Security of the Drupal website is a important stuff for the site owners, site developers.This blog post has my presentation at the Drupal Camp Mumbai that intended for Drupalers who want to avoid security loop holes while writing code or architecting solutions. We delved into common security issues that ails custom code and has both vulnerable and secure code snippets.This is mostly about my encounters and experience after doing 50+ project application reviews and also a good guideline for new contributors.
Hack Proof Your Drupal Site from Naveen Valecha
Next article: A guide to review Project Applications.
Last Saturday (February 21st, 2015), thirty-five Drupalers joined together at Classic Graphics for the sencond annual Charlotte Drupal Drive-in. The day was full of presentations, BOFs, and general chatting about Drupal and related web technologies.
The day-long, un-conference-style event was the brainchild of Thomas Lattimore. After CharDUG wasn't able to pull together the human resources to repeat the success of DrupalCamp Charlotte 2012, Thomas mentioned that he had an idea. Since he knew organizers had limited time to commit to planning and he wanted to host an un-conference-style event, allowing for simpler planning than a full-blown Drupal camp. You can learn more about his concept on the DruaplEasy Podcast.
The event started with breakfast goodies, a welcome to the event, a thank you to our sponsors, and session pitches. The list of pitched ideas quickly grew to enough items to easily fill the day with sessions. The organic nature of the event and Classic's space allowed for sessions to split into multiple rooms so individuals had great session options.
1 day ago by Mark Shropshire
The session schedule was planned for the day after all the ideas were pitched. The scheduled sessions included the following:
- Maintainable Front-End Dev - @tlattimore
- How to quickly launch a small and possibly temporary Drupal website BOF
- Hi-Performance Drupal Hosting with BOA - @connerton
- Hello Backdrop CMS! - @mgbellaire and @shrop
- Small to mid-sized web development business BOF
- shelldevel - @deetergp, @mgbellaire, @shrop, and @tlattimore
- Sharing the world of shell-based development!
- Life after Launch - @roger_soper
- Maintaining a website after initial launch
- Migrations - @willjackson00 and @ericveal
Lunch allowed attendees to chat about the morning sessions and meeting each other. Also, Design Hammer provided a $50 Amazon gift card to giveaway during the lunch break.
From my perspective, the event was a success. The format allowed for a relaxed atmosphere where beginner and seasoned Drupalers alike were able discuss their projects, ideas, and questions. While much of the group was from the Charlotte metro area, we also had attendees from Asheville and the Raleigh/Durham, NC area. I also count this event as a success when all of the event volunteers were able to attend the sessions and enjoy the event. Keeping the event simple is key to this success!
1 day ago by Mark Shropshire
I would like to thank Classic Graphics, Design Hammer, and our individual sponsors (@bayofodeke, @deetergp, and @shrop for supporting the Charlotte Drupal Drive-in. Also, thanks to all those who attended and led sessions. Looking forward to Charlotte Drupal Drive-in 2016!Blog Category:
Creating 'wow' is something we all need to strive for. It's that extra element of pleasure that someone derives from something we've done. The key to wow is in its unexpected nature. It's in the unexpected pleasure from stylish subtleties in a design that leaves you going "nice!". It's in those clever extra features a user discovers after a while using a site, which they now realise they just love. It's about delivering that little bit more.
One of the trickier aspects of any data migration is migrating users and ensuring that the authentication details which worked on the legacy site also continue to work on the new Drupal site. This article shows how it is done for .Net to Drupal 7.
The first Drupal 7 project I worked on had to have an image carousel with one of those dot pagers on its homepage. I may have been a Drupal newbie then, but I knew for a fact that Drupal did not come with that function built in.
Now, if you’ve just started out with Drupal, you may not have heard this phrase before, but it really should be on a t-shirt:
There’s a module for that.
Trust me when I say I would definitely wear that. But my point is, the best part about Drupal is its huge library of contributed modules that extend Drupal’s capabilities. So here’s a tip for newbie Drupalists, before you attempt to write a...
