The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, November 19.
This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).
There will be no bug fix release on this date; the next window for a Drupal core bug fix release is Wednesday, December 3.
Behat is a wonderful tool for automatic testing. It allows you to write your user stories and scenarios in proper English, which is then parsed by Behat and transformed to a set of clicks or other operations that mimic a real user.
If you don't have automated tests on your project, I would argue that you're doing it wrong (I explain why on The Gizra Way presentation). Even having a single test is much better than none.
With that said, it's super easy to abuse Behat. We are developers and we think sort of like machines (not really, but you get my point). If you would like to test login to your site you could easily doGiven I visit "/user/login" # fill the username and password input fields, and click submit When I fill "username" with "foo" And I fill "password" with "bar" And I press "Login" Then I should get a "200" HTTP response
Your test will return green, but it could be improved:
"Why doesn’t Commerce/Magento/$otherSolution handle my taxes properly? That’s the most basic feature!” - many people, often.
When it comes to eCommerce, nobody likes taxes. We expect taxes to “just work”, so we can finish our projects and get on with our lives. At the same time, no other topic is as complex.
Selling online puts us at the crossroads of different (and sometimes conflicting) laws with many rules and even more exceptions. All eCommerce systems provide the basic tools (“Define your tax rates and specify when to apply them”) and make the site developer responsible for tax compliance. The developer usually passes that responsibility to the client, sometimes implicitly. The client consults an accountant, sometimes. But the buck has to stop somewhere, and it often comes back to the developer, 5 days after launch.
As taxes become more and more complex, there is a need for smarter tax handling, where the application does more and the site administrator less. In the Commerce 1.x lifecycle we’ve built the commerce_vat module to handle the more and more complex VAT taxes. For 2.x, we’re bringing this approach back into core, and releasing several libraries to share the solution with the wider PHP community.
At the Drupal Association, we love our members and want to show it. That’s why we team up with some of the best Drupal companies around every month to offer our members spectacular discounts.
This month, we’re pleased to announce that Drupal Association Members can receive 30% off Blink Institute training classes from Blink Reaction. Using the discount code here, Drupal Association members can access fantastic training from Blink, led by veteran Drupalists who are expert trainers. Note: this offer can not be combined with other promotional offers.
Blink Reaction is a premiere provider of enterprise Drupal services to Fortune 1000 companies throughout the US. Their Drupal Training program is designed to help individuals, Enterprise service providers and small business owners harness the power of Drupal.
The Blink Training program has taught beginner and advanced methods to hundreds of individuals and corporations. Blink is proud to offer free and nearly free training through Global Drupal Training Days and at Drupal Camps alongside their public and private training offerings.
Make sure you take advantage of this great opportunity while it lasts. Kudos to our friends over at Blink -- thanks for sharing the Drupal love!
In this episode we look at the Imagefield Focus Module. This module adds another option to the image styles on a content type field. With this module you are able to specify a focus and crop area of your image. Once you have selected either or both of those areas the module then resizes and focuses on the certain area you specified.Tags: DrupalFieldsDrupal 7Image HandlingDrupal PlanetUI/Design
Drupal 8's expanded and broadly-used Entity API extends even to Contact Forms, and recently I needed to create a contact form programmatically as part of Honeypot's test suite. Normally, you can export a contact form as part of your site configuration, then when it's imported in a different site/environment, it will be set up simply and easily.
However, if you need to create a contact form programmatically (in code, dynamically), it's a rather simple affair:
First, use Drupal's ContactForm class at the top of the file so you can use the class in your code later:
It's Global Training Day and we couldn't be more excited! All across the world, people are teaching and learning Drupal, and sharing that open source love.
Global Training Days happen once a quarter, and focus on one of two curriculums:
- "Introduction to Drupal," a full day training on the basics of Drupal. Attendees will leave having successfully built a Drupal site. It is ideal for those interested in exploring Drupal as a career path.
- "What is Drupal?" This half-day workshop will address the basics of Drupal, and will give an overview to those interested in evaluating or implementing Drupal.
Here are some of the highlights of today's Global Training Day tweets.November 14, 2014 November 14, 2014 November 14, 2014
Where's Global Training Day happening? This map shows you where people are learning about Drupal all over the world.
Alongside the long awaited Drupal 8 Beta release, we have also updated our first Drupal 8 theme. We haven't include many new features but we have tried to clean up its code and have improved our starter kit. Anyway, let's dig into the latest new features we have discovered with the first Beta releases of Drupal 8. Feel free to check out the code on drupal.org or read our dedicated blog entry if you want to find out more about our first Drupal 8 theme. If you can wait to see the result, take a look at our online demo.Read More...
When I learned BADCamp wasn't going to be recording sessions, I jumped at the chance to field-test the camp record kits I'm working on. After all, I was confident I fixed the audio equation and was going to start talks with the Drupal Association about next steps.
The current recipe for the kit is a Hauppage HD Rocket PVR for the screen capture and the Zoom H2N voice recorder as the microphone. Add to that a handful of dongles and converters to cover HDMI in/out for the PVR, and you're good to go.
