emGee Software Solutions Custom Database Applications

Share this

Drupal.org aggregator

Drupal.org - aggregated feeds in category Planet Drupal
Updated: 2 days 17 hours ago

Security advisories: Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006

Wed, 04/17/2019 - 13:30
Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: 

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes:

jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.

It's possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release backports the fix to jQuery.extend(), without making any other changes to the jQuery version that is included in Drupal core (3.2.1 for Drupal 8 and 1.4.4 for Drupal 7) or running on the site via some other module such as jQuery Update.

Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Also see the Drupal core project page.

Additional information

All advisories released today:

Updating to the latest Drupal core release will apply the fixes for all the above advisories.

Reported By: Fixed By: 
Categories: Drupal CMS

Security advisories: Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

Wed, 04/17/2019 - 13:29
Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Multiple Vulnerabilities Description: 

This security release fixes third-party dependencies included in or required by Drupal core.

  • CVE-2019-10909: Escape validation messages in the PHP templating engine. From that advisory:

    Validation messages were not escaped when using the form theme of the PHP templating engine which, when validation messages may contain user input, could result in an XSS.

  • CVE-2019-10910: Check service IDs are valid. From that advisory:

    Service IDs derived from unfiltered user input could result in the execution of any arbitrary code, resulting in possible remote code execution.

  • CVE-2019-10911: Add a separator in the remember me cookie hash. From that advisory:

    This fixes situations where part of an expiry time in a cookie could be considered part of the username, or part of the username could be considered part of the expiry time. An attacker could modify the remember me cookie and authenticate as a different user. This attack is only possible if remember me functionality is enabled and the two users share a password hash or the password hashes (e.g. UserInterface::getPassword()) are null for all users (which is valid if passwords are checked by an external system, e.g. an SSO).

Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Also see the Drupal core project page.

Additional information

All advisories released today:

Updating to the latest Drupal core release will apply the fixes for all the above advisories.

Reported By: Fixed By: 
Categories: Drupal CMS

Lullabot: Rocket Ship Fast Jobs in CircleCI by Preinstalling the Database

Wed, 04/17/2019 - 11:00

CircleCI is great at enabling developers defining a set of images to spin up an environment for testing. When dealing with a website with a database, the usual build process involves downloading a database dump, installing it, and then performing tests. Here is a sample job that follows this approach. Notice where the majority of the time is allocated:

Categories: Drupal CMS

WeKnow: Drupalcon Seattle 2019 Recap

Wed, 04/17/2019 - 10:42
Drupalcon Seattle 2019 Recap

DrupalCon Seattle 2019 was my second Drupal Conference. Everybody enjoys travel, and everybody should enjoy learning while at it! This year I had the opportunity to do both, taking benefit of the Professional Development Program that weKnow offers as well as taking my family on vacation.

The Washington State Convention Center

 

In my first hours in Seattle, I joined my teammates, got my credentials and the full information about the event... I was surprised by the variety of sessions available! One difference compared to Nashville 2018, this year there were only 2 days for room conferences, but the quantity looks similar. In fact, I did attend more sessions this year than in 2018.

dsabolo Wed, 04/17/2019 - 17:42
Categories: Drupal CMS

Aten Design Group: Placing Components with Drupal's Extra Fields

Wed, 04/17/2019 - 10:17

One of the challenges front-end developers face is adding new components to entity templates that exist outside of what is defined in the Field API; or in other words, adding dynamic components that aren’t really fields. Often this can be easily done by throwing the custom markup in a .html.twig file and calling it a day. But if you’re working on something that needs to be reusable, or if you’re collaborating with a site builder who doesn’t write code, the custom template route can be limiting.

Enter hook_entity_extra_field_info().

Content Moderation: A “Pseudo-Field” in Core

Drupal’s documentation says this hook “exposes ‘pseudo-field’ components on content entities.” You can see this hook in action with the Content Moderation module in core. All moderation-enabled entities can have an option box, placed via that entity’s Manage Display page, that contains a widget to update an entity’s moderation state in place rather than clicking through to the edit page.

The moderation option isn’t a real field. Rather, it’s what Drupal calls a “Pseudo Field.” But by using hook_entity_extra_field_info(), you wouldn’t know the difference. The moderation option can be moved around and configured for various display modes, just like “real” fields.

