and community collaboration, the task force shared thirteen recommendations (PDF).

Me reviewing the Drupal Governance proposal on a recent trip.

Before any of us jump to action, the Drupal Governance Task Force recommended a thirty-day, open commentary period to give community members time to read the proposal and to provide more feedback. After the thirty-day commentary period, I will work with the community, various stakeholders, and the Drupal Association to see how we can move these recommendations forward. During the thirty-day open commentary period, you can then get involved by collaborating and responding to each of the individual recommendations below:

I'm impressed by the thought and care that went into writing the recommendations, and I'm excited to help move them forward.

Some of the recommendations are not new and are ideas that either the Drupal Association, myself or others have been working on, but that none of us have been able to move forward without a significant amount of funding or collaboration.

I hope that 2019 will be a year of organizing and finding resources that allow us to take action and implement a number of the recommendations. I'm convinced we can make valuable progress.

I want to thank everyone who has participated in this process. This includes community members who shared information and insight, facilitated conversations around governance, were interviewed by the task force, and supported the task force's efforts. Special thanks to all the members of the task force who worked on this with great care and determination for six straight months: Adam Bergstein, Lyndsey Jackson, Ela Meier, Stella Power, Rachel Lawson, David Hernandez and Hussain Abbas.

Categories: Drupal CMS

Code Karate: Drupal 8 Editor Advanced Link Module

Drupal.org aggregator - Tue, 11/13/2018 - 07:41
Episode Number: 218

The Drupal 8 Editor Advanced Link Module allows you to specify additional attributes when creating links in your content. This makes it easy to add a CSS class, an ID, open the link in a new window, or even specify a rel="nofollow" tag. The module is very easy to use, but there is a small trick to getting it set up. Watch the video to see how it's done and start customizing your links in no time!

Tags: DrupalContribDrupal 8Site BuildingDrupal Planet
Categories: Drupal CMS

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Delete all (video tutorial)

Drupal.org aggregator - Tue, 11/13/2018 - 07:20
Drupal Modules: The One Percent — Delete all (video tutorial) NonProfit Tue, 11/13/2018 - 09:20 Episode 52

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Delete all, a module which facilitates deleting users and/or content en masse.

Categories: Drupal CMS

Specbee: The CMS Designed Exclusively for Professional Publishing

Drupal.org aggregator - Mon, 11/12/2018 - 22:55

Digital evolution has taken the world of professional publishing by storm. However, this evolution brought along a whole new set of challenges that publishers are still trying to cope up with.

Categories: Drupal CMS

Kanopi Studios: Easier Editing with the Drupal 8 Paragraphs Edit module

Drupal.org aggregator - Mon, 11/12/2018 - 11:24

The Paragraphs module in Drupal 8 allows us to break content creation into components.  This is helpful for applying styles, markup, and structured data, but can put a strain on content creators who are used to WYSIWYG editors that allow them to click buttons to add, edit, and style content.

The Drupal Paragraphs Edit module adds contextual links to paragraphs that give you the ability to  edit, delete and duplicate paragraphs from the front end, giving editors a quick, easy and visual way to manage their content components.

Installing

Install and enable the module as you normally would, it is a zero configuration module.  It works with Drupal core’s Contextual Links and/or Quick Links module. I did have to apply this patch to get the cloning/duplication functionality working though.

Editing

To use, visit a page and hover over your content area.  You will see an icon in the upper right corner of the Paragraphs component area.   

When you click the Edit option, you are taken to an admin screen where you can edit only that component.

Make your changes and click save to be taken back to the page.

In components that are nested, like the Bootstrap Paragraphs columns component, you will see one contextual link above the nested components.  If you click this, you will be taken to the edit screen where you can modify the parent, and the children.  That is the Columns component, and the 3 text components inside.

Duplicating/Cloning

The term that is used most often for making a copy of something in Drupal is to “Clone” it.  This is a little more complicated because it is technically complicated, but once you get the hang of it, it will become second nature.