Walking in to BADCamp, I was feeling great. I'm a big advocate for session records and I would be covering three rooms. Pretty cool, right?
Throughout day one of sessions, a couple laptops had connection issues and had to bypass recordings, but overall things appeared to be going smoothly. It wasn't until the end of the day when copying files off the thumb drives that I noticed many recordings were 0k mp4 files, primarily from the main room. This was the most disconcerting, because every indication was that things were working.
On this, I have a couple ideas, but no solid understanding of why the files didn't write. That was the easiest room in terms of handshake between PVR and projector, plus there was a dedicated A/V crew that was helping hook up laptops.
When we tested at Fox Valley's camp, the laptop was typically disconnected by the time I made it to the rooms to swap out equipment. I suspect that disconnecting the device before hitting the stop button and waiting long enough for the files to write may kill the save. This one will be easy to test.
Projectors were also an issue. In the main space, none were HD and all were different flavors of Sony. Some hooked up just fine, while others squeezed the output. The Saturday-only keynote room was loving it.
And then there were presenter laptop issues. There were a few older VGA-only laptops. One refused to work with the VGA to HDMI converted, while one worked for about 15 minutes before failing off and on, mid-presentation. One of the A/V techs suggested that maybe there is not enough USB power on the laptops to handle both the PVR and the converter, so a powered USB hub may be in order. Most Macbooks were fine, but a handful gave output with a very green tint to it.
No surprise, HDMI in/out is proving to be more of a hurdle than originally anticipated. In addition to HDMI in, the PVR also has an option to accept component video. It's likely that converting VGA out from a laptop to component video in to the PVR will be a safer bet. So the question becomes whether I can convert the HDMI out of the PVR to VGA for the projectors.
All in all, this was an enormous fail. That said, this was the absolute best time for it to happen. My goal is to build a system that can handle the majority of the random that a camp will throw at it.
I'm looking forward to testing the next iteration.Tags:
In this tutorial (for DrupalCamp Ohio 2014) we'll explore how to build a mobile application and website that can geo locate places near our current position. The nearby location results will be displayed on a map, and will allow us to click on a result item to view its complete details.
Long time ago in a galaxy far far away… Hold on, it was precisely 7 years ago, 15 November, 2007 in Lutsk, when the InternetDevels Drupal development studio was founded. The company has made a long way since then: overcomed lots of obstacles to gain the respected position at web development market; established number of contacts and connections; made significant contribution to the world’s Drupal community; taken over new development technologies, like Symfony framework… But there’s always something to do!Read more
Thanks to sponsorship from Amnesty Intl. Spain and GMCVO the Webform-Integration module now has 4 new features available for you to try out:
- Support for CiviGrant - allows front-end users to apply for grants and update their application information.
- Multiple Cases - open or update any number of cases on a single webform.
Multiple Activities - Create as many activities as you wish.
Activity and case settings have been decoupled from each other so you can file activities on a case, or not, independent of what cases you are working with.
- File Attachments - Webform Grants and Activities now have built-in support for native file attachments.
You can test these new features by downloading the "dev" version of Webform-CiviCRM 4 and going through the usual module upgrade procedure. This upgrade will alter your existing webform activity and case settings to work with the new features. I recommend trying it out on a test copy of your site and let me know if you spot any bugs. As soon as it's had a bit more testing and feedback we'll get these features into the next stable release of the module.
I was given various bits of advice leading up to my attending my first DrupalCon ever. The essence of the one that stuck with me the most is:
Plan. Be realistic. Know you won’t see everything, so make what you do see count.
First on the agenda - get the travel bug out of my system.
It was great. I have a new favourite city, and very fond memories of a real, live Van Gogh. Monday: explore city. Check.
Whether you’re a startup or an already-established business that wants to start selling online, Drupal has all the tools you need. It provides flexible modules for building e-commerce features and for defining workflows, data structures and lists, and displays. The Drupal Commerce framework provides you with everything required to sell products, services or files online. It integrates very well with Drupal and all its contrib modules, so you almost only need to do configuration – no programming – to build the features you need. In ERPAL Platform, we’ve built a Drupal distribution for the community to use to create flexible business applications. To be as adaptable as possible, it’s based on Drupal Commerce, CRM Core and ERPAL Core. So ERPAL Platform itself actually just supplies an appropriate collection of "best practice" modules from the Drupal community that are already preconfigured and cleverly fitted together to provide features for all kinds of business processes. The sales process is therefore already preconfigured and you can extend it as necessary to integrate seamlessly with project management features, manufacturing features or online shop features.
In the video below, we show you how you can implement ERPAL Platform to use its existing features as the administration backend of your online shop and add a storefront where your customers can buy your products, request quotations and place orders. This enables you to build a complete online business "in one Drupal box" including a backend with a lightweight CRM as well as quotations, orders and invoices to cover the entire sales process for an e-commerce business. In this example your online store will have a completely different theme compared to the administration backend. All you need to do is to download some additional modules and add some specific configurations. It’s that easy: just watch the video!
To see some real use cases about how it works in projects where ERPAL Platform is used to sell products online, you may be interested in the slides of a previous webinar, created in cooperation with the Commerce Guys, the company behind Drupal Commerce.