Using hook_entity_extra_field_info in a Custom Module

On a recent project, we needed to integrate a newer commenting service called Coral Talk. After searching, we learned that no module existed to integrate this service in Drupal. This presented a perfect use case for an Extra Field, and only needed two hooks for the bulk of the work:

/** * Implements hook_entity_extra_field_info(). */ function coral_talk_entity_extra_field_info() { // Load commenting configuration. $config = \Drupal::config(coral_talk.settings'); $extra = [];   // Loop over the content types configured to have comments // and get their bundle name. foreach ($config->get('content_types') as $bundle) { if ($bundle) { // Add info for Extra Field to nodes only, specific to configured // content types. This determines what shows on Manage Display. $extra['node'][$bundle]['display'][‘coral_talk_comments'] = [ 'label' => t(‘Coral Talk Comments'), 'description' => t('Place commenting on the page.'), 'weight' => 100, 'visible' => TRUE, ]; } }   // Return our new extra field. return $extra; }

After a cache clear, this new field will appear on the configured content types’ Manage Display page and can be placed on the content type along with the other fields for that content type. Now that the field is defined, it needs some info for what should be rendered to the page. This is handled by Drupal’s hook_ENTITY_TYPE_view() hook.

/** * Implements hook_ENTITY_TYPE_view(). */ function coral_talk_node_view( array &$build, \Drupal\Core\Entity\EntityInterface $entity, \Drupal\Core\Entity\Display\EntityViewDisplayInterface $display, $view_mode ) { // 1. Check to see if our new field should be rendered on the entity display. // 2. Determine whether the user has permission to add comments. $condition = ( $display->getComponent(‘coral_talk_comments') && \Drupal::currentUser()->hasPermission('create coral comment') );   if ($condition) { $config = \Drupal::config(coral_talk.settings');   // Add the new field to the $build array with a call to a custom theme // hook to render the comments. Pass necessary config into comment // settings. $build[‘coral_talk_comments'] = [ '#theme' => 'coral_talk_comments', '#domain' => $config->get('domain') ?? '', ]; } }

After another cache clear, we’ll now see our comments being rendered to our content types in whichever view mode they’re enabled on. The moves setup of comments outside of code and into a place that’s more accessible and flexible for various users.

This approach is great for simple scenarios. One drawback, however, is that it’s not possible to define any custom configuration options for these pseudo fields. Each extra field is identical, and any configuration has to be hard coded in these hooks. This presents challenges for site builders, who might want to configure comments differently per content type however. Fortunately, there is a solution in contrib that changes how Extra Fields are defined and allows for developers to add configuration to each field. In the next post, we’ll explore the Extra Field Settings Provider module.

Categories: Drupal CMS

Phase2: Migration: Making It All Work

Wed, 04/17/2019 - 10:04

We’ve written a lot about content migration on our blog here—it’s something we have more than a passing interest in, because we do it a lot! The posts below cover the project management, estimation, and basics of content migration from Drupal to Drupal, and other sources too.

Categories: Drupal CMS

Hook 42: Speaker Notes: Attending DrupalCon as a Presenter

Wed, 04/17/2019 - 06:42

DrupalCon 2019 was a bit different for me. I have attended previous DrupalCons, usually sitting in the back of the room just taking in all that I could from experts around the world. This year, however, I had the opportunity to be a speaker. Not only was I afforded the opportunity to speak, but I had two separate sessions accepted.

Categories: Drupal CMS

Agiledrop.com Blog: Interview with Ruben Teijeiro, Drupal hero at 1xINTERNET and co-founder of Youpal

Wed, 04/17/2019 - 00:40

For our latest Drupal Community interview, we had a really great talk with Ruben Teijeiro of Youpal and 1xINTERNET. Ruben revealed to us the meaning and responsibilities of a Drupal hero, a role which has enabled him to spread Drupal awareness all over the world and meet diverse Drupal communities.

READ MORE
Categories: Drupal CMS

OPTASY: What Makes the End-User Experience in Drupal 8 Stand Out?

Wed, 04/17/2019 - 00:30
What Makes the End-User Experience in Drupal 8 Stand Out? adriana.cacoveanu Wed, 04/17/2019 - 07:30

What makes Drupal a great choice from a UX standpoint? What features are responsible for the enhanced end-user experience in Drupal 8? Those features that enable you to easily create an intuitive and enjoyable visitor experience on your own Drupal-based website/application.

And to constantly improve it...

Is it all those performance enhancements that it ships with? Or maybe its “responsive out-of-the-box” nature? Or rather its multilingual capabilities?
 