Hover over a contextual link and click Clone.

On the edit screen, you are presented with a new Clone To section.  In this section you can choose where to send this clone to, whether that be a Page or a Paragraph.  In this example, I want to duplicate this component to the same page.

  • Type: Content
  • Bundle: Page
  • Parent: (The page you are on)
  • Field: (The same field on that page.)

You can also make any edits you want before saving.  For example, you could change the background color. Click save, and your new component will appear at the bottom of the page, with the new background color.

There are a bunch of possibilities with this way to duplicate components.  To clone to another page, change the Parent. To clone to a nested paragraph component, change the Type to Paragraphs and configure the settings you need.

Deleting

Deleting a component is as you’d expect.  Once you click delete, you are taken to a confirmation screen that asks you if you want to delete.

Conclusion

The Paragraphs Edit module is a simple and powerful tool that gets us a bit closer to inline editing and making our content creator’s lives easier and allows them to be more productive.  Give it a try on your next project and spread the word about this great little helper module!

The post Easier Editing with the Drupal 8 Paragraphs Edit module appeared first on Kanopi Studios.

Categories: Drupal CMS

Drupal blog: Why Drupal's Layout Builder is so powerful and unique

Drupal.org aggregator - Mon, 11/12/2018 - 10:53

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

Layout Builder, which will be in the next release of Drupal 8, is unique in that it can work with structured and unstructured content, and with templated and free-form pages.

Content authors want an easy-to-use page building experience; they want to create and design pages using drag-and-drop and WYSIWYG tools. For over a year the Drupal community has been working on a new Layout Builder, which is designed to bring this page building capability into Drupal core.

Drupal's upcoming Layout Builder is unique in offering a single, powerful visual design tool for the following three use cases:

  1. Layouts for templated content. The creation of "layout templates" that will be used to layout all instances of a specific content type (e.g. blog posts, product pages).
  2. Customizations to templated layouts. The ability to override these layout templates on a case-by-case basis (e.g. the ability to override the layout of a standardized product page)
  3. Custom pages. The creation of custom, one-off landing pages not tied to a content type or structured content (e.g. a single "About us" page).

Let's look at all three use cases in more detail to explain why we think this is extremely useful!

Use case 1: Layouts for templated content

For large sites with significant amounts of content it is important that the same types of content have a similar appearance.

A commerce site selling hundreds of different gift baskets with flower arrangements should have a similar layout for all gift baskets. For customers, this provides a consistent experience when browsing the gift baskets, making them easier to compare. For content authors, the templated approach means they don't have to worry about the appearance and layout of each new gift basket they enter on the site. They can be sure that once they have entered the price, description, and uploaded an image of the item, it will look good to the end user and similar to all other gift baskets on the site.

Drupal 8's new Layout Builder allows a site creator to visually create a layout template that will be used for each item of the same content type (e.g. a "gift basket layout" for the "gift basket" content type). This is possible because the Layout Builder benefits from Drupal's powerful "structured content" capabilities.

Many of Drupal's competitors don't allow such a templated approach to be designed in the browser. Their browser-based page builders only allow you to create a design for an individual page. When you want to create a layout that applies to all pages of a specific content type, it is usually not possible without a developer.

Use case 2: Customizations to templated layouts

While having a uniform look for all products of a particular type has many advantages, sometimes you may want to display one or more products in a slightly (or dramatically) different way.

Perhaps a customer recorded a video of giving their loved one one of the gift baskets, and that video has recently gone viral (because somehow it involved a puppy). If you only want to update one of the gift baskets with a video, it may not make sense to add an optional "highlighted video" field to all gift baskets.

Drupal 8's Layout Builder offers the ability to customize templated layouts on a case per case basis. In the "viral, puppy, gift basket" video example, this would allow a content creator to rearrange the layout for just that one gift basket, and put the viral video directly below the product image. In addition, the Layout Builder would allow the site to revert the layout to match all other gift baskets once the world has moved on to the next puppy video.

