Planet Drupal

Subscribe to Planet Drupal feed - aggregated feeds in category Planet Drupal
Updated: 28 min 56 sec ago

Mediacurrent: Highlights From BADCamp, Part 1

Tue, 18/11/2014 - 21:48

From November 6th through the 9th, members of the Mediacurrent team headed to San Francisco for the Bay Area Drupal Camp. Hundreds of Drupal enthusiasts convened at the Palace of Fine Arts to take part in some fantastic sessions, code sprints, and all the San Francisco has to offer. Below is Part 1 of their weekend highlights.

Categories: Elsewhere

Greater Los Angeles Drupal (GLAD): Drupalgeddon followup and Security Presentation on November 20th in Pasadena, CA

Tue, 18/11/2014 - 21:40

As you may have heard, Drupal has recently had a significant security announcement nicknamed "Drupalgeddon". You may not have heard, though, that here in Los Angeles, California, we're dedicating a portion of several upcoming meetups to web security and helping provide our group members with any resources they need.

If you can make it, please join us this week for a special presentation, Better Sleep Through Web Security. It's this Thursday, November 20th, at 6pm in Pasadena, California.

If you haven't heard of Drupalgeddon or don't know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You need to take action and contact a service provider about protecting your Drupal site and hosting environment.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building "Glasser 110")
   Video conference:
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

This meetup will have a video conference for those who can attend only by video conference or phone. The video conference is with Zoom, one of our many great sponsors, and you can join with iPhone, Android, PC and Mac at

Better Sleep Through Web Security

Christefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The "Drupalgeddon" vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

  • Security vs. Privacy
  • Common Attack Vectors
  • Drupal's security record and the Drupal Security Team
  • SA-CORE-2014-005 (also known as "Drupalgeddon")
  • I've Been Hacked! Now What?
  • Best Practices for Helping Others and Yourself
  • Resources
  • Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

We hope to see you at Thursday's meetup!

Tags: DrupalgeddonDrupageddonSan Gabriel Valley DrupalPlanet Drupal
Categories: Elsewhere

Stanford Web Services Blog: BADCamp 2014: Caryl’s Highlights

Tue, 18/11/2014 - 18:00

BADCamp is one of the highlights in my Drupal world. It’s like a Drupalcon (Drupal Convention) with lots of people and sessions, but more low key. It’s a great way to meet people and to learn more about Drupal. Here are some of my highlights:

Higher Ed Summit

This was a great chance to learn about the issues facing many of our colleagues at other universities.

Categories: Elsewhere

Stanford Web Services Blog: BADCamp 2014: Megan's take-aways from the Front End Summit

Tue, 18/11/2014 - 18:00

During BADCamp this year, I participated in the Front End Summit. We learned about Drupal 8, had a series of lightning talks, and a lively panel featuring a diverse range of voices from the Drupal front end community. Here are some of my take-aways.

Drupal 8 Core Rocks

Learning more about Drupal 8, it’s exciting to see that so many of the modules we work with in our “toolkit” on Stanford Sites have been moved into core in Drupal 8, like Menu Block, for example. It validates the direction we are going with Sites and with our stack.

Categories: Elsewhere

Stanford Web Services Blog: BADCamp 2014: Joe's take-aways from the Higher Ed Summit

Tue, 18/11/2014 - 18:00

We’ve got a first timer here! I attended the Higher Ed Summit at my first ever BADCamp this year. I learned about Drupal’s presence on numerous college campuses, software as a service, building tools, project management, and Drupal communities. Here are just a few of my take-aways.

Categories: Elsewhere

Stanford Web Services Blog: BADCamp 2014: Linnea's thoughts from the Higher Ed Summit

Tue, 18/11/2014 - 18:00

During BADCamp this year, I participated in the Higher Ed Summit. We learned about how other universities are rolling out Drupal and central web policies through a panel discussion, had a series of lightning talks, a number of birds-of-a-feather discussions, and two featured talks. Here are some of my take-aways.

Categories: Elsewhere

Stanford Web Services Blog: BADCamp 2014: John's highlights

Tue, 18/11/2014 - 18:00

This year marked the 8th Bay Area Drupal Camp (BADCamp), and likewise it was my 8th year attending. BADCamp is one of the largest Drupal events other than DrupalCon itself, and I am always amazed at the sheer size of the event, the generosity of the sponsors, the hard work of the volunteers, and the quality of all the participants.

Categories: Elsewhere

Phase2: Transitioning to Drupal 8 templates with Twig

Tue, 18/11/2014 - 16:08

As many of us know, Drupal 8 beta was released at the beginning of October which has given us a great preview of the goodies to come. One of those goodies is a new theme engine, Twig, which replaces PHPTemplate. Twig gives us a lot of extra power over our templates and allows us to clean up a lot of the extra cruft that PHPTemplate forced us to add.

