Most people think that using the drush command-line tool is only something hardcore developers do, but it turns out it's also super-helpful for site builders and theme developers too! In my experience, using drush will speed up from 3 to 10 times usual Drupal Admin tasks, compared with visiting the Drupal admin pages in the browser.read more
Drupal 7 and below came with an optional module you can use in your input formats - the "PHP Filter". This allows you to put PHP code into the content of your webpages, and Drupal will process the PHP before rendering the page.Blog Category: Drupal Planet
What do you get when you put two Project Managers in one hotel room for a week at DrupalCon? A lot of work, a lot of laughter, and a lot of learning. Don’t worry, we didn’t kill each other… yet.
With our days spent in sessions and nights spent on Bourbon Street or answering client emails (not at the same time), DrupalCon New Orleans was a truly illuminating experience. I came to LevelTen a year ago not even knowing what “...Read more
Another year, another field trip for the Pi Dramble—my 5-Raspberry-Pi cluster! I presented a session titled Highly available Drupal on a Raspberry Pi Cluster at php[tek] 2016, which just so happens to have moved to my hometown, St. Louis, MO this year!
For this presentation, I remembered to record the audio using a lav mic plugged into my iPhone, as well as iShowU to record what was on my screen. Sadly, I didn't have a secondary camera to capture the Pi Dramble itself, but you can glance at all the other 'Let's build a Pi Cluster' videos if you want to see it in action!
Here's a video recording of the presentation:
First part in a series of how to use XHProf effectively within a VM for a Drupal website. Continue reading…
Drupal.org frontpage posts for the Drupal planet: Gábor Hojtsy: Winner of the 2016 Aaron Winborn Award
The Aaron Winborn Award was created in 2015 after the loss of one of one of the Drupal community’s most prominent members, Aaron Winborn, to Amyotrophic Lateral Sclerosis (also referred to as Lou Gehrig's Disease in the US and Motor Neuron Disease in the UK). Aaron’s commitment to the Drupal project and community made him the epitome of our unofficial motto: "Come for the code, stay for the community". The Community Working Group with the support of the Drupal Association came together to honor Aaron's memory by establishing the Aaron Winborn Award, which annually recognizes an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community.
Nominations were opened in March, giving community members the opportunity to nominate people they believe deserve the award, which were then voted on by the members of the Community Working Group, along with previous winners of the award.
We are pleased to announce that the 2016 recipient of the Aaron Winborn Award is Gábor Hojtsy. During the closing session of DrupalCon New Orleans, Community Working Group members presented the award to Gábor. The award was accompanied by a free ticket to DrupalCon, which he donated to Bojhan Somers.
Gábor was described in his nomination as an "amazing community connector" who is passionate about empowering others, stepping aside and allowing others the space and support to lead, and celebrating even the small wins that people who work with him achieve. The stellar work and leadership he displayed on the D8 Multilingual Initiative, managing sprints, Drupal events and setting up localize.drupal.org are just a few of the ways that this tireless Drupal contributor has been making an enormous impact in our community for more than a decade.
We hope you will join us in congratulating Gábor, who has demonstrated personal integrity, kindness, and above-and-beyond commitment to the Drupal community in abundance.Front page news: Planet Drupal
At this month's Sydney Drupal meet up I did a presentation about Search in Drupal 8. In the video, I explain three ways you can create a search page, they are as follows.
1. Core Search
The core Search module which comes with Drupal has some new functionality in Drupal 8. The biggest change is the ability to create custom search pages without using any other module.
2. Views Filter
A common way to build search pages in Drupal 7 was to create a views page and use the "Search Keywords" filter in views. This can still be done in Drupal 8 and best of all Views is now part of core.
3. Search API
The Search API module is used to create powerful search pages and it's highly extensible. It is the module to learn and use for building search pages.
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!
Today, there is a Moderately Critical security release for XML sitemap to fix a Cross-Site Scripting (XSS) vulnerability.
The module doesn't sufficiently filter the URL when it is displayed in the sitemap.
This vulnerability is mitigated if the setting for "Include a stylesheet in the sitemaps for humans." on the module's administration settings page is not enabled (the default is enabled).
If you have a Drupal 6 site using the XML sitemap, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)
If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.
Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Acquia Developer Center Blog: Introducing Bolt, a Development Tool for Generating New Drupal 8 Projects
It's my pleasure to introduce Acquia Bolt, a development tool for generating new Drupal projects using a template derived from our Professional Services' best practices.