Since most content management systems don't allow you to visually design a layout pattern for certain types of structured content, they of course can't allow for this type of customization.

Use case 3: Custom pages (with unstructured content)

Of course, not everything is templated, and content authors often need to create one-off pages like an "About us" page or the website's homepage.

In addition to visually designing layout templates for different types of content, Drupal 8's Layout Builder can also be used to create these dynamic one-off custom pages. A content author can start with a blank page, design a layout, and start adding blocks. These blocks can contain videos, maps, text, a hero image, or custom-built widgets (e.g. a Drupal View showing a list of the ten most popular gift baskets). Blocks can expose configuration options to the content author. For instance, a hero block with an image and text may offer a setting to align the text left, right, or center. These settings can be configured directly from a sidebar.

In many other systems content authors are able to use drag-and-drop WYSIWYG tools to design these one-off pages. This type of tool is used in many projects and services such as Squarespace and the new Gutenberg Editor for WordPress (now available for Drupal, too!).

On large sites, the free-form page creation is almost certainly going to be a scalability, maintenance and governance challenge.

For smaller sites where there may not be many pages or content authors, these dynamic free-form page builders may work well, and the unrestricted creative freedom they provide might be very compelling. However, on larger sites, when you have hundreds of pages or dozens of content creators, a templated approach is going to be preferred.

When will Drupal's new Layout Builder be ready?

Drupal 8's Layout Builder is still a beta level experimental module, with 25 known open issues to be addressed prior to becoming stable. We're on track to complete this in time for Drupal 8.7's release in May 2019. If you are interested in increasing the likelihood of that, you can find out how to help on the Layout Initiative homepage.

An important note on accessibility

Accessibility is one of Drupal's core tenets, and building software that everyone can use is part of our core values and principles. A key part of bringing Layout Builder functionality to a "stable" state for production use will be ensuring that it passes our accessibility gate (Level AA conformance with WCAG and ATAG). This holds for both the authoring tool itself, as well as the markup that it generates. We take our commitment to accessibility seriously.

Impact on contributed modules and existing sites

Currently there a few methods in the Drupal module ecosystem for creating templated layouts and landing pages, including the Panels and Panelizer combination. We are currently working on a migration path for Panels/Panelizer to the Layout Builder.

The Paragraphs module currently can be used to solve several kinds of content authoring use-cases, including the creation of custom landing pages. It is still being determined how Paragraphs will work with the Layout Builder and/or if the Layout Builder will be used to control the layout of Paragraphs.

Conclusion

Drupal's upcoming Layout Builder is unique in that it supports multiple different use cases; from templated layouts that can be applied to dozens or hundreds of pieces of structured content, to designing custom one-off pages with unstructured content. The Layout Builder is even more powerful when used in conjunction with Drupal's other out-of-the-box features such as revisioning, content moderation, and translations, but that is a topic for a future blog post.

Special thanks to Ted Bowman (Acquia) for co-authoring this post. Also thanks to Wim Leers (Acquia), Angie Byron (Acquia), Alex Bronstein (Acquia), Jeff Beeman (Acquia) and Tim Plunkett (Acquia) for their feedback during the writing process.

Categories: Drupal CMS

Promet Source: The Promet Family is Growing: Promet Acquires Digital Creative Agency DAHU

Drupal.org aggregator - Mon, 11/12/2018 - 10:24
  We’re thrilled to announce the acquisition of DAHU; a strategy-focused, user experience and design agency. By adding DAHU capabilities we have creatively and strategically “leveled up” to provide more comprehensive solutions for clients. Specifically, DAHU will enhance our UI design, User Experience and add the following capabilities: WordPress development, messaging, and branding.  
Categories: Drupal CMS

Code Karate: Drupal 8 Editor File Upload Module

Drupal.org aggregator - Mon, 11/12/2018 - 08:57
Episode Number: 217

The Drupal 8 Editor File Upload Module is a great module for allowing your content editors to upload files directly in your website content. If you have ever needed to upload a file, and then include a link to that file, then the Editor File Upload module will be useful. Rather than having to upload the file manually using FTP or through another module, then having to go back to create a link in your content to that file, this module lets you do it all in one step.