So you may be asking, how will our brand new Drupal 8 templates look? Well they are going to be a lot leaner. The extra cruft of php tags, functions, and other miscellaneous bits are no longer needed – in fact, they don’t even work in Twig templates. Arguably, it will be easier to read at a glance what is happening in the Twig versions of Drupal templates. For a great example of how the new templates will look, we can crack open the Views module and compare the templates in the Views module 7.x version to the ones in the Views 8.x version. So let’s compare the views-view.tpl.php file from Views 7.x to views-view.html.twig file in Views 8.x.

Twig Comments

Starting from the top, lets work our way down to see what has changed. In the documentation section we can see that for the large block of comments, as well as single line comments, the {# #} syntax is used.

In the list of variables variables that are available to use, you may notice a few other changes. For example, Twig is not raw PHP, so the ‘$’ is not used at the beginning of variable names. Another change is that is that the $classes_array has been replaced by the attributes variable.

Rendering Variables


Moving down to line #40 we can see the first instance of a variables rendered using Twig. The double curly bracket syntax, {{ my_variable }}, tells Twig that this is a variable and it needs to be rendered out. A variation of this syntax uses dot-notation to render variables contained in an array/object. This syntax looks like {{ my_variable.property_or_element }}, which makes it extremely easy to use. Dot notation is not used in this particular Twig template.

Twig Filters

Another powerful feature of Twig is template filters. Filters allow us to do simple manipulations of variables. The syntax for using a filter is similar to the syntax for rendering a variable. The difference is that after the variable name, you insert a | (pipe), followed by the name of the filter. For an example to make a string from a variable all lowercase you would do {{ variable_name|lower }} which transform all of the characters to lowercase. If you have used templating systems from other frameworks, such as Angular.js, this syntax may look familiar to you. This particular Views template does not use filters, but you can see examples of different filters on the Twig documentation site. If none of the predefined filters satisfy your requirements, you can extend Twig to create your own filter. The Twig documentation site provides details about creating your own custom filters..

Twig Logic

Jumping to line #42, we can see the {% %} (curly-bracket and percentage symbol) syntax, which is used for template logic, such as if statements. This syntax tells Twig that we are not rendering something, but rather that we need to process some logic, such as a control structure or loop, in our template.

The Takeaway

This blog post is a high level overview of how Twig templates in Drupal 8 will look.  With Twig, we can choose to use the out-of-the box tools it provides, or we can dive in and extend it with additional features such as new filters. For more information I would highly recommend reading through the Twig documentation for designers and for developers.

Categories: Elsewhere

Drupalize.Me: Twig Filters: Modifying Variables in Drupal 8 Template Files

Tue, 18/11/2014 - 16:00
Something that's super fun about my job is that occasionally I get tasked with things like, "Learn how Twig works so you can tell us how it fits into our curriculum plans.". And I get to spend some time exploring various new features in Drupal 8, with an eye towards being able help explain them.
Categories: Elsewhere Featured Case Studies: KSS Architects

Tue, 18/11/2014 - 15:42
Completed Drupal site or project URL:

KSS Architects is a nationally recognized architecture firm with offices in Princeton, New Jersey and Philadelphia, Pennsylvania. KSS works with clients in the fields of education, culture, land development, urban development, and corporate environments.

After completing brand strategy for KSS, TOKY Branding + Design created a website that would better showcase the architecture firm’s personality, process, and projects. TOKY specializes in Web and print work for clients in architecture, building, and design, as well as the arts, education, and premium consumer products.

Key modules/theme/distribution used: BreakpointsCampaign MonitorDate Popup AuthoredEntity referenceField collectionGoogle Site SearchjQuery UpdateMaxlengthMediaMediaElementMenu blockMetatagPictureTaxonomy displayTypogrifyview_unpublishedVocabulary Permissions Per RoleOrganizations involved: TOKY Branding + DesignTeam members: Daniel Korte
Categories: Elsewhere

Joachim's blog: Building Fast and Flexible Application UIs with Entity Operations

Tue, 18/11/2014 - 14:38

Now I've finished the Big Monster Project of Doom that I've been on the last two years, I can talk more about some of the code that I wrote for it. I can also say what it was: it was a web application for activists to canvass the public for a certain recent national referendum (I'll let you guess which one).

One of the major modules I wrote was Entity Operations module. What began as a means to avoid repeating the same code each time I needed a new entity type soon became the workhorse for the whole application UI.