1. But First: 7 Evergreen Ways to Improve Your Website's UX

It goes without saying that, in order to create an enjoyable, rich user experience on your Drupal 8 website, you'll need to:
 

Categories: Drupal CMS

Amazee Labs: DrupalCon Seattle Recap - A week to remember

Tue, 04/16/2019 - 11:04
DrupalCon Seattle Recap - A week to remember

I was so excited about going to DrupalCon Seattle, I started packing one week in advance. Granted, I decided to travel light, so my carry-on suitcase quickly showed the task wouldn’t take long.

Maria Comas Tue, 04/16/2019 - 20:04

Every DrupalCon I have been lucky enough to attend has been special in their own way. This was my first time going back to the States after moving out almost two years ago, so after an airport hiccup (protip: make sure to apply for a new ESTA if you happen to renew your passport after you felt very accomplished getting it ready so much time in advance) I was happy to set my regular-sized foot onto its northwest corner.  

The week started very nicely, with some time to explore the city and enjoy a selection of its fine food. As there weren’t any sessions on until Wednesday, Tuesday was mostly hanging out with teammates and other friendly faces in the contribution room.

 Anyone else noticed how in the US bathroom stall’s doors never quite make it to the edge?

After a delicious and fun dinner where all Amazees gathered, it was party time. One of the highlights of the week was getting to attend the Museum of Pop Culture at Pantheon’s party, which featured some awesome exhibits. My favourite part was a sound lab where one could learn how to play real instruments (Louie Louie anyone?).

“Next DrupalCon we need a setlist."

Wednesday and Thursday were packed with brain-revving sessions. Gatsby, data-fetching strategies, and front-end performance were a few of the topics that got a lot of circulation on the printed schedule. But it was diversity and inclusion that rightfully took the main stage at the keynotes. Dries Buytaert began his speech acknowledging that Open Source is not a meritocracy, and Marcy Sutton and Nythia Ruff closed with essential insights on how to use our collective power to build inclusive communities and products.

All in all, there were many moments that made this past week remarkable. Many involved spending time with the team, others meeting new people. Some were expected, like the Women in Drupal luncheon. Others were not, like the Movement BoF that got me walking as if I was auditioning for the Ministry of Silly Walks.

One remarkable moment was definitely getting to give my (first ever) presentation at a DrupalCon (I can confirm, the Speakers-only room has special catering!). All of these moments made me once more very grateful for being able to be a part of this. I’m looking forward next time I get to play suitcase Tetris and find out what will make the next DrupalCon a one-of-a-kind experience.

Categories: Drupal CMS

Nonprofit Drupal posts: April Drupal for Nonprofits Chat

Tue, 04/16/2019 - 08:42

Our normally scheduled call to chat about all things Drupal and nonprofits will happen Thursday, April 18 at 1pm ET / 10am PT. (Convert to your local time zone.)

On the agenda this month is a report-back from DrupalCon Seattle -- including the Nonprofit Summit -- and anything else related to Drupal and nonprofits that's on our minds.

Feel free to share your thoughts and discussion points ahead of time in our collaborative Google doc: https://nten.org/drupal/notes

We have an hour to chat so bring your best Drupal topics and let's do this thing!

Some examples to get your mind firing: how do I recreate [feature] on my Drupal 7 site in Drupal 8? I need to explain [complicated thing] to a non-technical stakeholder -- any advice? How can I get Drupal and my CRM to play nicely?

This free call is sponsored by NTEN.org but open to everyone.

View notes of previous months' calls.

Categories: Drupal CMS

OSTraining: How to Add Drupal Webforms to Content Types

Tue, 04/16/2019 - 08:40

An OSTraining member asked us if it was possible to connect Webforms to their content.

I can imagine a lot of use-cases for this. For example, if you have an "Events" content type, you might want a form so visitors can contact the event organizer. Or if you have a "Business" content type, it might be useful for people to contact the business.

This can be done thanks to a module called "Webform Extra Field" and in this tutorial I'll show you how.

Categories: Drupal CMS

Promet Source: How to Simplify Setup of Complex Drupal Sites with Docker and Expresso PHP

Tue, 04/16/2019 - 07:14
The ever increasing complexity and functionality of Drupal sites does not need to translate into increasingly steeper development costs. In the past, Drupal sites were relatively homogeneous with the occasional multi-domain or multi-site implementation. Today, as sites become more complex, with features such as headless integration with non-Drupal software, the overhead of reproducing an environment locally can become very costly.  Docker was created to bridge the gap between a homogeneous Drupal implementation and a complex integration with non-Drupal software.  
Categories: Drupal CMS

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Required by role (video tutorial)

Tue, 04/16/2019 - 06:26
Drupal Modules: The One Percent — Required by role (video tutorial) NonProfit Tue, 04/16/2019 - 08:26 Episode 53

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Required by role, a module which allows a field to be required for some roles but not others.