In previous posts, we’ve talked about who the Community Working Group (CWG) is and why we’re here, as well some of the work we’ve done around establishing a process for conflict resolution in the Drupal community.
In this post, I’d like to go into more detail about what happens when folks file incident reports with the Community Working Group, and open up the conversation on how we can more effectively address issues that have a larger impact on the Drupal community as a whole.
Currently, the CWG meets once a week over Google Hangout to go through any issues that might have been filed since our last meeting, as well as to discuss ongoing questions and concerns that have been brought to our attention through various channels (reports, individual conversations, etc.) and the overall health of the Drupal community.
As often as possible, we post the minutes of our regular meetings. By necessity, these are somewhat redacted due to the fact that we are often discussing matters of a sensitive nature that have been shared with us in confidence. We also maintain an email list where we discuss ongoing issues and other things that come up in the time between our regular meetings.
When an issue is filed, whether though the Incident Report Form, via e-mail, or in our public issue queue, it goes on the agenda for the next weekly meeting (if the matter is of a serious and immediate nature, CWG members may choose to take immediate action and/or meet outside our normal meeting time). We discuss each item as a group and come to agreement on next steps, then assign someone to follow-up with the individuals in question. If the issue is about something that doesn’t fall within the charter of the CWG, we may refer the matter to another group (e.g., the Technical Working Group or the Licensing Working Group), or reply back to the reporting individual with an explanation.
In cases where there is a dispute between two or more individuals, our general approach is to first gather as much information as possible from all involved parties. In order to ensure that people are able to share their stories with us in an open and honest manner, we do not share any names or other sensitive details outside the group without permission.
Once we have a sufficient level of detail, we meet again as a group to decide how to proceed. Depending on the situation, this may involve one or more CWG members providing mediation between the parties in conflict or suggesting ways that they can resolve the issue themselves. In cases where there is a clear Code of Conduct violation, we will talk directly to the person or persons who engaged in the violation to help them understand the impact of their words and/or actions and to take responsibility for them.
In some cases, we may receive an after-the-fact report about a situation that has already been resolved. In those cases, we review the incident, decide whether further action is necessary, and keep it on file for reference in case something similar happens in the future.
If this sounds long and drawn out, that’s intentional. Unless an issue requires immediate action, our process is designed to enable resolutions that are as thoughtful and permanent as possible. The Community Working Group is not the “Drupal police” and our role is not about deciding “who’s right” and “who’s wrong” in a given situation so much as it is about helping people in our community work together in a mutually respectful way. While many of the items that we tackle are initiated by issues that are reported to us, our process is not exclusively complaint-driven.
The people who volunteer their time serving on the Community Working Group are people with backgrounds in community leadership and conflict resolution who all have been working in the Drupal community for years. We believe that a culture that encourages healthy debate and disagreement is a big part of what gives the Drupal project and community its strength. What we are primarily concerned about are destructive conflicts that violate our shared community values and make the Drupal community a less welcoming place for everyone.
To that end, we’re looking for the community to help us shape our process for addressing systematic patterns of disruptive behaviours that have an impact that goes beyond just those individuals who are directly involved. Please read our proposal and give us your thoughts in the comments section. You can also share your thoughts privately by e-mailing us at drupal-cwg [at] drupal.org.
Today, there exist many different options to digest content. One of the most popular options is Apple products like the iPhone and iPad. A unique thing about iOS is that they use specific icons when users want to add your website as a bookmark on their home screens. This icon is then used to quickly launch your website, similar to how you launch a bookmark in your browser.
Normally, websites don't have this icon available so what almost always ends up happening is Apple using a screen shot of the webpage as the icon. Having a generic screen shot can effect your branding message.Tags: DrupalDrupal 7Drupal PlanetTips and TricksUI/Design
DrupalCampChina 2015 is a one day event that focuses on many aspects of Drupal in one location. Its focus is knowledge sharing among the community. Essentially, you’re getting the community together to do some community training. The term "Camp" comes from Barcamp, like an informal non-conference that happens at a bar.
Generally speaking, DrupalCampaChina is an extension of a meetup (e.g. the meetups in Shanghai).