Tags: DrupalContribDrupal 8File ManagementSite BuildingDrupal Planet
Categories: Drupal CMS

Agiledrop.com Blog: Interview with Adam Bergstein, aka Nerdstein: Should Drupal 8 core development slow down?

Drupal.org aggregator - Mon, 11/12/2018 - 06:10

Adam Bergstein is the maintainer of SimplyTest.me, runs the Drupal Coffee Exchange and participates in the Governance Task Force that just released its community proposal. Learn how Adam, aka Nerdstein, feels about Drupal 8 core development.

READ MORE
Categories: Drupal CMS

Dries Buytaert: Why Drupal's Layout Builder is so powerful and unique

Drupal.org aggregator - Mon, 11/12/2018 - 04:02

Content authors want an easy-to-use page building experience; they want to create and design pages using drag-and-drop and WYSIWYG tools. For over a year the Drupal community has been working on a new Layout Builder, which is designed to bring this page building capability into Drupal core.

Drupal's upcoming Layout Builder is unique in offering a single, powerful visual design tool for the following three use cases:

  1. Layouts for templated content. The creation of "layout templates" that will be used to layout all instances of a specific content type (e.g. blog posts, product pages).
  2. Customizations to templated layouts. The ability to override these layout templates on a case-by-case basis (e.g. the ability to override the layout of a standardized product page)
  3. Custom pages. The creation of custom, one-off landing pages not tied to a content type or structured content (e.g. a single "About us" page).

Let's look at all three use cases in more detail to explain why we think this is extremely useful!

Use case 1: Layouts for templated content

For large sites with significant amounts of content it is important that the same types of content have a similar appearance.

A commerce site selling hundreds of different gift baskets with flower arrangements should have a similar layout for all gift baskets. For customers, this provides a consistent experience when browsing the gift baskets, making them easier to compare. For content authors, the templated approach means they don't have to worry about the appearance and layout of each new gift basket they enter on the site. They can be sure that once they have entered the price, description, and uploaded an image of the item, it will look good to the end user and similar to all other gift baskets on the site.

Drupal 8's new Layout Builder allows a site creator to visually create a layout template that will be used for each item of the same content type (e.g. a "gift basket layout" for the "gift basket" content type). This is possible because the Layout Builder benefits from Drupal's powerful "structured content" capabilities.

Many of Drupal's competitors don't allow such a templated approach to be designed in the browser. Their browser-based page builders only allow you to create a design for an individual page. When you want to create a layout that applies to all pages of a specific content type, it is usually not possible without a developer.

Use case 2: Customizations to templated layouts

While having a uniform look for all products of a particular type has many advantages, sometimes you may want to display one or more products in a slightly (or dramatically) different way.

Perhaps a customer recorded a video of giving their loved one one of the gift baskets, and that video has recently gone viral (because somehow it involved a puppy). If you only want to update one of the gift baskets with a video, it may not make sense to add an optional "highlighted video" field to all gift baskets.

Drupal 8's Layout Builder offers the ability to customize templated layouts on a case per case basis. In the "viral, puppy, gift basket" video example, this would allow a content creator to rearrange the layout for just that one gift basket, and put the viral video directly below the product image. In addition, the Layout Builder would allow the site to revert the layout to match all other gift baskets once the world has moved on to the next puppy video.

Since most content management systems don't allow you to visually design a layout pattern for certain types of structured content, they of course can't allow for this type of customization.

Use case 3: Custom pages (with unstructured content)

Of course, not everything is templated, and content authors often need to create one-off pages like an "About us" page or the website's homepage.