The initial idea was this: if you want a custom entity type, and you want a UI for adding, editing, and deleting entities (much like with nodes), then you have to build this all yourself: hook_menu() items, various entity callbacks, form builders (and validation and submit handlers) for the entity form and the delete confirmation form. (The Model module demonstrates this well.)

That's a lot of boilerplate code, where the only difference is the entity type's name, the base path where the entity UI sits, and the entity form builder itself (but even that can be generalized, as will be seen).

Faced with this and a project on which I knew from the start I was going to need a good handful of custom entities (for use with Microsoft Dynamics CRM, accessed with another custom module of mine, Remote Entity API), I undertook to build a framework that would take away all the repetition.

An Entity UI is thus built by declaring:

  • A base path (for nodes, this would be 'node'; we'll ignore the fact that in core, this path itself is a listing of content).
  • A list of subpaths to form the tabs, and the operation handler class for each one

With this in hand, why stop at just the entity view and edit tabs? The operation handlers can output static content or forms: they can output anything. One of the most powerful enhancements I made to this early on was to write an operations handler that outputs a view. It's the same idea as the EVA module.

So for the referendum canvassing application, I had a custom Campaign entity, that functioned as an Organic Group, and had as UI tabs several different views of members, views of contacts in the Campaign's geographic area, views of Campaign group content (such as tasks and contact lists), and so on.

This approach proved very flexible and quick. The group content entities were themselves also built with this, so that, for example, Contact List entities had operations for a user to book the entity, input data, and release it when done working on it. These were built with custom operation handlers specific to the Contact List entity, subclassing the generic form operation handler.

An unexpected bonus to all this was how easy it was to expose form-based operations to Views Bulk Operations and Services (as 'targeted actions' on the entity). This allowed the booking and release operations to work in bulk on views, and also to be done via a mobile app over Services.

A final piece of icing on the cake was the addition of alternative operation handlers for entity forms that provide just a generic bare bones form that invokes Field API to attach field widgets. With these, the amount of code needed to build a custom entity type is reduced to just three functions:

  • hook_entity_info(), to declare the entity type to Drupal core
  • hook_entity_operations_info(), to declare the operations that make up the UI
  • callback_entity_access(), which controls the access to the operations

The module has a few further tricks up its sleeve. If you're using user permissions for your entities, there's a helper function to use in your hook_permission(), which creates permissions out of all the operations (so: 'edit foobar entities', 'book foobar entities', 'discombobulate foobar entities' and so on). The entity URI callback that Drupal core requires you to have can be taken care of by a helper callback which uses the entity's base path definition. There's a form builder that lets you easily embed form-based operations into the entity build, so that you can put the sort of operations that are single buttons ('publish', 'book', etc) on the entity rather than in a tab. And finally, the links to operation tabs can be added to a view as fields, allowing a list of entities with links to view, edit, book, discombobulate, and so on.

So what started as a way to simplify and remove repetitive code became a system for building a whole entity-based UI, which ended up powering the whole of the application.

Categories: Elsewhere

Oliver Davies: Include CSS Fonts by Using a SASS each Loop

Tue, 18/11/2014 - 10:39

Using a file structure similar to this, organise your font files into directories, using the the font name for both the directory name and for the file names.

Categories: Elsewhere

Promo Kids: Reinstall Drupal 8 without pain

Tue, 18/11/2014 - 10:09

While developing Drupal Promo Kit we reinstall Drupal very frequently.
First of all, you don't have to delete everything and repeat installation process from scratch. Only three things should be done:

Categories: Elsewhere

NEWMEDIA: Drush Make: Evaluating the Benefits and Pain Points of Each Approach

Tue, 18/11/2014 - 04:54
Drush Make: Evaluating the Benefits and Pain Points of Each ApproachDrush make is a popular solution for Drupal developers wishing to represent an entire application codebase in a single make file (or collection of make files), but does it always make sense to use? And is it a one size fits all solution? This article reviews several advantages and disadvantages of the more common approaches used within the Drupal community.A Brief History of the Makefile

Technically, my very first computer was a Tandy 1000. In reality, it was a glorified game console used by myself, my mom, and my brother to play Tetris off a 3.5" floppy disk that I had copied from a friend at school. My first real computer came 5 years later—a Packard Bell Pentium 60Mhz with a CD-ROM drive. I was in heaven. It wasn't long until I ditched Windows 95 in order to take my first tip toe into geekdom by installing the first Linux distribution I came into contact with: Caldera.