Categories: Drupal CMS

orkjerns blogg: Demo: Updating Drupal core automatically

Tue, 04/16/2019 - 01:04
Demo: Updating Drupal core automatically admin Tue, 04/16/2019 - 09:56

Last week Drupalcon North America was held in Seattle, where Dries opened the conference with the traditional "Driesnote". In the presentation, Dries talked about automated updates for Drupal, a thing I am very passionate about myself. He then went on to say:

I hope that in Drupalcon Amsterdam...in six months… I will be able to stand on stage and actually give some sort of demo. That would be my goal. So obviously… I would need your help with that… but that would be fantastic.

This triggered a thought: with the tools we have today, and as composer support is fairly decent, we can actually demo this somewhat utopic goal now. Which is why I made a video of just that. So without further ado: here is the demo!

 

Automatic updates and the future

This demo demonstrates tools that are available now. Instead of only focusing on those tools (and promoting violinist.io), I want to expand on the subject of automated updates in Drupal, and its future.

Like for Dries, automatic updates is an important issue to me. Not only because I promote running automated composer updates with violinist.io, but because having these features will make Drupal more viable for hobbyists and beginners. Which in turn is something that can help us reach more users, and increase our diversity. Consequently, having automated updates is important for the “non-professional” group of Drupal users.

In the presentation, Dries also points out some important positive effects of having automated updates. First, it will help securing your site (or your client's site) when time-critical security updates are released. Second, it will make it easier for organizations and agencies to maintain websites. This means that having automated updates is important for the “professional” group of Drupal users as well.

This brings us to the next segment, which mostly applies to agencies and organizations using Drupal professionally. Two issues are often raised about having automated updates. First, that moving and/or overwriting the files of your codebase is a security risk. Second, that updating files on your live server can be a no-go. Maybe you have a version control system in place. Or perhaps you have a continuous integration/deployment pipeline. Or, you have setups that deploy their codebase to multiple front-servers. The two issues are valid concerns, but usually they are less of a concern to "non-professional" users. This implies that having automated updates is important for the “professional” AND “non-professional”, but the preferred implementation for these two groups might conflict.

In my personal opinion, we can support both. Let me explain how.

My suggestion is that we can have a system in place that is pluggable in all parts. This means that the "non-professional" can use plugins that are useful for updating via the file system, and hopefully set-and-forget the automatic updates for their site. It also means that the "professional", the one with the pipeline and version control, could have entirely different plugins for updates. To get back to the video above, a pre-flight check (which is how we determine if we can update) can mean checking for pull requests for the available update, and checking that the tests pass. The plugin for updating could simply merge the pull request, since automated deploys are run for the master branch. Now, different teams have different requirements, but this means that you could use a Pantheon or Platform.sh plugin for automated updates. Or, maybe you have a custom plugin for your team that you use across projects.

I believe this feature can help automation for "professional" teams of all sizes, and make the very same system usable for "non-professionals" that want to set-and-forget. This is also why I believe having automated updates in core, is in no way in conflict with doing automated updates like in the video above. It will only complement the toolbox we currently have!

If you want to read more about the Automatic Updates initiative, there is more info here. It is an exciting future, and we can all help out in making the future more user-friendly and secure. I know I will!

Categories: Drupal CMS

Jeff Geerling's Blog: DrupalCon Seattle 2019 is a wrap! It's all about the people

Mon, 04/15/2019 - 19:59

I'm on the flight home from this year's North American DrupalCon. Couldn't sleep, so thought I'd jot down a few words after a great experience in Seattle.

Last year, some remember seeing me walking the halls in Nashville akin to a zombie. But not the hungry, flesh-eating kind... more like the thin, scraggly, zoned-out kind. Last year my health was very poor. I went to DrupalCon mostly because it was the first DrupalCon within driving distance of St. Louis since DrupalCon Chicago several years ago. In hindsight it might not have been the best idea, and I had to skip a number of events due to my health.

Since that time, I experienced a grueling surgery and recovery, and learned to live with my new friend, the stoma. (Warning: scatalogical humor ahead—hey, it's my coping mechanism!).