In addition to visually designing layout templates for different types of content, Drupal 8's Layout Builder can also be used to create these dynamic one-off custom pages. A content author can start with a blank page, design a layout, and start adding blocks. These blocks can contain videos, maps, text, a hero image, or custom-built widgets (e.g. a Drupal View showing a list of the ten most popular gift baskets). Blocks can expose configuration options to the content author. For instance, a hero block with an image and text may offer a setting to align the text left, right, or center. These settings can be configured directly from a sidebar.

In many other systems content authors are able to use drag-and-drop WYSIWYG tools to design these one-off pages. This type of tool is used in many projects and services such as Squarespace and the new Gutenberg Editor for WordPress (now available for Drupal, too!).

On large sites, the free-form page creation is almost certainly going to be a scalability, maintenance and governance challenge.

For smaller sites where there may not be many pages or content authors, these dynamic free-form page builders may work well, and the unrestricted creative freedom they provide might be very compelling. However, on larger sites, when you have hundreds of pages or dozens of content creators, a templated approach is going to be preferred.

When will Drupal's new Layout Builder be ready?

Drupal 8's Layout Builder is still a beta level experimental module, with 25 known open issues to be addressed prior to becoming stable. We're on track to complete this in time for Drupal 8.7's release in May 2019. If you are interested in increasing the likelihood of that, you can find out how to help on the Layout Initiative homepage.

An important note on accessibility

Accessibility is one of Drupal's core tenets, and building software that everyone can use is part of our core values and principles. A key part of bringing Layout Builder functionality to a "stable" state for production use will be ensuring that it passes our accessibility gate (Level AA conformance with WCAG and ATAG). This holds for both the authoring tool itself, as well as the markup that it generates. We take our commitment to accessibility seriously.

Impact on contributed modules and existing sites

Currently there a few methods in the Drupal module ecosystem for creating templated layouts and landing pages, including the Panels and Panelizer combination. We are currently working on a migration path for Panels/Panelizer to the Layout Builder.

The Paragraphs module currently can be used to solve several kinds of content authoring use-cases, including the creation of custom landing pages. It is still being determined how Paragraphs will work with the Layout Builder and/or if the Layout Builder will be used to control the layout of Paragraphs.

Conclusion

Drupal's upcoming Layout Builder is unique in that it supports multiple different use cases; from templated layouts that can be applied to dozens or hundreds of pieces of structured content, to designing custom one-off pages with unstructured content. The Layout Builder is even more powerful when used in conjunction with Drupal's other out-of-the-box features such as revisioning, content moderation, and translations, but that is a topic for a future blog post.

Special thanks to Ted Bowman (Acquia) for co-authoring this post. Also thanks to Wim Leers (Acquia), Angie Byron (Acquia), Alex Bronstein (Acquia), Jeff Beeman (Acquia) and Tim Plunkett (Acquia) for their feedback during the writing process.

Categories: Drupal CMS

DrupalBASE: Creating visualization styles

Drupal.org aggregator - Mon, 11/12/2018 - 02:55

Visualization styles are configuration entities that store a reference to a drawer plugin (its Id) and a set of configuration defaults. These styles are used to create drawings. As VisualN defines it, a drawing is a ready, self-contained piece of markup (or render array) with possibly styles and scripts attached. Almost anything can be a drawing: a chart, an image gallery or even a web app.

In a sense, they are similar to image styles which are applied to an original image in order to get a styled one. In the case of visualization styles, they are applied to sets of data to get a drawing as a result. Though some drawers don't even need data to create a drawing.

Visualization styles can be created either using Available drawers preview UI or directly using VisualN > Visualization Styles administration page. Once created, they can be used anywhere on the site to create drawings: views, fields, blocks, embedded into content via ckeditor, tokens etc. Multiple styles can be created for the same drawer.

On the screenshot below a style is created for the Linechart Basic drawer provided with VisualN module.

To create a visualization style, its label must be set and drawer plugin selected. If selected drawer plugin configuration form provides required fields, those must be set up too.