Back in those days, Linux was a labor of love and really took DIY to the extreme. Most of the time packages were not readily available, which meant you had to compile software yourself. Enter the makefile. This single document represented all the dependencies, parameters, and commands necessary to configure, compile, and install an application across a diverse set of Linux distributions. In was a thing of beauty... when it worked. And when it didn't, it was a time consuming nightmare that resulted in a substantial amount of cursing. Needless to say, I had a love/hate relationship with makefiles.

Drush Make

Drush make files, in comparison to compiling software applications, are a much more straightforward solution. In reality they are nothing more than a compiled shopping list of the specific Drupal modules, patches, and 3rd party libraries necessary to describe a fully functional Drupal application. The key difference between the drush make file and the resulting build is that the make file is a single file representation of what ultimately generate the full file and folder structure of the Drupal application.

In comparison to Linux makefiles, drush make files are much simpler and as a result do not suffer from the compilation nightmares that I used to experience. However, there are also some commonalities: a single file representation and the time necessary to generate versus using a predefined package (or binary).

Comparison to Ruby Gems and Chef

The makefile mindset is not unique to the Linux OS or Drupal. We see the same pattern in the Ruby language and (by extension) configuration management applications like Chef. Ruby users can leverage gemfiles, which provide a similar shopping list style of gem dependencies. Chef leverages the concept of a Berksfile to specify cookbook dependencies. In each case, we have a list of items that the application then uses to generate a desired state. This single file representation is very efficient because it doesn't require one to lug a large set of files and folders around. Rather, they are represented and then generated as needed.

The pattern we see again and again is simple. We can either have the full package (binaries, full Drupal application, gems, cookbooks, etc) or a representation of that state in a single file. This leads us to...

The Key Question

To make a determination of whether or not Drush makefiles are the appropriate method to use in the full software development life cycle (i.e. development, launch, ongoing support, and then deprecation), we need to ask ourselves which method makes sense from at least 3 perspectives: development, operations, and product owners. The answer is not necessarily black and white because there are multiple considerations, multiple stakeholders, and competing optimizations. To that end, I tried to highlight as many pros and cons for a drush makefile approach and leave it to you to decide what is appropriate for you and your use case.

Drush Make Advantages Simplest Possible Representation

A single 1 kilobyte file containing 10 lines could fully represent a very simple drush site install containing a few contrib modules. By comparison, Drupal 7.30 is 3.5 megabytes (zipped) and consists of several hundred folders and several thousand files. If we extend the makefile as a component of an installation profile then the only code that is necessary within the profile is that which is specific and unique to that project. In short, a makefile can allow a repo to contain the simplest possible representation of a Drupal application.

Easier Code Reviews of Diffs

Piggybacking off of the previous item, comparing a diff between makefiles is trivial even when dozens of modules have been updated. A module upgrade might simply show views going from version 7.x-3.8 to 7.x-3.9. By contrast, viewing a commit difference between the actual modules would require sifting through a much longer list of changes that don't really mean much beyond the version change.

Security and Hacked Code

With a specific module version against a public repo, there is no question what is being committed. It's an exact copy of what is contained in the public repo. By contrast, it's much less obvious when upgrading the module itself whether or not the person committing it added any additional tweaks or modifications to it. The person reviewing the code would have to run an MD5 checksum against the code to ensure it was unmodified (or re-run drush make against the makefile).

Inheritance and Re-usability

Drush make file inheritance can be used as way to standardized particular modules, themes, libraries, and patches across many projects. One can then layer on additional and more specific sub-make files to get more granular. This can be particularly powerful in situations where one is managing dozens to hundreds of sites that are derived from a common base installation profile.

Maintain Patches

Let's face it, while Drupal core should never be forked, there are situations where legitimate patches sit within RBTC purgatory for years (I'm looking at you Secure Pages). However, managing and tracking those patches while staying up to date with Drupal core and contrib upgrades can be challenging and easy to forget. However, this becomes a trivial secondary step with a drush make file that can apply the patches in conjunction with the appropriate upgrades.

Drush Make Disadvantages Deployment Overhead

If we use the simplest possible representation (i.e. a makefile or a makefile within an installation profile) for a deployment, then every deployment will require a complete rebuild of the entire Drupal application even in the case of a single line change. Compare this with a more straightforward strategy of a git pull followed by an rsync, which would dramatically cut down the time to deploy as well as the server resources required. Building Drupal from scratch every time can add up, particularly on a shared server with multiple Drupal instances.

In addition to the build process, there is also the time involved with priming drush's cached copy of all the modules and libraries specified by the makefile.

External Dependencies

Using a makefile as the simplest possible representation also introduces the challenge of external dependencies during a production deployment. For example, an updated makefile may require new modules from, new libraries from github, and patches hosted somewhere else. If any one of those dependencies fail, the deployment cannot proceed. Contrast this with the situation where a full clone of the git repo already lives on the server it's deploying against and there is a much smaller risk of failure.