Categories: Drupal CMS

Promet Source: Drupal Don’ts: Pitfalls to Avoid for Site Success

Mon, 04/15/2019 - 15:54
Success with Drupal development often depends as much on knowing what NOT to do as much as what to do. If you are not “Thinking in Drupal," you are likely to develop a Drupal site using strategies that are not conducive to a: Drupal-friendly site that allows changes to be made to configuration without writing code; Site that is as accessible as it could be; and/or A low-maintenance coding strategy. Let’s take a look at common Drupal development practices that do not reflect “Thinking in Drupal.”  
Categories: Drupal CMS

Drupal @ Penn State: Drupalcon: We Made web development fun again, with web components!

Mon, 04/15/2019 - 12:44

This was a 90 minute session from DrupalCon Seattle 2019. The room was not recorded ( BUT, we recorded locally from Mike’s laptop! Enjoy! Our slides are also attached in the links below. The room was overflowing and we got great feedback on it so I hope you enjoy it too

Seems that it was pretty well received given this tweet of me floating around jumping up and down :)

Categories: Drupal CMS

Dries Buytaert: State of Drupal presentation (April 2019)

Mon, 04/15/2019 - 07:38

Last week, many Drupalists gathered in Seattle for DrupalCon North America, for what was the largest DrupalCon in history.

As a matter of tradition, I presented my State of Drupal keynote. You can watch a recording of my keynote (starting at 32 minutes) or download a copy of my slides (153 MB).

Making Drupal more diverse and inclusive

DrupalCon Seattle was not only the largest, but also had the most diverse speakers. Nearly 50% of the DrupalCon speakers were from underrepresented groups. This number has been growing year over year, and is something to be proud of.

I actually started my keynote by talking about how we can make Drupal more diverse and inclusive. As one of the largest and most thriving Open Source communities, I believe that Drupal has an obligation to set a positive example.

I talked about how Open Source communities often incorrectly believe that everyone can contribute. Unfortunately, not everyone has equal amounts of free time to contribute. In my keynote, I encouraged individuals and organizations in the Drupal community to strongly consider giving time to underrepresented groups.

Improving diversity is not only good for Drupal and its ecosystem, it's good for people, and it's the right thing to do. Because this topic is so important, I wrote a dedicated blog post about it.

Drupal 8 innovation update

I dedicated a significant portion of my keynote to Drupal 8. In the past year alone, there have been 35% more sites and 48% more stable modules in Drupal 8. Our pace of innovation is increasing, and we've seen important progress in several key areas.

With the release of Drupal 8.7, the Layout Builder will become stable. Drupal's new Layout Builder makes it much easier to build and change one-off page layouts, templated layouts and layout workflows. Best of all, the Layout Builder will be accessible.

Drupal 8.7 also brings a lot of improvements to the Media Library.

We also continue to innovate on headless or decoupled Drupal. The JSON:API module will ship with Drupal 8.7. I believe this not only advances Drupal's leadership in API-first, but sets Drupal up for long-term success.

These are just a few of the new capabilities that will ship with Drupal 8.7. For the complete list of new features, keep an eye out for the release announcement in a few weeks.

Drupal 7 end of life

If you're still on Drupal 7, there is no need to panic. The Drupal community will support Drupal 7 until November 2021 — two years and 10 months from today.

After the community support ends, there will be extended commercial support for a minimum of three additional years. This means that Drupal 7 will be supported for at least five more years, or until 2024.

Upgrading from Drupal 7 to Drupal 8

Upgrading from Drupal 7 to Drupal 8 can be a lot of work, especially for large sites, but the benefits outweigh the challenges.

For my keynote, I featured stories from two end-users who upgraded large sites from Drupal 7 to Drupal 8 — the State of Georgia and Pegasystems.

The keynote also featured quietone, one of the maintainers of the Migrate API. She talked about the readiness of Drupal 8 migration tools.

Preparing for Drupal 9

As announced a few months ago, Drupal 9 is targeted for June 2020. June 2020 is only 14 months away, so I dedicated a significant amount of my keynote to Drupal 9.

Making Drupal updates easier is a huge, ongoing priority for the community. Thanks to those efforts, the upgrade path to Drupal 9 will be radically easier than the upgrade path to Drupal 8.

In my keynote, I talked about how site owners, Drupal developers and Drupal module maintainers can start preparing for Drupal 9 today. I showed several tools that make Drupal 9 preparation easier. Check out my post on how to prepare for Drupal 9 for details.