We began building and using Bolt internally over the past year. Our goal was to codify a set of tools and conventions that would allow us to:Tags: acquia drupal planet
This episode we hit a land mark of twenty episodes, so instead of picking on Mario the entire time, we talk about our favorite moments at Drupalcon in New Orleans. Of course this is funny since half of us didn't actually attend the 'Con. Other episode titles considered: "Bob and Mario live vicariously through Mark and Ryan"
Other than a quick sample of blocking a specific file extension using the 'nomask' option, the documenttation for Drupal's file_scan_directory() does not help much with how to bock content from certain directories. The documentation says
So it leaves you to believe that any regex should work. So setting
$options['nomask'] = "#(/deleted/)#"
should block any directory named 'deleted'. The problem is, it doesn't work that way. In file_scan_directory() the regex is not run against the full path of the file, it is only run against the directory or filename recursively. It is not evaluating 'directory1/subsection/deleted/index.html' , where the regex above would definitely come back with a hit and reject the item. It is first evaluating, 'directory', then 'subsection', then 'deleted'... It does not get a hit on deleted because it is missing the slashes on each side.
One possibilty would be to remove the slashes from the regex like this:
$options['nomask'] = "#(deleted)#";
But without the slashes, it would not only reject the directory 'deleted', it would reject the directory 'not-deleted' and the file 'faq-why-my-account-was-deleted.htm' which might have undesired consequences.
The trick to get it to reject only 'deleted' as a directory and its contents is to restrict the regex to only the start and end of the string being evaluated. like this
$options['nomask'] = "#^(deleted)$#";
and if you wanted to block 'deleted' and another directory like '_vti_cnf' it would look like this:
$options['nomask'] = "#^(deleted|_vti_cnf)$#";
While I have had the privilege of attending a number of DrupalCons and camps over the years, I cannot remember one with as many sessions and BOFs (birds of a feather) on the topic of security. In addition to the security talk on the program schedule, I had a great time chatting with individuals in the hallways and a few security focused companies in the exhibit hall.
Your company’s business development team just announced a new Drupal project has been given the green light, and you will be the project manager. What do you need to do to help your development and strategy teams succeed in giving the client the best possible experience and product? You need to ask the right questions.3 questions to ask regardless of the CMS in play
The project manager of any technical project, leveraging Drupal or some other CMS, should first and foremost ask:
1. Where is the Statement of Work (SOW) and how do I access it?
Today I will describe a way to handle multiple teams with their own private file folders using the IMCE module.
Let’s pretend that we have to develop a website called awesome-website.com which consists of three (or more) different teams. The team structure could look as followed:
Every team should only be allowed to edit their own pages but no page from any other team. Therefore it would also make sense to separate the team’s file folders so that the files can be stored separately to secure its privacy.
Of course, we could simply add three IMCE profiles and define their folder access rights individually there. But what about when working with 10 teams? Or 50? Or even more? Then we definitely would prefer a more flexible solution.
Thankfully, IMCE ships with the ability to define user folders by PHP execution, how awesome! But in order to achieve this, we’ll have to set up teams as taxonomy terms first and reference them from our user entities.
First things first: Let’s create a new taxonomy vocabulary called “Teams”. For every team that we will have on our website, we have to create a new taxonomy term in this vocabulary.
Before adding any teams as taxonomy terms though, we’ll have to add a new field called “FTP Folder” to the taxonomy vocabulary.
This field will specify the name of every team’s root folder. So, naturally it shouldn’t contain any spaces or other wicked special characters and it should be URL readable.
In order not to face any unusual results later, it is recommended to configure this field as required.
Afterwards, we can add our three terms, “Team Alpha”, “Team Beta” and “Team Gamma”.
As value for their FTP Folders, we use “team-alpha”, “team-beta” and so on.
That’s it for the taxonomy part! Now let’s link this information to the team’s users.Adding a taxonomy term reference field to the user entity
In my case, I didn’t have multiple roles for the teams. I only had one, called “Team member”. Because every team has exactly the same rights as the others, maintaining only one role suited me best.
For really special cases, I could always just create a new role with the special permissions.
So, how do we link users to their teams the easiest? Exactly, by just adding a taxonomy term reference field to the user entity!
Let’s call this field “Team” and reference our previously created taxonomy vocabulary “Teams” with it.
Now, when adding a new user, we can select it’s team belonging and IMCE will be able to grab the needed information from there.