It's important to note that this consideration isn't as much of a concern during the development phase because a short outage doesn't directly impact a production level service. However, once the application is in production and uptime is a more important factor, these external dependencies may no longer be appropriate.

Git Bisect, History, and Merges

Git bisect is a powerful strategy for efficiently stepping through a long commit log to determine when a bug or regression was introduced. If the full codebase is present, then one can quickly jump through the commit log without doing anything else (except perhaps a feature revert, a registry rebuild, and/or a cache clear). With the pure makefile approach, a rebuild is necessary after each change to address changes within the dependencies. While there are certainly work-arounds, this isn't as clean a process.

Comparing code across a branches is also made more difficult. If one is trying to see if a function changed between versions of a module, one cannot compare against two commits within the git history or compare between two branches.

Version Control Status

One quick and easy way to check for changes within a git repository is through the use of commands like "git status". The use of submodules can make this slightly less effective because it requires one to traverse to each submodule to verify if any changes are present. And a build from a makefile is even more difficult because any components added into the profile will show up as false positives and any components that are above the profile directory will not be tracked in version control at all. This can make it very difficult to verify that there are no changes across the entire code base.

Hosting Options

Unfortunately, not all hosting providers will play nice with a drush make representation of a Drupal site. Shared hosting solutions (such as entry level godaddy solutions) will not allow one to install drush on the server. And until very recently, Patheon and Acquia did not provide support for drush make files out of the box.


One additional consideration is with respect to how the site might be handed off to the client if they decide to manage the site themselves. If they are not sophisticated enough to use a makefile approach, then they might have a difficult time deploying or maintaining it. Worse, if they need to be provided a full zip of the site while receiving additional code changes from a repo using just a make file manifest, then providing code changes might be more difficult than necessary.


There is no question that drush make files are powerful, but they do introduce some potential limitations for certain use cases, particularly as one enters the launch and post-launch phase of a project. Once the site is live and out of heavy development, it may make more sense to switch from a manifest to a full code repository.

A Hybrid Solution

There is an hybrid solution that can retain some of the best features from both endpoints. If a drush make file is included within the root of the Drupal application, then it can still be used to control and enforce all the resulting code that is used to generate a full Drupal codebase (modules, libraries, themes, and patches). This is exactly the approach that Drupal 8 uses with its composer.json file and the resulting components that are stored within core/vendor.

A Drupal 7 example of this approach is the RhymesSite project. One can completely rebuild the codebase from the makefile while retaining all the advantages of a complete codebase when ready to deploy to production.

Closing Remarks

I hope you found this helpful. If you have specific experiences or insights that could make this analysis better and/or more accurate, we’d love to hear from you!

Categories: Elsewhere

Stauffer: The Most Important Thing I learned while writing my first Facebook app

Tue, 18/11/2014 - 02:51

When I learned I was going to be writing my first Facebook web app, I was pretty excited.  Much like the feeling of writing a Hello World! in a new programming language, I knew I was going to expand my skillset. I really enjoy new opportunities to learn and solve problems.  In fact, I feel this is a fundamental attribute of being a developer.  We code because we want to solve problems. So without further ado, let me share the most important thing I learned while writing my first Facebook app.Hopefully my experience will give someone else a head start in their own future project.

You need to ask Facebook for permission to ask permission from the User.

When you integrate Facebook login into your website, you can include the default permissions which includes public profile and email. After the user logs in, they can approve to give your site this information. If you need more than that, i.e.,  you want to be able to post to a user’s wall, you will need an extended permission. However, you can’t just include an extended permission on Facebook API, you will have to ask Facebook for permission to include an extended permission in your login. 

My assumption is that Facebook checks out your website or app in order to determine why you need an extended permission. If this is in fact the case, I believe it is a good thing because at least we can then assume  that Facebook is checking the legitimacy of your app. However, let’s wear a black hat for a second. If you really think about it, this process does not stop a malicious programmer from pretending they have a legit app. Once has Facebook approved the extended permissions, malicious programmers  can still change their code and do bad things. 

Understanding that time is one of the most important parts of web development, once you finish your website or mobile app don't celebrate too early! There will be a delay after making your project “live.”  If you needed an extended permission and Facebook is one of your core functionalities, you will have to wait for Facebook’s approval. 

Note: You do not need to do this during development because you will have all necessary extended permissions in your dev app, but once you are ready for production, you will have to submit your application to Facebook for review

Tags: facebook app , Drupal , Planet Drupal
Categories: Elsewhere

Forum One: The Drupal 8 Decision

Tue, 18/11/2014 - 01:20

From time to time, we all face big life choices. Should I attend this college? Should I take this job? Should I marry this person?