Thank you

I'm grateful to be a part of a community that takes such pride in its work. At each DrupalCon, we get to see the tireless efforts of many volunteers that add up to one amazing event. It makes me proud to showcase the work of so many people and organizations in my presentations.

Thank you to all who have made this year's DrupalCon North America memorable. I look forward to celebrating our work and friendships at future events!

Categories: Drupal CMS

Sooper Drupal Themes: Drupal vs. TYPO3: the Enterprise CMS Battle of the Century

Mon, 04/15/2019 - 06:29
Drupal and TYPO3

Depending on your needs, you can choose a more simplistic CMS like Wordpress. However, when it comes to businesses and enterprises, a CMS like wordpress won’t cut it. This leaves us with two popular open source options, TYPO3 and Drupal. Both are priding themselves to be the go to CMS for enterprises. In this article, I’m going to make a comparison of both TYPO3 and Drupal.

First things first. TYPO3 is an open source content management system that is written in PHP. Its author, Kasper Skårhøj, has released it in 1998. Drupal is also written in PHP, its author Dries Buytaert, first released it in the year 2000, making TYPO3 the older CMS between them both.

Drupal and Typo3 are the only CMS in the top 10 most used platforms that are aimed at Enterprise organizations.

Market Share

By the end of 2018 TYPO3 had a market share of 1.5%, making it the 8th most used CMS at this time. This means that out of all websites in the world, 1.5% of them were built using TYPO3. Drupal on the other hand, had a market share of 4.6%, making it the third most popular CMS to date. Despite the fact that Drupal is slightly younger, it still managed to capture a larger audience compared to TYPO3. But why is that?

Open Source CMS

Drupal and TYPO3 are both open source. What this means is that the code is available to the general public. This results in developers being able to add different pieces of code by themselves, constantly improving the software. Both have dedicated communities which aim to further improve the performance of the CMS’s.

Performance

When it comes to the performance, both of these platforms have a wide range of modules and extensions. The modules and extensions are basically improvements on the core of both. Thus resulting in a high performance and flexibility on both sides. When it comes to extensions, TYPO3 has 60.000+ of them available, making sure that there is something specific to fulfill any users needs. Drupal also boasts a wide variety of modules, which gives the CMS the ability to cater to the needs of every user. Unlike Drupal, TYPO3 also runs an internal language called TypoScript. Users can leverage it to build additional elements including dynamic content.

Drupal allows the creation and management of different types of content such as text, blogs, videos, podcasts, images etc.

TYPO3 is also able to handle forms, tables, images and different pieces of multimedia. It also allows a lot of control over the layout of the page.

Language support

TYPO3 is famed for its massive availability in over 50 languages. However, Drupal is available in over 100 languages. This makes it even more impressive when it comes to the high degree at which Drupal is able to help with the needs of its users.

Scalability

Scalability is defined by the desirable property of a website to be able to handle a growing amount of work in a timely and elegant manner. Both were engineered to be able to handle large amounts of data and traffic. This makes them both desirable for large enterprise websites.

Security

Security is one of the areas that both systems are putting a lot of effort in. Given the fact that they have to protect the costly data of large universities, enterprises and businesses, both are taking this matter seriously. Drupal and TYPO3 both have security teams that are constantly searching for vulnerabilities to report to the communities, while also working on fixing the issues. These are the reasons why both Drupal and TYPO3 are both trusted by enterprises and business when it comes to security issues.

Cost Of Implementation

Compared to CMS that are not Enterprise-grade, Drupal and TYPO3 are both more difficult to be installed and be properly customized. Both systems are offering plenty of options for developers to be able to specifically customize the website to meet the user specific needs. This comes at a price however. The price to be paid for such high customizability comes in the form of a steep learning curve. This makes it hard for beginners to fully maximize the potential of both CMS’s. On top of that, learning TYPO3 seems to be more complicated than to learn Drupal. Because of the simple fact that TYPO3 uses also TypoScript. It is the internal language of the system which has to be learned in order to master the CMS.  

One advantage with Drupal is that you can install our visual page editor module and provide a state-of-the-art design and editing experience to your client or your communication department

Conclusion

In conclusion, both CMS’s are legit options when it comes to developing huge scale websites for businesses or enterprises. However, choosing one of them rests entirely on each user’s specific needs. Also, Drupal still has a larger market than TYPO3. Even though it is the younger of them both. This means that Drupal is able to better cater to the specific needs of its users, compared to its competition.

Categories: Drupal CMS

Pages