Motivational slides from a presentation at Drupalcamp Berlin can be found atBuilding an online business "in a Drupal box" from Manuel Pistner
On October 15th a new version of Drupal core was published (see details of this fix), so naturally everyone is wondering: How do I protect my site?How Updates Work in Drupal
Drupal is open source software managed by a community made up of all kinds of experts and hobbyists. Community members who manage security specialize in the processing and verification of all modules hosted on drupal.org and the core of Drupal itself. This super-smart team has a long history in Drupal and a vast understanding of the core code, its history and its planned future.
They are in charge of analyzing the existing application to protect it from malicious threats, regardless of their origins. When an issue is detected, they evaluate its impact and urgency in order to determine an appropriate mode of communication that meets the needs of the community. This usually means that in the event of a risk, an update is issued on one of the pre-planned bi-weekly release dates.
The security team works independently and regularly offers updates to the modules and Drupal core. Below are some ways you can follow these updates to keep your site secure and up to date.The Security Alerts
Most Drupal users have an account on drupal.org. If you don’t have one, you’re missing out and you should get one immediately. From your account, you have access to the "Newsletter" tab. On this page, you are invited to subscribe to the security newsletter and be informed of updates.Twitter
Like any self-respecting tech community, the security team is on Twitter: @drupalsecurity.RSS
Whether you developed your site or worked with an agency, once online it must be maintained. The purpose of this maintenance is not to make your site a Rolls Royce, but rather to protect it against errors, insecurities and to improve it with the new features added to Drupal core and the modules you use. It’s encouraged to update early and often.
You can choose the frequency and process for updates, but the operations to be carried out are always the same: update the core of Drupal, update themes and modules and test the full operation of your application before you push your updated project live. Prior to deployment, ensure you have a full backup of your codebase, your files directories, and your database in case anything goes wrong.How do I update my site?
Several technical means are available to you to get the latest version of core, themes and Drupal modules. Whatever method you choose, you will retrieve new files to install it on your production site. Here is a summary of what to do in general (this protocol is an example for your project, please refer to your usual procedure of deployment).
Starting with a copy of your site on a local environment:
- Get the new version of files or a patch containing updates.
- Review the changelog to see what has been changed that may affect existing functionality on your site, including any new dependencies, minor API changes, or other notes requiring manual intervention in the update process.
- Replace the files or apply the patch. At this point updates are physically available but they are not necessarily applied on your site.
- You may be asked to launch an "update" of the database, for example.
- In this case, start Drush UPDB drush command or run the update.php page on your local copy site. This operation will be applied to your site changes in its database.
- To ensure that the updates have all been taken into account, empty the cache of your site. Please note this may take some time and will affect the navigation on the site for treatment. For production sites, it is recommended to keep your current deployment procedure.
- Once this is done, test your site. Check that everything is working properly.
If you update a Drupal site between two very different versions of the core, it is possible that some functionalities could be affected. However, in an update of one direct release to another, you should not experience major functional changes. When you are confident with this procedure, following your usual process, update your site or sites.How to update Security SA-CORE-2014-005 - Drupal core - SQL injection
If your site has been well-maintained, the security update will be simple and have no effect on the functionality of your project. You can update the core of Drupal as you normally do using this new version: https://www.drupal.org/project/drupal
However, if you have not maintained the core of your application for some time (skipping several versions) and even though we do not recommend it, if you made a manual change in the core of Drupal, we recommend that you apply the patch only containing the security patch itself, here: https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch
In both cases, the changes in the new version of Drupal will have no effect on the functionality of your project, because it only affects one file related to forms.How to ensure security on my eCommerce site?
Security is a key issue for an eCommerce website and it is your duty as a merchant to maintain a safe site for your users. To ensure the security of your site, you must first perform regular Drupal core updates, security or not, or suffer the risky consequences.
Then, regularly update the modules you use. In some cases, this may affect the functionality of your site, and must be treated with kid gloves.
In any case, to make these updates, please refer to the standard procedure for updating your site that you have set up with your agency or web host, or enjoy the new technology implementation of Platform.sh to easily update your site and test with confidence.How Commerce Guys ensures the security of your projects
Subscribers of our Drupal Application Support and Commerce Application Support programs have seen first hand how we can help protect your sites. We patched our customers immediately and 100% were protected whether they hosted with us or not.
Our Platform.sh subscribers benefited from the ability to use a “Drush make” driven workflow to manage the codebase for their sites. This workflow has the advantage of managing the versions of Drupal core and contributed themes and modules on your site through a single configuration file that contains a list of elements that make up your site. Platform.sh uses this file to create and deploy your site by downloading modules and the core of Drupal, making updates fast and easy.
By creating a file Drush Make File, you can ask to recover the latest version of Drupal with the security patch automatically. You gain in maintenance time and reduce your potential for errors.
In addition to ensuring the stability of your hosting, Platform.sh blocked incoming HTTP requests for applications that had not applied the patch. Therefore, only stable sites were available on Platform.sh, and any unprotected sites were immediately aware that action must be taken.
Read more about this protective block here.
If you want to know more about the updates to Drupal, the following links to learn more: