Elsewhere

I think we have all felt the pain at least sometimes when doing admin tasks on the Drupal backend. Trying to find your way to the right admin page without knowing the correct path, trying to find some module in the modules page and activate it etc. With the built-in basic tools it can be pretty frustrating. But worry no more because here I present you some cool modules to aid your admin pain!

Administration menu Administration menu provides a theme-independent administration interface. This module is a real time saver for all types of users. You get fast access to all the sub admin pages through the CSS/JS-based dropdown menu at the top on all pages of your site. But the functionality presented doesn't limit to just regular menu items — tasks and all kinds of actions are also listed in the menu. This enables fast access to your every day tasks. You can find a demonstration of this module from here http://www.unleashedmind.com/drupal/admin_menu/.

[http://drupal.org/project/admin_menu]

Aloha

Aloha module integrates the excellent HTML5 wysiwyg editor Aloha Editor (http://aloha-editor.org/) to Drupal. With Aloha you don't have to press the edit link of an page or article when you want to make small changes but you can do it straight in the front end! Fixing typos and adding some text hasn't been this easy&fast before. Think how much time you can save while using this module! You can find a demonstration of this module from here http://aloha.dev.mearra.com.

[http://drupal.org/project/aloha]

Coffee

Performance junkies like me like to do most of the tasks from the keyboard without the need to use your mouse/touchpad/whatever. For example in OS X people use tools like Spotlight, Alfred or LaunchBar to do all kind of tasks just using the keyboard. Well now you can use the same behavior in Drupal too! Just install Coffee and press alt+d (alt + shift + D in Opera, alt + ctrl + D in Windows Internet Explorer) and you get a Alfred-like popup where you can just start typing page names or whatever where you want to navigate. You can even define your own commands in your module with hook_coffee_command() see coffee.api.php for further documentation. You can see Coffee module in action in this screencast http://www.youtube.com/watch?v=ikGJl69jPJw.

[http://drupal.org/project/coffee]

Module filter

While the module listing on modules page can get pretty long Module filter module comes in the rescue! With this module you can filter the modules list by either typing some keywords or using the module category listing to limit the amount of modules shown. With this module you can quickly find the module(s) you were trying to find and enable/disable them. A real life saver when handling modules!

[http://drupal.org/project/module_filter]

So what are your favorites? Are there some other modules that fall into this category and belong to your basic stack of modules that you use on every page you administer?

Now that we have created our products we'll dive into the Product display content type so that we can display our products to our users. In this instance we'll start out be re-using the nodes created by Commerce Kickstart, then we create two new displays for our remaining items. We finish up by rearranging the fields on the content type using Drupal 7's manage display configuration.

8m Publication date  February 22, 2012 - 7:00am

• Estonian reaches 100% in level 1
• 24 other languages back to 100% in level 1 and 6 are again fully complete
• Irish progress in level 1
• Catalan progress in level 1
• Tamil progress in level 2

Status for D-I level 1 (core D-I files):

• 25 languages 100%: bg bs cs de el eo es et fa fr gu id it ja kk mr nl pl pt ru sk sr th tr zh_CN
• 12 languages 99%: ar ast hi km kn ko nb si sv ta te uk
• 1 language 97%: eu
• 3 languages 96%: be ga he
• 5 languages 95%: bn da dz ro zh_TW
• 1 language 94%: ca
• 3 languages 93%: hu is lo
• 1 language 92%: sl
• 2 languages 91%: pa vi
• others are 90% or below

Status for D-I level 2 (packages that have localized material that may appear during default installs, such as iso-codes, tasksel, etc.):

• 23 languages 100%: bg cs da de eo es fa fr he id is it ja kk nl pl pt ru si sk tr uk zh_CN
• 4 languages 99%: be sl sv th
• 6 languages 98%: ast dz ca eu pt_BR ro
• 1 language 97%: ta
• 1 language 96%: nb
• 2 langauges 95%: el fi
• 5 languages 94%: ar gl hr vi zh_TW
• 6 languages 92%: bn bs hu ko ne sr
• 8 languages 91%: ga gu ka km lt mk mr te
• others are 90% or below

Status for D-I level 3 (packages that have localized material that may appear during non-default installs, such as win32-loader)

• 31 languages 100%: be bg bs ca cs de el eo es fa fi fr ga gl he id is it ja kk nb nl pl pt ru sk sr sv th tr zh_CN
• 2 languages 98%: hu uk
• others are 90% or below

Full 100% completeness (hall of fame) for 18 languages: Bulgarian, Czech, German, Esperanto, Spanish, Persian, French, Indonesian, Italian, Japanese, Kazakh, Dutch, Polish, Portuguese, Russian, Slovak, Turkish, Simplified Chinese

phpMyAdmin is quite popular software (to give some numbers let's mention 10000 downloads daily on SourceForge.net or 122685 reports in Debian's popcon) and as such is quite attractive target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is enough secured, so that these script kiddies don't get through.