Yet few life choices loom larger for you and your organization in the next year than “When should I upgrade to Drupal 8?”

Well…perhaps the Drupal 8 decision doesn’t quite rank with the others, but for mission-driven organizations, the decision to adopt this major new release is a significant one, with implications for your digital communications for years to come. For most organizations, the upgrade represents a substantial investment that must be planned, scheduled, and budgeted.

In this article, I’ll provide a rapid overview of the promise and challenge of Drupal 8. Then, I’ll lay out the choices you are facing as a current user, or potential Drupal adopter.

The Promise of Drupal 8

Drupal 8, the first major new release in four years, represents a substantial technological departure from previous versions. (More on what constitutes a major Drupal upgrade.)

For marketers and communications professionals, there’s a lot to like. There are over 200 new features and improvements, including a mobile-first approach, in-place editing, and improved accessibility.

For technologists, Drupal 8 offers improved development techniques, as well as including improved APIs and built-in Web services. But D8 also comes with a learning curve. It has an entirely new architecture and methodology. It will take time for your developers to become comfortable with the new Symfony2 components. Drupal 8’s Object-Oriented Programming approach brings increased flexibility for those with the hardcore computer science skills necessary to exploit it.

This infographic (PDF) from the Drupal Association summarizes Drupal 8’s key features.

The Challenge of Drupal 8

One challenge for Drupal users is that the release timeline is still unknown. Certainly, we’re getting close. The beta version was released in October 2014, and it’s anticipated that it will be released sometime in 2015.

Historically, migrations from one major version to another are straightforward, but not always non-trivial. Every Drupal website is a conglomeration of the “core” Drupal software as well as typically dozens of add-on “modules” that extend or improve the software’s functionality. For example, the module that runs your fancy homepage carousel in one version may not be updated or tuned for the next version. And while Drupal 8’s upgrade process is improved, timelines and costs for Drupal upgrade projects are as varied as the websites themselves.

It’s important to realize that once Drupal 8 is released, support for previous versions will flag. If you are currently on Drupal 7, with no immediate plans for a major redesign, the issue is less pressing. But for those on earlier versions, you must be planning and budgeting for an upgrade now.

The challenge for digital communication planners depends on your existing situation. Let’s look at the possible approaches — one situation at a time.

Your Website is on Drupal 5

If you are using Drupal 5, your plan is simple. You must upgrade to Drupal 6 as soon as you possibly can.

Drupal 5 was released in 2007 and superseded by Drupal 6 a year later. If your website is running Drupal 5, it hasn’t received any security patches in four years, and is likely already compromised. It’s probably serving as jumping off point for spamming and other nefarious activities. Improving a Drupal 5 site now is difficult, and few reputable consultancies would agree to improve a Drupal 5 site without first upgrading it.

Once you are on Drupal 6, you then must consider upgrading to Drupal 7 or 8 within the next year, as described in the sections that follow.

Your Website is on Drupal 6

If your website is on Drupal 6, you need to plan for an upgrade to Drupal 7 or 8 within the next year. Once Drupal 8 is released in 2015, official support for Drupal 6 core and modules will cease within three months. This means that as security vulnerabilities are discovered, hackers are highly likely to compromise your website for their evil ends, and you will be powerless to plug the holes.

This means that Drupal 6 sites should be planning and budgeting NOW to upgrade to at least Drupal 7 in 2015. You want to be ready to move quickly once Drupal 8 is released. Three months of support is not a long time.

Your Website is on Drupal 7 (Or you are considering Drupal for Your Next Project)

If your site is currently on Drupal you can breathe easier. Drupal 7 has been out for four years, and nearly a million sites are running Drupal 7 core — far more than all previous versions combined.

It will soon be time for these sites to transition to Drupal 8, but the community will continue to support D7 until Drupal 9 is released, which is surely at least two years away.

Therefore, if you are happy with your existing website and are planning only minor improvements to the design or functionality in the near term, you can sit back and  do nothing for now. You should, of course, start planning for upgrading to Drupal 8 the next two years.

If you are currently considering building a new site on Drupal — or contemplating a major redesign in the next six months — the decision is more complicated.  You have two options.

The first option is to redesign on Drupal 7 now. That’s what thousands of projects are doing as we speak. At Forum One, every new major Drupal project currently starts with Drupal 7, and will likely continue to do so for several months following Drupal 8’s release. The software is mature, stable, widely-supported, and well understood by our staff.