Categories: Drupal CMS

Joanne Armitage on Feminist Algorave

Lullabot - Sun, 11/11/2018 - 07:30
In this episode, Matthew Tift talks with Dr. Joanne Armitage, a lecturer in digital media at the University of Leeds. Joanne performs regularly with ALGOBABEZ, the Orchestra For Females And Laptops (OFFAL), and other collaborators. She recently won the British Science Association’s Daphne Oram Award for Digital Innovation. In this episode, we discuss feminist algorave, her live coding workshops for women and non-binary people, narratives around failure, inclusion and diversity in technology communities, and more.
Categories: Drupal CMS

Code Karate: Drupal 8 Image Widget Crop Module

Drupal.org aggregator - Sat, 11/10/2018 - 07:46
Episode Number: 216

The Drupal 8 Image Widget Crop Module is a handy module for allowing your content editors on your website to crop images after they upload them. Have you ever uploaded an image on a website and had it automatically crop the image for you in a way that just looks wrong? This module solves that problem!

Tags: DrupalContribDrupal 8Image HandlingSite BuildingDrupal Planet
Categories: Drupal CMS

Code Karate: Drupal 8 Contact Storage Export Module

Drupal.org aggregator - Fri, 11/09/2018 - 13:49
Episode Number: 215

In this episode, we cover the Drupal 8 Contact Storage Export Module. This episode covers a module that adds additional functionality to the Contact Storage Module (which we covered in episode 213). This module allows you to export your contact form submissions to a CSV file. It's a simple module that serves a very specific purpose. If you need to export your contact form submissions, this is how you do it!

Tags: DrupalContribDrupal 8Site BuildingDrupal Planet
Categories: Drupal CMS

Drupal blog: The end of PHP 5

Drupal.org aggregator - Fri, 11/09/2018 - 09:28

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

If you are still using PHP 5, now is the time to upgrade to a newer version of PHP.

PHP, the Open Source scripting language, is used by nearly 80 percent of the world's websites.

According to W3Techs, around 61 percent of all websites on the internet still use PHP 5, a version of PHP that was first released fourteen years ago.

Now is the time to give PHP 5 some attention. In less than two months, on December 31st, security support for PHP 5 will officially cease. (Note: Some Linux distributions, such as Debian Long Term Support distributions, will still try to backport security fixes.)

If you haven't already, now is the time to make sure your site is running an updated and supported version of PHP.

Beyond security considerations, sites that are running on older versions of PHP are missing out on the significant performance improvements that come with the newer versions.

Drupal and PHP 5 Drupal 8

Drupal 8 will drop support for PHP 5 on March 6, 2019. We recommend updating to at least PHP 7.1 if possible, and ideally PHP 7.2, which is supported as of Drupal 8.5 (which was released March, 2018). Drupal 8.7 (to be released in May, 2019) will support PHP 7.3, and we may backport PHP 7.3 support to Drupal 8.6 in the coming months as well.

Drupal 7

Drupal 7 will drop support for older versions of PHP 5 on December 31st, but will continue to support PHP 5.6 as long there are one or more third-party organizations providing reliable, extended security support for PHP 5.

Earlier today, we released Drupal 7.61 which now supports PHP 7.2. This should make upgrades from PHP 5 easier. Drupal 7's support for PHP 7.3 is being worked on but we don't know yet when it will be available.

Thank you!

It's a credit to the PHP community that they have maintained PHP 5 for fourteen years. But that can't go on forever. It's time to move on from PHP 5 and upgrade to a newer version so that we can all innovate faster.

I'd also like to thank the Drupal community — both those contributing to Drupal 7 and Drupal 8 — for keeping Drupal compatible with the newest versions of PHP. That certainly helps make PHP upgrades easier.

Categories: Drupal CMS

Agiledrop.com Blog: Top Drupal blog post from October 2018

Drupal.org aggregator - Fri, 11/09/2018 - 07:12

We’ve prepared for you an overview of the best Drupal blog post written in the previous month - October 2018. Enjoy.

READ MORE
Categories: Drupal CMS

ComputerMinds.co.uk: Beware File::getFileUri()!