10AM, Saturday, March. 14th, 2015.
1555 Century Ave, Pudong, Shanghai, China 200122
Metro: Century Avenue Station, Metro Lines 2/4/6/9 Exit 6
Bus: Century Avenue at Pudian Road, Bus Lines 169/987
Sessions and agenda:
There will be 6 sessions. 2 in the morning and 4 in the afternoon.
10AM-10:50AM: Pre-DrupalCamp training & announcement
11AM-12PM: DrupalCampChina 2015 Keynote: Opening Doors with Open Source eCommerce by Ryan Szrama. Ryan got his start in web development through an online sales company based in Louisville, KY, his home of over 10 years. It was there that he nursed Ubercart through its infancy to its use on over 20,000 websites as the Project Lead and community face of the project. Ryan joined Commerce Guys in 2009 and continued to lead Ubercart until branching out into Drupal Commerce, a new initiative focusing on empowering users to build e-commerce sites with the best new features that Drupal 7 has to offer. He focuses most of his time developing the code base, growing the community of contributors to the project, and training new users online and at community events.
12PM-12:30PM: Group photo, please follow the instruction during the Pre-DrupalCamp training & announcement session
1:30PM-2:20PM: Please propose to speak!
2:30PM-3:20PM: Please propose to speak!
3:30PM-4:20PM: Please propose to speak!
4:30PM-5:20PM: Please propose to speak!
Sessions proposed by community members
Please visit https://groups.drupal.org/taxonomy/term/136263
DrupalCampChina 2015 is a free event. The conference will also provide you with free food, drinks, WIFI and gifts.
Please use the "sign up" feature below.
Drupal中国营广义上也是Drupal Meetup的扩展，比如在上海就有本城市的DrupalSH Meetup。
地铁站名：地铁 2/4/6/9 号线世纪大道站（六号出口）。
11AM-12PM: 2015年Drupal中国营主题演讲:打开开源电子商务的大门, 演讲嘉宾： Ryan Szrama. Ryan 在网站开发上的研究已经超过十年，在他的家乡美国肯塔基州路易斯威尔，他建立了他的网上营销公司。作为其项目的负责人及群组创始人，他孕育的公司Ubercart现在已经为超过二万个的网站所应用。在2009年，Ryan 加入了Commerce Guys，并且继续负责和领导Ubercart﹐延伸其技术并应用于Drupal 的电子商贸上。他利用了Drupal7 所提供的新功能，使用户能够建立最好的电子商贸网站。他的大部分时间都在专注在Drupal的代码开发，增加对Drupal 电子商贸社区上的贡献，并积极在活动上及网络上提供培训。
A week ago I stepped up and nominated myself for the Drupal Association (DA) At-large Board position. This wasn't a decision I made lightly, and I'm very excited to see so many other people have nominated themselves as well. There are 24 people up for the vote, which bodes well for a strong community. I think a lot of people in the Drupal community don't actually understand the board and this election process. It's an easy thing to ignore if you just want to move your patches forward, keep working on planning your local event, or focusing on all of the other community and personal tasks that consume us. I want to take a moment to explain both why I think it is important, and how it works.Drupal Association
The Drupal Association (then, technically Drupal VZW in Belgium) was created in 2006. It's been through a lot of changes over the years to bring it to the organization it is today. I was a Permanent Member of the DA in the early days and, I'll be honest, we were a bunch of well-intentioned people with very little idea of what we were doing. Running the DA is a big job, given that its mission is to support the huge Drupal community, which has only grown exponentially over the years. The DA today has a volunteer Board of Directors which focuses on strategy and oversight of the DA's work. The DA also has paid staff, who work with community volunteers, to actually implement the solutions for the community's needs. The two most prominent needs that most people are familiar with are maintaining the Drupal.org family of sites, and managing our DrupalCons. The DA is also the organization that let's the community accept money, and then put it where it's needed. This manifests itself in such projects as the Drupal Community Cultivation Grants and the Drupal 8 Accelerate program. As you can see they are doing vital work that keeps our community moving forward, giving people the time, energy, and money to focus on the things they love and want to do.Board of Directors
The Drupal Association is a non-profit organization. The Board of Directors (Wikipedia definition) is a group of appointed and elected members who oversee the work that the DA is doing. This quote sums up the main tasks of a board:
"The board of directors is the governing body of a nonprofit organization. The responsibilities of the board include discussing and voting on the highest priority issues, setting organizational policies, and hiring and evaluating key staff. Board members are not required to know everything about nonprofit management, but they are expected to act prudently and in the best interests of the organization. They approve operating budgets, establish long-term plans, and carry out fundraising activities."