The second option is to postpone your Drupal project until after Drupal 8 is released. Early adopters of D8 will get the maximum value from the new software, as their finished solution will live on Drupal for the longest period. They likely won’t need to consider a new Drupal upgrade until sometime in 2017 at the earliest. And given that the community will continue to support Drupal 8 even once Drupal 9 is released, you would be able to sleep easy knowing that your site will be able to stay patched and secure for the next four to five years.

However, at this writing, there are distinct trade-offs with waiting for D8. You are tying your project timeline to the D8 release schedule, which is community-driven and not guaranteed. Even once D8 is released, it will be a few months before skilled developers are ready to start new projects on 8. While savvy technologists are already experimenting with the D8 beta, it will take some time for modules, processes, training materials, and hosting environments to become tuned for this substantially-new platform.

Here’s another important consideration: Are you the type of product owner who can afford to be on the cutting edge? Early technology adopters typically pay more for the technology than those who follow. Later adopters benefit from the lessons of early adopters. Still, this may be an acceptable premium for your organization if Drupal 8 improves your efficiency, reduces long-term costs, or gives you a competitive advantage in achieving your goals.

Decide to Plan

Like all software, the lifespan of every major Drupal version is limited. Drupal 5 is end of life, Drupal 6 is very near end of life, and — after a good run — Drupal 7 will enter its golden years in the next twelve months.

While the Drupal 8 decision may not have the gravity of other life choices, you have an obligation to ensure that the core software for your site is, secure, stable, and well-supported.

Your most important decision is to decide to plan. Drupal 8 is coming. Are you prepared?


Categories: Elsewhere

Metal Toad: Drupal 8: First Impressions for the Back-End Developer

Tue, 18/11/2014 - 00:54
Drupal 8: First Impressions for the Back-End Developer Mon, 11/17/2014 - 15:54 keithdechant

Drupal 8 is in beta now, and recently I’ve had a chance to start working with it. While much of the admin interface is comparable to Drupal 7, there have been some important changes for site builders and back-end developers. In this post, I will be looking at file system and database structure changes, Drush setup, and the new configuration entity type.

Disclaimer: Drupal 8 beta 2 is not ready for production yet. If you start working with it, be warned that future beta releases might break backwards compatibility. You might need to write some code to upgrade. If this is not an option for you, you would be best served sticking with Drupal 7 until the Drupal 8 release candidate is available.

Content Types

One of the most noticeable changes to the Drupal 8 admin UI is the revised Content Type creation pages.

The “Manage Fields” page no longer contains a “widget” column. There is a new tab, “Form Display,” which allows more flexible configuration of the node add/edit form.

“Manage Fields” also no longer allows custom sorting of the fields. “Body” is always listed first, followed by the custom fields in alphabetical order. The fields can be reordered  on the “Manage Form Display” and “Manage Display” tabs.


In Drupal 8, comments are set up as a field, rather than a setting in the node type. To turn on comments for a content type, add a field of type "Comments" on the "Manage Fields" page. This is a more flexible system than in Drupal 7, allowing more than one type of comments for a single node.

This change mostly affects the admin UI. Comments are still entities in Drupal 8, and their underlying data structure is similar to Drupal 7.

Database structure

The notable changes in the database structure relate to the user profiles and the table names for field tables.

The “users” table (a single table in Drupal 7) has been split into “users” and “users_field_data” which contains the data from the built-in fields like name and password. Several other tables, including "node", "comment", and "taxonomy_term" have undergone similar structure changes. This restructuring allows for easier translations of data in the core fields.

Drupal 8 field tables now are prefixed with the type of entity they belong to. They have names like “node__field_image” or “user__field_first_name”. The data structure of these tables is similar to the Drupal 7 “field_data_*” tables, with only a few changes (e.g., the "language" column is now named "langcode").


Drush 6, commonly used with Drupal 7, is not compatible with Drupal 8. You will need to install Drush 7, which is still in development. Not to worry, it’s easy to install Drush 7 alongside Drush 6. Here is an excellent article about setting up Drush 7 with Drupal 8 using Composer:

Cache and Registry

Cache and registry handling in Drupal 8 has undergone some major changes from Drupal 7. Notably, the “cache clear” command has been replaced by “cache rebuild.”

Drupal 7:
“drush cache-clear all”
(a.k.a. “drush cc all”)

Drupal 8:
"drush cache-rebuild”
(a.k.a., “drush cr”).

Note: In Drupal 8, you don't need to specify "drush cache-rebuild all." The "cache-rebuild" command appears to always clear all the caches, and any additional arguments are ignored.

Note: “drush cache-clear drush” is still used to update the list of Drush commands.