Drupal.org aggregator - Fri, 11/09/2018 - 06:06

I'll keep this short and sweet, but we thought this would be a useful tip to share with the world as a potential security issue with the combined use of File::getFileUri() and FileSystem::realpath().

Consider the following code excerpt :

$file = File::load($some_file_uri); if ($file) { $uri = $file->getFileUri(); $file_realpath = \Drupal::service('file_system')->realpath($uri); }

Seems pretty harmless right? Load up the file from $some_file_uri , If we have a valid file then get the URI and then grab the real path.

Wrong (potentially, depending on what you do with $file_realpath).

If $file is a valid file, but for whatever reason the file is no longer physically located on disk, then $file->getFileUri() will return a blank string.

It turns out that passing this blank string $uri into \Drupal::service('file_system')->realpath($uri) will return the full webroot of your site!

Depending on what you were doing with said $file_realpath, it could then be a security issue.

We were handling a user webform submission and then sending the submission over to a CRM system... because $file_realpath was now the webroot of the site, then code that followed to archive the user submitted file ended up archiving the entire webroot and sending this over to the client's CRM system. 

Luckily in this instance, the archive was only ever available temporarily server side and then went directly to the clients own CRM system, but in another circumstance this could have easily been a very serious security issue.

Fortunately the fix is quite simple, ensure the the $uri returned from ->getFileUri() is valid by some method, before passing through realpath(). Here, I now validate the uri matches what I know it should be for the current webform submission.

if ($file) { $uri = $file->getFileUri(); $webform_id = $webform->get('id'); $submission_id = $webform_submission->get('sid')->getValue()[0]['value']; $valid_file_scheme = strpos($uri, 'private://webform/' . $webform_id . '/' . $submission_id . '/') !== FALSE; if ($valid_file_scheme) { // Proceed with the rest of the code.. } }

 

Categories: Drupal CMS

Dries Buytaert: The end of PHP 5

Drupal.org aggregator - Thu, 11/08/2018 - 15:19

It's easy to take PHP for granted. The Open Source scripting language is used by nearly 80% of the world's websites.

According to W3Techs, around 61 percent of websites on the internet still use PHP 5. PHP 5 was first released fourteen years ago. Fourteen years is a long time, and makes it easy to take it for granted.

Now is the time to give PHP 5 some attention. In less than two months, on December 31st, security support for PHP 5 will officially cease. (Note: Some Linux distributions, such as Debian Long Term Support distributions, will still try to backport security fixes.)

If you haven't already, now is the time to make sure your site is running an updated and supported version of PHP.

Beyond security considerations, sites that are running on older versions of PHP are missing out on the significant performance improvements that come with the newer versions.

Drupal and PHP 5 Drupal 8

Drupal 8 will drop support for PHP 5 on March 6, 2019. We recommend updating to at least PHP 7.1 if possible, and ideally PHP 7.2, which is supported as of Drupal 8.5 (which was released March, 2018). Drupal 8.7 (to be released in May, 2019) will support PHP 7.3, and we may backport PHP 7.3 support to Drupal 8.6 in the coming months as well.

Drupal 7

Drupal 7 will drop support for older versions of PHP 5 on December 31st, but will continue to support PHP 5.6 as long there are one or more third-party organizations providing reliable, extended security support for PHP 5.

Earlier today, we released Drupal 7.61 which now supports PHP 7.2. This should make upgrades from PHP 5 easier. Drupal 7's support for PHP 7.3 is being worked on but we don't know yet when it will be available.

Thank you!

It's a credit to the PHP community that they've made it easy for all of us to take this programming language for granted. But that can't go on forever. It's time to move on from PHP 5 and upgrade to a newer version so that we can all innovate faster.

I'd also like to thank the Drupal community — both those contributing to Drupal 7 and Drupal 8 — for keeping Drupal compatible with the newest versions of PHP. That certainly helps make PHP upgrades easier.