- Foundation Center
You can get a sense of what this means in little more detail by looking at the list of Board Committees that they have. These are the main areas of oversight for the board, and consist of board members, DA staff, and community volunteers. Basically, the board needs to make sire the money is being managed properly, and to tackle the hard questions about running a non-profit and supporting a huge, diverse community.
The DA Board is comprised of 10 seats, which are appointed directly by the board itself, and 2 at-large seats, which are open to anyone in the Drupal community, and are elected by the community. The board appoints most of the positions to ensure that they have a good breadth of experience and knowledge that is specific to the tasks of the board. The 2 at-large positions are to make sure that the larger community has a direct voice in who is part of making these decisions for them. That brings us to the current election.At-large Board Elections
Over the last two weeks people from around the community have been nominating themselves. (That's a requirement. You can't nominate other people.) These are people who are volunteering for a two-year term to take on the tasks of the board. Every single one of them is stepping up to a huge task. Nominations closed yesterday, so we now have our final list of 24 people from 14 countries. (Which is fricking awesome!)
Over the next two weeks everyone—meaning you—should get familiar with the nominees so you can form an opinion about how you want to vote. We have three 2-hour "Meet the Candidates" sessions coming up next week, on Tuesday/Wednesday (Tuesday 17:00 CET - find your time), Wednesday/Thursday (Thursday 2:00 CET - find your time), and Thursday/Friday (Thursday 21:30 CET - find your time). At these on-line sessions each person will have 5 minutes to introduce themselves and why they are running. You'll be able to ask us questions directly and get realtime answers. I'll be attending the Tuesday and Thursday sessions. (I love the community dearly, but I also love to be asleep at 2am.) You can also feel free to leave questions in the comments for an individual's candidate page. We'll be monitoring these pages over the next few weeks to answer questions that come in.Voting
The voting begins on March 9th and goes through March 20th. There are some basic restrictions on who can vote: "Voting is open to all individuals who have a Drupal.org account by the time nominations open and who have logged in at least once in the past year." Nominations opened on February 9th, so you need a Drupal.org account opened prior to that. I'll talk more about the voting process in another blog post as we get closer to election time. It's pretty smart stuff.Vote for Me!
I have to say that saying "vote for me" and writing up my nomination is a little uncomfortable. It feels too much like boasting and trying to say I'm better than everyone else. I really respect the other candidates, and I can't really say "I'm better than them." All I can honestly say is that I'm different from them, as they are each different from me. We all bring passion and a desire to serve the community in different ways. That said, I do feel like my experience matches well with the needs for a board member, and I'd be super stoked to be able to work on some tough issues at the board level. Either way, I'm not going to stop my community work, whether I'm on the board or not. My biggest hope from this election is to see the community participate. Take 30 minutes of your community time to learn what is happening, and take the time to vote. Engage in your, and our community's, future. That is the greatest reward I can ask for.
Nominations are now closed for the single At-Large seat on the Association Board of Directors. We have an astounding 24 candidates from 14 different countries running for this seat. We are so thrilled that so many of you are so invested in our community that you are taking this step. As with any election, we want to have an informed electorate. So - we invite you to get to know these candidates in a couple of important ways.Learn about the candidates online.
Check out the slate of candidates and read what they had to say about their backgrouns and interest in servin gon the board. Each candidate page also features a comments section where you can ask about their plans, hopes, and views for the Association and the project. We only ask that you use this comments section as a place to ask questions, not endorse candidates please.Join a Meet the Candidates webcast.
In addition to the candidate profiles, we arfe hosting three live question and answer sessions where you can chime in and hear from the candidates directly. Not all canddiates will be on each call, but don't worry! If you aren't able to connect with a candidate in one of the sessions, we will be recording them, so you can check them out later. Here are the sessions:Session One : Tue 24 Feb 2015 at 16:00 UTC
- 8 AM PST Tue 24 Feb, US and Canada
- 11 AM EST Tue 24 Feb, US and Canada
- 1 PM Tue 24 Feb, Sao Paulo Brasil
- 4 PM Tue 24 Feb, London
- 12 AM Wed 25 Feb, Beijing
- 3 AM Wed 25 Feb, Sydney Australia
- 4 PM PST Wed 25 Feb, US and Canada
- 7 PM EST Wed 25 Feb, US and Canada
- 9 PM Wed 25 Feb, Sao Paulo Brasil
- 1 AM Thu 26 Feb, London
- 8 AM Thu 26 Feb, Beijing
- 10 AM Thu 26 Feb, Sydney Australia
- 12:30 PM PST Thu 26 Feb, US and Canada
- 3:30 PM PST Thu 26 Feb, US and Canada
- 5:30 PM Thu 26 Feb, Sau Paulo Brasil
- 8:30 PM Thu 26 Feb, London
- 4:30 AM Fri 27 Feb, Beijing
- 7:30 AM Fri 27 Feb, Sydney Australia
I hope we'll hear from you during this important part of the elections process. And mark your calendars - voting begins on March 9!
"I really thought it would look...different.." the client on the other end bemoans. "And users really seem confused by where we put the login..."
This was ALL per their request. The login, the layout, everything they HAD TO HAVE. You protested gently, but hey you have to eat and it's their funeral..er website.
But you knew that they didn't know what they were asking for, you knew people aren't born knowing what their website needs, and everyone tells them they have to be. Unfortunately User Interface decisions are not fake it until you make it for most people.
And when their website failed, you became the scapegoat..er code monkey. Because of the precious EXPENSIVE project hours they spent on making, and remaking, decisions that really bring very little value to anyone in the long haul.Read more
We've taught a LOT of people to use Drupal 7 over the last 4 years and one bug comes up more than any other.
When enabling large new modules such as CTools via the admin interface, it's not uncommon for other modules to become unpublished.
When those modules are unpublished, people often lose access for to the administration menu. Needless to say, that's not a helpful situation for beginners.
So, here's a quick guide to recovering from a lost Drupal administration menu.
We're back again with a new episode! This week we talk lots of Drupal 8.
Your browser does not support the audio element.
Episode 1 Audio Download Link
“Team Kool-aide” members:
Mark: @teampoop, Bob: @kepford, Jason: @jasonawant, Jay: @drupalninja, Ryan: @ryanissamson
Every year, thousands of open-source developers and business professionals travel great distances to share news, experience and knowledge. Oh, and consume fantastic food and drink with friends that we only see a few times a year. And explore new places and do goofy stuff that becomes the talk of legends. Is it all fun and games?Travel DrupalCon Drupal
Drupal 8 ships with PHPUnit!
PHPUnit is the PHP industry standard testing framework, and with it comes the potential to make significant gains in the way we test Drupal, both core and contrib.
There’s a lot to be said about setting up, configuring, running and integrating PHPUnit (and how to do it for Drupal in particular), about which there are ample generic resources on the web. http://drupal.org/phpunit is a good starting point; it has crucial links and information, particularly to the PHPUnit manual, which will become your best friend.
So, instead of duplicating what’s already out there, I’m going to focus on some principles that will help you get the most value from PHPUnit on your Drupal 8 sites and contributed modules. Principles go well with a printed medium, anyway – no motive to copy and paste!Test the Right Thing
It’s important to identify the type of testing you really need to do. PHPUnit is capable of a number of different types: behavioral, functional, and unit, at the least. With Drupal, I tend to use it only for unit and narrowly-scoped functional tests (Simpletest has more tools for conventional Drupal integration testing), and I prefer Behat for behavioral testing.
