Planet Drupal

Subscribe to flux Planet Drupal
Drupal.org - aggregated feeds in category Planet Drupal
Mis à jour : il y a 23 min 46 sec

Acquia Developer Center Blog: Drupal 8 Module of the Week: Permissions by Term

lun, 18/07/2016 - 17:20

Each day, between migrations and new projects, more and more features are becoming available for Drupal 8, the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some prominent, useful, and interesting projects available for Drupal 8--modules, themes, distros, and more! This week: Permissions by Term.

Tags: acquia drupal planetaccess controlgroupogorganic groups
Catégories: Elsewhere

OSTraining: How to Install Drupal 7 Using Bitnami for Windows

lun, 18/07/2016 - 16:05

Bitnami is a software that allows you to install website applications such as Joomla, WordPress and of course Drupal 7.

In this tutorial we will show you how to install Bitnami on Windows to create a Drupal 7 site.

Catégories: Elsewhere

Drupal Blog: Drupal 8.1.7 released

lun, 18/07/2016 - 16:00

Drupal 8.1.7, a maintenance release which contains fixes for security vulnerabilities, is now available for download.

See the Drupal 8.1.7 release notes for further information.

Download Drupal 8.1.7

Upgrading your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. For more information about the Drupal 8.1.x release series, consult the Drupal 8 overview.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 8 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

Bug reports

Drupal 8.1.x is actively maintained, so more maintenance releases will be made available, according to our monthly release cycle.

Change log

Drupal 8.1.7 is a security release only. For more details, see the 8.1.7 release notes. A complete list of all changes in the stable 8.1.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 8.1.7 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisories:

To fix the security problem, please upgrade to Drupal 8.1.7.

Update notes

See the 8.1.7 release notes for details on important changes in this release.

Known issues

See the 8.1.7 release notes for known issues.

Catégories: Elsewhere

Drupal.org frontpage posts for the Drupal planet: Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

lun, 18/07/2016 - 15:53
Description

Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. The details of this are explained at https://httpoxy.org/.

CVE identifier(s) issued
  • CVE-2016-5385
Versions affected
  • Drupal core 8.x versions prior to 8.1.7
Solution

Install the latest version:

  • If you use Drupal 8.x, upgrade to Drupal core 8.1.7
  • If you use Drupal 7.x, Drupal core is not affected. However you should consider using the mitigation steps at https://httpoxy.org/ since you might have modules or other software on your server affected by this issue. For example, sites using Apache can add the following code to .htaccess:
    <IfModule mod_headers.c> RequestHeader unset Proxy </IfModule>

We also suggest mitigating it as described here: https://httpoxy.org/

Also see the Drupal core project page.

What if I am running Drupal core 8.0.x?

Drupal core 8.0.x is no longer supported. Update to 8.1.7 to get the latest security and bug fixes.

Why is this being released Monday rather than Wednesday?

The Drupal Security Team usually releases Security Advisories on Wednesdays. However, this vulnerability affects more than Drupal, and the authors of Guzzle and reporters of the issue coordinated to make it public Monday. Therefore, we are issuing a core release to update to the secure version of Guzzle today.

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Front page news: Planet DrupalDrupal version: Drupal 8.x
Catégories: Elsewhere

DrupalEasy: DrupalEasy Podcast 181 - Everybody used to live in Florida (Jon Pugh - Open Devshop)

lun, 18/07/2016 - 15:07

Direct .mp3 file download.

Jon Pugh Creator and president of Opendevshop inc and co-maintainer of Aegir talks to Ted (where's he been?) and Andrew (2 episodes in row?) about Devshop, Aegir, and life after Florida. All that and our picks of week and five questions!

Interview DrupalEasy News Three Stories Sponsors Picks of the Week Upcoming Events Follow us on Twitter Five Questions (answers only)
  1. Fixing/working with wood
  2. Ansible Container
  3. Rewriting all of Aegir and DevShop in all that modern OOP stuff
  4. A black bear ate my garbage
  5. Moving to NY and actually going to meetups.
Intro Music

Drupal Way by Marcia Buckingham (acmaintainer) (vocals, bass and mandolin) and Charlie Poplees (guitar). The lyrics by Marcia Buckingham, music by Kate Wolfe.

Subscribe

Subscribe to our podcast on iTunes, Google Play or Miro. Listen to our podcast on Stitcher.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.