As of this writing, the “drush registry-rebuild” command does not appear to be supported for Drupal 8. This may change in the near future.

Package Management

Drupal 8 does not allow disabling of modules. The "drush pm-disable" command has been removed. To turn off a module, you need to uninstall it with "drush pm-uninstall" or by using the "Uninstall" tab on the "Extend" page in the admin UI.

As of Drupal 8 beta 2, uninstalling a module does not automatically delete the module's configuration data. However, some modules may have uninstall hooks which delete their configuration when they are uninstalled. Modules like these can no longer be uninstalled without deleting their configuration.

Package Manager bugs

As of this writing, there is a Drush 7 bug that causes an infinite loop when trying to use “drush pm-enable” (a.k.a., “drush en”) to simultaneously download and install a module:

The workaround is to download the module ("drush dl somemodule") and enable it ("drush en somemodule") in two separate steps, or to enable the module through the admin UI. This does not affect modules which you have already downloaded and wish to enable.

Compiled CSS, JS, and Twig files

In sites/default/files are several new directories:

  • sites/default/files/php - Contains compiled Twig templates
  • sites/default/files/css - Contains compiled and gzipped CSS files
  • sites/default/files/js - Contains compiled JS files

These files do not need to be added to your Git repository. Drupal will generate them automatically on page load, and they will have different file names on each machine (local dev machine, dev server, production server, etc.). Similarly, you shouldn’t try to edit these files manually because Drupal will automatically overwrite your changes at the next cache rebuild.

The Drush “cache-rebuild” command will erase these files and rebuild them.

Common errors - File permissions

Incorrect file permissions can cause PHP errors, or missing CSS or JS. Consider the following error:

Fatal error: Class '__TwigTemplate_09ab09ab7c23bd1ffe135ac9872354bdeca182f' not found in /path/to/your/site/drupal/core/lib/Drupal/Core/Template/TwigEnvironment.php on line 152

This error occurs when the web server doesn’t have permissions to write to the directory sites/default/files. Change the permissions or ownership on that directory and this error should go away.

If you encounter pages missing their CSS files, try checking the same file permissions.

Configuration Entities

Drupal 8 introduces a new type of entity, the “configuration entity.” These are represented as YAML files in the “config/install” subdirectory within a module. When the module is installed, the data from these YAML files is loaded into entries in the “config” table in the database.

The "config" table contains many of the settings that were formerly in the "system" table in Drupal 7. It also contains definitions for a number of things that were formerly in separate tables. Notable examples are Taxonomy vocabularies and text filter formats.

Config entities are only updated when the module is installed or uninstalled. Drupal does not rebuild them when you rebuild the cache. During module development, you either need to uninstall and reinstall your module, or use the config_devel contrib module to make managing your config entities easier.

Config entities are particularly useful when writing content migrations, because the migration definitions are config entities.

As of Drupal 8 beta 2, configuration entities are no longer removed when a module is uninstalled. If your custom module uses configuration entities, and you don’t want these to persist during a reinstall of the module, it might be a good idea to write an uninstall hook to remove the entities.

Example uninstall hook to remove configuration entities:

/** * Implements hook_uninstall(). * * Cleans up config entities installed by this module. */ function yourmodule_uninstall() { db_query("DELETE FROM {config} WHERE name = ''"); drupal_flush_all_caches(); }
Categories: Elsewhere

Károly Négyesi: Adding comma separated username autocomplete to a D7 form

Mon, 17/11/2014 - 22:20

Today I needed to add autocomplete to a field that could contain comma separated usernames and obviously the requirements included autocomplete. I thought this problem must be solved already in the ecosystem and sure, Views has it already. So I have added '#autocomplete_path' => 'admin/views/ajax/autocomplete/user', '#element_validate' => array('my_module_usernames_validate') and then

function my_module_usernames_validate(&$element) {
  if ($values = drupal_explode_tags($element['#value'])) {
    // Good thing Views doesn't use the native constructor.
    $handler = new views_handler_filter_user_name();
    // And this function doesn't use the object at all.
    $handler->validate_user_strings($element, $values);

Ps. This has been confirmed as working (with a plugin instance) in D8 too.

Categories: Elsewhere

Creative Juices: Building REST web services with Drupal 7

Mon, 17/11/2014 - 19:48
Building REST web services with Drupal 7 Mon, 11/17/2014 - 13:48 matt
Categories: Elsewhere

Drupal core announcements: Drupal core security release window on Wednesday, November 19

Mon, 17/11/2014 - 05:54
Start:  2014-11-19 (All day) America/New_York User group meeting Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, November 19.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix release on this date; the next window for a Drupal core bug fix release is Wednesday, December 3.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Elsewhere