In past month I've looked at what kind of attacks are these guys trying and in all cases these are pretty old vulnerabilities, some of them fixed years ago. So the first thing you should do is to update. It is always good to run latest stable version, but in case you can not for whatever reason, try at least taking the most important fixes and using them.

In ideal world your distribution would do this job for you, but in case it did not, you can for example take patches from Debian, which is pretty good at taking our patches (surprisingly it is not much related to my involvement there). To check which patches they have applied you can use excellent patch-tracker tool, which exposes patches from all released packages.

To give you overview of which issues are mostly being attempted to exploit by script kiddies right now, here is the list:

• PMASA-2010-3 - yes, more than two years old, but still unpatched in some places
• PMASA-2011-5 - "only" half year old
• PMASA-2011-6 - only useful together with wrongly configured PHP

If you have fixed these, you should be pretty safe for now, but follow our security announcements for possible future issues (you can use RSS feed or subscribe to news mailing list, where all security issues are announced as well).

However there are more things you can do to keep you safer:

• remove setup directory from phpMyAdmin, you will probably not use it after initial setup
• prevent access to libraries directory from browser, as it is not needed, supplied .htaccess file does this
• properly choose authentication method - cookie is probably the best choice for shared hosting
• in case you don't want all MySQL users to be able to access phpMyAdmin, you can use AllowDeny rules to limit them
• consider hiding phpMyAdmin behind authentication proxy, so that MySQL credenticals are not all users need to login

So these are the basic steps which will help you against possible compromise, I might return to some of these in more details in future posts.

Filed under: Debian English Phpmyadmin Suse | 0 comments | Flattr this!

As numerous posts out there state, this is the way to programmatically add files into Drupal 7's file module tables.

<?php
// Load the files contents
$image = file_get_contents(<path to file>);

// Returns the new file object
$file = file_save_data($image, 'public://<filename>', FILE_EXISTS_RENAME);
?>

However after working on the module CCTV (Currently getting approval for Full Project) I found that this was not enough.

For some background details, CCTV is a module that turns your Drupal site into a IP Camera capture application. Based on the users preference the application can save files up to 1 day in file size (which equates to a very large file). Due to the large file sizes generated by CCTV php runs into memory both max file php configuration and local allocated memory issues. So how do we get around this?

After digging through the file modules documentation I found the following solution.

<?php
$handle = fopen('<path to local file>', 'r');
$file = file_save_data(fopen($handle, 'r'), 'public://<filename>');
fclose($handle);
?>

This opens the file in read only mode and using the file module's function file_save_data it copies the file to the public:// file system. This not only makes your code more efficient, but also allows for bypassing around php's max file size constraints.

Category: Drupal Planetvar switchTo5x=true; stLight.options({publisher:'dr-5d208cf3-1548-8519-cb10-a07ce4f152ee'});

Fixing hardware

Thanks to the nice Debian Swiss Knives initiative!

Fixing software

Besides trying to maintain the whole X stack as usual, and preparing the funky wayland, mesa, and weston (currently in NEW) trio for experimental, I got myself into other areas.

Debugging gzip

Jakup Wilk noticed a while ago that some multiarchified packages couldn’t be co-installed due to gzipped files being different between architectures. That was reported as #647522 against the gzip package.

While some developers consider the lack of determinism (as in: it’s not in the gzip specification, and the current implementation generates different packages anyway!) as a dead-end for the multiarch experiment, it didn’t look like undebuggable or unfixable. And indeed, as confirmed by a quick analysis: a lack of clean-up when several files are processed at once can lead to different results, depending on the order in which files are specified on the command line; the patch for that is trivial, and was later made smaller and the need for it was explained.

Working in the Release Team

I reviewed/approved a few packages for squeeze, but also took care of handling or finishing a few transitions (as seen in my hints file), among which the funny iceweasel9/libmozjs ones; release tools are nice, but one gets to learn lots of stuff at once (which isn’t a negative aspect). I hacked a tiny “collision detector” so that packages involved in several transitions can be easily spotted. Given the huge number of ongoing transitions we had lately, that didn’t look overkill.

Squashing bugs

It had been a very long time since my last working on totally random RC bugs. The Bug Squashing Party organized at IRILL was a very nice opportunity to get back to totally crazy bugs in unknown packages, but also to meet with other Debian contributors; sponsoring maintainers with good patches on their first try was nice, but walking other contributors through their first patches sent to the BTS or through their first NMUs was nice too.