Yes, IMCE will be able to do that but it’s not doing it yet.
Getting the teams ftp folder for the current user is still something we have to code, so let’s proceed to the next step.
Now we need to provide IMCE the information that we’ve set up before.
We’ve created users belonging to teams, which hold the FTP root folder name for the teams.
What’s left to do, is to write a function (ideally in a custom module, in my example the module is called “awesome_teams”), that combines all information and returns it to IMCE.
Following function would do that for us:
The function expects an user object as argument and will return an array of strings containing all the folder names an user is allowed to access.
Our folder structure would look like this:
Note: The folder “cms/teams/all” is a special folder and every user is allowed to access it.
It will be used to save files which are used globally over multiple or even all teams.
What our code does, is actually looping over all assigned teams for the given user (yes, an user can be in multiple teams!), and adding the teams ftp folder names to the array of accessible folders.
There is no “hook_imce” hook, the “_imce” in the function name does nothing till now. You can also name your function differently. The link from IMCE to our function is something we have to set up in an IMCE profile.
Let’s proceed to the last step then, shall we?
Now, as the last step, let’s create an IMCE profile called “Team member”. You’re free to define any settings as you like, there’s only one thing that will be special about this profile: The accessible directories path.
Instead of writing something constant as “cms/teams/team-alpha”, we’ll write “php: return awesome_teams_imce($user);” here.
So, the setting should look like this:
Now save the profile and you are done!
As soon as one team member now accesses the IMCE page (either via /imce or by the configured file/image fields), he will only see his team’s directories and the special directory “all” which is meant for exchange.
This wasn’t that difficult, was it?
I hope I was able to give you an insight on how to solve more complicated file permission issues with IMCE.
Don’t forget to give feedback, ask questions and follow our blog if you want to read more about our Drupal experiences at Liip!
My role as a principal at LevelTen means that I spend a lot of time overseeing Accounting, Operations, and Marketing. So for my visit to DrupalCon 2016, I wanted to spend as much time as I could talking with other C-level people to see what struggles we have in common and what solutions we've come up with.
Throughout the sessions, summits, and socializing, there were a few key themes that kept coming up over and over from people who run Drupal shops. With that in mind, this post is less of a DrupalCon 2016 takeaway than a preliminary analysis of the economics of Drupal as it...Read more
The normal Drupal instructions for applying patches are well used and reliable. However, I find them to be a little verbose, so I came up with a slightly quicker workflow.TL;DR
The short explanation of what I do is to copy the patch's URL and run this command:curl [patch URL] | patch -p1
Which would then become something like this:
As I've said before in my custom views filter handlers tutorial, views is amazing. Today I was writing a custom style plugin. I got the plugin to show up in the list of available formats, but whenever I saved the form, it wouldn't stick.My Typical Method of Debugging in Drupal
Typically I would throw dpm's to debug, so I started walking through the callstack trying to find where things were going wrong. Then I ran into a line in views that called vpr(). It looked like a print_r debug statement, so I knew this was either being logged or there was a setting somewhere.A Better Way to Debug Views Plugins
Sure enough it is part of the "Enable views performance statistics" setting to have these messages logged with watchdog. To turn it on go to /admin/structure/views/settings/advanced. Even better, when you turn Devel on, you can have them dpm'ed instead. Now I get exactly the information I need to figure out what I was doing wrong, without having to throw my own dpm's in views or ctools.Other Views Settings for Debugging
Also, if you are just looking to debug your views query the "Show the SQL query" and "Show performance statistics" options on /admin/structure/views/settings are invaluable.This post is part of my challenge to never stop learning.
In this blog post I will briefly overview some of the very useful HTTP response header parameters that will help to secure any website. In short - HTTP Response headers are name-value pairs of strings sent back from a server with the content you requested. More information can be found on the internet.
I will cover some of the most important security-related HTTP parameters. The original blog post was written by Scott Helme who is the creator of SecurityHeaders.io. This is a brief overview of his blog post to introduce this technique to our readers.
Swiss has traditionally been dedicated to the best quality and innovation. Some of the best things in life come from Switzerland. Did anyone mention chocolate?
Drupal and free software are no exception. Many companies and individuals are dedicated to them on a daily basis. That said, it is no surprise that Drupal's number one comes from Switzerland.
He wrote an introduction blog post. I'd like to invite you to read it, say hi and follow his work as it progresses through the summer.
Welcome in the Drupal community Vijay!