Regardless of the type of test you’re writing, the first step is to properly understand what you’re testing. In testing parlance, this is the “system under test” (SUT). Clearly identifying the SUT can be surprisingly elusive, especially for those unaccustomed to testing. It is worth taking the time to get it right; a clear, well-understood SUT is the foundation of not only good tests, but good test suites.
When contemplating a unit or functional SUT, I always have one question: “What is the code I’m testing solely responsible for?”
Views is an extremely popular Drupal module. As of time of writing, it has been downloaded 6,294,998 times and reported to be used in 876,607 sites. It’s so popular, in fact, that it has been included in core for the Drupal 8. So why is Views such an essential module?
If you’re not one of the 6,294,998 people who downloaded Views, or if you did but somehow just couldn’t grok it and just uninstalled it again, you may be wondering what the fuss is all about. Fact is, I almost fell into the latter category. Even though using Views is pretty intuitive to me now, I can still remember when it felt as complicated as trying to land Curiosity...
Content types are just a means of providing more structure to the data being used on your website. Drupal 7 comes by default with two content types, page and article. But you can create additional content types to suit the needs of your website.
For example, if you were creating a site for a research centre, odds are it would have content like publications, investigators, research areas and so on. Each of these types of content can have their own distinct fields. For example, every publication would have authors, a publication date and the journal in which it was published.
Rather than dumping all this data into a single body field, having different fields allow us to organise this...
I have been intermittently working with a drupal 7 multiple site ‘platform’ for several years, which originally emerged from a single site. I am the sole maintainer. The platform is not based on a drupal ‘multi-site’ configuration, as the shared codebase model seemed more hindrance than feature. Instead the (four) sites share a common pattern of base configuration, each cloned (direct copies of files and db) from an early version of the build. A set of custom modules is kept up to date as one git repo that is cloned into each of the sites. Similarly a base theme, and sub themes for all of the sites are also held in a single repo and cloned into each site. More recently, I created an entirely separate site to aggregate and index these sister sites (via feeds) to provide a more advanced, yet loosely coupled search facility.
The setup as described was intended to make maintaining these sites simpler, as extended functionality could be built into some sites whilst the other sites are left without the baggage of additional modules and configuration, making them more easily performative, and simpler to maintain. Sister sites can optionally share any new features, because the early build decisions are shared, so configuration is transferable, and custom modules/features from the shared repo can simply be turned on. I opted not to construct a single site segmented by Spaces, or equivalent pattern, because initially it was not clear how far the sites might diverge from one another.
This workflow has seemed to make a rough kind of sense until now, but I am returning to the decisions I made when creating the platform to try and get it ship shape now that each site has largely settled into a stable pattern of usage. I want to make sure that I have not incurred an impractical amount of technical debt, and that site maintenance is transferable, should it need to be. Another consideration is the approach of Drupal 8. When this transformative version is widely used, it will be much easier to migrate simplified, minimal sites.Why rock the boat?
Drupal is endlessly configurable. A lot of this configuration is executed through the admin interface and captured in the database. This oft criticised lack of separation between configuration and content should soon be alleviated by the adoption of Drupal 8, but for the moment (maybe until the end of 2015?) it does not seem sensible to move to D8.
The sites I have created have evolved to meet the requirements of their users. Due to reactive (and sometimes undocumented) measures taken in individual sites sometimes similar workflow and layout objectives have been achieved in subtlely different ways. Earlier in the process, these changes were captured in Drupal Features as much as was possible, but this became complex in itself.
Now that I can see the way these sites are being used, and content/design policies have emerged that structure (admin)...
Lately at Freelock, we've been improving our Drupal site assessment. For years we've analyzed Drupal sites built by others to identify how well they are built, what pitfalls/minefields lurk there, and where we need to be extremely careful with budget recommendations when extending functionality.
In the past couple months, we've overhauled it to include a snapshot rating of the site, to let our clients know what we think of their site in 7 crucial areas.
One of them that's often overlooked is Maintainability.Site AssessmentmaintenanceDeploymentDrupal Planet