Waving good bye to yada

Back in the Mérida QA meeting I attended in 2007, there were already jokes about how bad yada was, and how it should die in a fire etc. When I started looking at the RC bug list, I quickly switched to scrolling it backwards, and I wondered how much work was left. The details can be seen in #660548, and the result is: yada is gone! sanity++;

packages.debian.org

Both long descriptions and translations for packages in some suites disappeared after the switch to Description-md5. Thanks to a quick and reduced packages.debian.org setup (mostly: en+de for squeeze+sid+experimental), I managed to find my way through Perl and DB files to propose patches for #657557. I’m still waiting for a confirmation, but in case it works fine, we could even get a fix for DDTP/DDTSS.

If you are an experienced developer ready to dive into Drupal, then take a look at the pre-conference training session “Making the Switch to Drupal.” This March 19, day long course is led by Jeff Beeman, Josh Brauer, and Chris Porter - three experts from the Drupal powerhouse Acquia. With years of experience in both Drupal development and training, you can be confident that you’ll leave with a great perspective on what Drupal can do for you - and you’ll have a great time in the process.

Through hands-on activities, several key topics in Drupal site building will be covered:

• Identification of skills needed for Drupal development.
• Strategies for building maintainable, scalable web sites.
• Module selection, configuration, and customization.
• Explanation of the different Drupal data types and when to employ them - including content types, taxonomies, and views.
• Best practices for Drupal code development.
• Navigation of the Drupal community and how to find help.

Although no prior Drupal experience is required, it will be helpful to have knowledge of CSS, HTML, as well as a programming language such as PHP, .NET, or Java.

This pre-conference training session is held on Monday, March 19, 2012 - the day before the conference begins. Therefore, you won’t have to worry about missing any valuable conference events if you decide to enroll in this course.

Visit Acquia’s blog for more detail, or visit the bottom of the registration page if you’re ready to sign up.

There is no doubt that Drupal 7's admin is light years better from a usability perspective. Yet, even with all the enhancements, we find site admins still stumbling to manage their content. Over the last few months we have worked out a set of enhancements that have made our clients lives much easier. So we thought we would share.

read more

Start:  2012-12-01 (All day) America/New_York Online meeting (eg. IRC meeting) Organizers:  Dries catch

For those who missed it, the Drupal 8 feature freeze date was announced at http://buytaert.net/drupal-8-feature-freeze-december-1st-2012 as December 1, 2012. That means if there's something you want to see in Drupal 8, now is the time to make it happen. By this time next year, we'll be in polishing and bug fix phase.

Core

Entities in Drupal 7 simplify and centralize common logic that, in earlier versions of Drupal, was duplicated in several places, or only usable in specific modules. There are, however, many features (such as saving entities!) that did not make it into Drupal 7. The Entity API module fills in these missing gaps in the core and goes a step farther by simplifying definition of new entity types, and integration with contrib modules such as Views, Rules, and Features.

Background

I wanted to create a view which lists all nodes of different content types that link to the current node displayed on the page. The nodes link via node reference. Since node references only work in one way, and I wanted to get the node references of different content types linking to the current node, I couldn't (didn't know) how to achieve this easily with just a plain view.

The solution I came about was to embed a view to display the different nodes that link to the current one, and feed that view a list of node ids of the linked nodes.

Four different content types with four different node reference fields linked to our node. To get the nids we need to query four different tables.

To get the nids from the four tables in one trip to the database, we can use the union syntax.

Drupal DatabaseAPI union syntax

• Create the different select queries.
• Union the queries to each other like below
  $subquery_1->union($subquery_2)->union($subquery_3)->union($subquery_4);
• Execute the first query.

Code example

Below you find the actual queries to query four different node reference tables.

/** * field_data_field_col_ref_place * field_data_field_entity_ref_place * field_data_field_occ_ref_place * field_data_field_place_ref_place */ $subquery_1 = db_select('field_data_field_col_ref_place', 'cp') ->condition('cp.field_col_ref_place_target_id', $nid, '=') ->fields('cp', array('entity_id')); $subquery_2 = db_select('field_data_field_entity_ref_place', 'ep') ->condition('ep.field_entity_ref_place_target_id', $nid, '=') ->fields('ep', array('entity_id')); $subquery_3 = db_select('field_data_field_occ_ref_place', 'op') ->condition('op.field_occ_ref_place_target_id', $nid, '=') ->fields('op', array('entity_id')); $subquery_4 = db_select('field_data_field_place_ref_place', 'pp') ->condition('pp.entity_id', $nid, '=') ->fields('pp', array('field_place_ref_place_target_id')); $subquery_1->union($subquery_2)->union($subquery_3)->union($subquery_4); $nids = $subquery_1->execute()->fetchCol(); Remarks

The items you retrieve need to be of the same type (for example integers) or a union won't be possible.

Tags: drupaldatabaseAPIplanet drupal

We are inviting YOU, The Drupal Community, to join us for the first ever

read more