Categories: Drupal CMS

Hook 42: BADCamp 2018 Retrospective: A GatsbyJS Primer

Drupal.org aggregator - Thu, 11/08/2018 - 13:27

Now that I’ve settled back down in Alaska after a fun trip to Berkeley for BADCamp, I’m finally digesting all of the info I gathered throughout the week. As always, it was cool to look over the schedule and see what topics were getting a lot of attention; and, without a doubt, it seemed like GatsbyJS was the hot-ticket item this year. So here’s a primer on what GatsbyJS is and why the Drupal community seems so head-over-heels for this up and coming site generator.

Categories: Drupal CMS

Kanopi Studios: BADCamp + Accessibility = Education, Inspiration and Opportunity

Drupal.org aggregator - Thu, 11/08/2018 - 07:51

Now that the excitement of BADCamp has worn off, I have a moment to reflect on my experience as a first-time attendee of this amazing, free event. Knowing full well how deeply involved Kanopi Studios is in both the organization and thought leadership at BADCamp, I crafted my schedule for an opportunity to hear my colleagues while also attending as many sessions on Accessibility and User Experience (UX) as possible.

Kanopi’s sessions included the following:

The rest of my schedule revolved around a series of sessions and trainings tailored toward contributing to the Drupal community, Accessibility and User Experience.

For the sake of this post, I want to cover a topic that everyone who builds websites can learn from. Without further ado, let’s dive a bit deeper into the accessibility portion of the camp.  

Who is affected by web accessibility?

According to the CDC, 53 million adults in the US live with some kind of disability; which adds up to 26% of adults in the US. Issues range from temporary difficulties (like a broken wrist) to permanent aspects of daily life that affect our vision, hearing, mental processing and mobility. Creating an accessible website allows you to communicate with 1 in 4 adults you might otherwise have excluded.

What is web accessibility?

Accessibility is a detailed set of requirements for content writers, web designers and web developers. By ensuring that a website is accessible, we are taking an inclusive attitude towards our products and businesses. The Web Content Accessibility Guidelines (WCAG) are a globally acknowledged set of standards that help us publish content that fits within the established success criteria. These guidelines are organized into the following four categories.

WCAG Categories:

  • Is your website perceivable? This applies to non-text content, time-based media (audio and video), color contrast, text size, etc.
  • Is your website operable? This ensures that content is easy to navigate using a keyboard, that animations and interactions meet real-user requirements, buttons are large enough to click, etc.
  • Is your website understandable? This means that text content is easy to read for someone at a ninth grade reading level, that interactions follow design patterns in a predictable manner, that form errors are easy to recover from, etc.
  • Is your website robust? This means that content should be easy to interpret for assistive technologies, such as screen readers.

The World Wide Web Consortium (W3C) is an international community whose mission is to lead the Web to its full potential. They have also published a checklist to aid our efforts in meeting WCAG success criteria.

How can we be successful in making the web accessible?

Industries have varied requirements when it comes to web accessibility. WCAG has three levels of compliance, ranging from A to AA to AAA. A conformity has the lowest set of requirements and AAA has the strictest set of requirements; so strict, in fact, it may be impossible to achieve across an entire site.

Efforts to meet these standards fall on every individual involved in the process of creating a website. Although there are many tools that aid in our journey, we reach accessibility through a combination of programmatic and manual means.

The most important thing to keep in mind is the fact that achieving success in the world of accessibility is a journey. Any efforts along the way will get you one step closer towards a more inclusive website and a broader audience base.

Please Remember: Once Kanopi helps you launch an accessible site, it’s your job to maintain it. Any content you add moving forward must be properly tagged; images should have proper alt text and videos should have captions. Users come to your site because they love your content, after all! The more you can make your content accessible, the more you will delight your users.

Interested in making your site more accessible? Check out some of the resources I linked to above to join in learning from my peers at BADCamp. If you need more help getting there, let’s chat!

The post BADCamp + Accessibility = Education, Inspiration and Opportunity appeared first on Kanopi Studios.

Categories: Drupal CMS

Pages