Catégories: Elsewhere

Drupal core announcements: Drupal 8.x core release on Monday, July 18 (update to previously scheduled window)

dim, 17/07/2016 - 19:28

The Drupal core security release window has been moved to Monday, July 18. See the PSA announcement for the release for details.

Catégories: Elsewhere

David Lohmeyer's Blog: Scaling block output as Twig variables in Drupal 8

sam, 16/07/2016 - 23:30

With Drupal 8's Object Oriented focus, it's just a matter of time before cooler approaches to the theme's giant template.php (now yourtheme.theme) file are found. I've written a nicer way to get block output into the $variables array in page and node preprocess functions. What this allows you to do is use simple variables like {{ my_cool_block_stuff }} in yor Drupal Twig templates.

Catégories: Elsewhere

Wuinfo: Have hundreds of items in one multivalued field?

sam, 16/07/2016 - 03:29

Sounds like a bad design? When the first time I found out this, I thought that should have avoided it in design. But, that is not what we are talking today. After we I figured out a way to fix the performance, it seems quite a powerful way to deal with the business logic.

How to accommodate the request that a node holds thousands of multiple value items in one field? When it comes to editor experience, we have something to share. Multiple values field for a field-collection-item is a usual setup for a content type. When there are only couple dozens of values, everything is good. The default field-collection embed widget with a multivalue field is working well.

As the number of items goes up, the editing page become heavier. In our case, we have a field collection contains five subfields. There is one entity reference field pointing to nodes, two text fields, one taxonomy entity reference field and a number field. Some nodes have over 300 such field collection items. The editing pages for those nodes are like taking forever to load. Updating the node getting more and more difficult.

for such a node, the edit form has thousands of form elements. It is like loading an adult elephant with a small pickup truck. Anything can slow down the page. That can be from web server performance to the network bandwidth and our local computer browser capability. So, we need to find a valid way to handle it. We want the multiple value field to be truly unlimited. Make it capable of holding thousands of field-collection-items value in a single node.

After doing some research, we come with a pretty good solution. Here is what we had done to deal with it.

We use Embeded Views Field to build a block for the field collection items. We paginate it and break down 300 items into 12 pages. Then, we insert the views block into the node editing page. Not loading all the elements into the node editing form, it speeds up the page loading immediately. Display the field collection items in views block is not enough, we need to edit them. I had tried to use the VBO to handle editing and deleting. It did not work. Then we built some custom ajax functions for editing and deleting. We use the ctools modal window as front end interface to edit, delete and add new items. That works well. With modal window and Ajax, we can keep the main node edit page untouched. There is no need to refresh the page every time they change the field-collection-items. Thanks to the pagination of the views block. We now can add as many items as we want into the field collection multivalue field. We added views sorting function to the embedded views field.

Sounds pretty robust, but wait, there is something missing. We quickly running into problem soon we implement it. What about the form to create a new node? On the new node page, the embedded views field block is not working. A new node does not have its node id. We fixed it by using the default widget. It is just for the new node page. We used the following function to switch the field widget.

function MODULENAME_field_widget_properties_alter(&$widget, $context) {
  if ($context['entity_type'] == 'node') {
    if (!isset($context['entity']->nid)) {
      if ($context['field']['field_name'] == 'FIELD_MACHINE_NAME') {
        if ($widget['type'] == 'field_collection_hidden') {
          $widget['type'] = 'field_collection_embed';
        }
      }
    }
  }
}
Catégories: Elsewhere

Sooper Drupal Themes: Glazed 2.5.0 – Massive Release, Powerful New Design Tools

ven, 15/07/2016 - 20:51

New Typography Controls, New Layout Capabilities, Drupal Block Design, and much more!

Today after about a month of coffee-infused delays I'm happy to announce Glazed 2.5.0. and Carbide Builder 1.0.11. Our framework theme has just become massively more powerful, with design tools that help you create any design imagineable the hassle of writing and testing code. While on the surface...

Catégories: Elsewhere

The Sego Blog: Drupal 8, Pantheon & GitKraken: Part 3 of 3

ven, 15/07/2016 - 20:51
07/15/2016Drupal 8, Pantheon & GitKraken: Part 3 of 3

Welcome to the third and final installment of our three part Drupal 8, Pantheon & GitKraken series.

Catégories: Elsewhere

Drupal core announcements: Drupal core security release window on Wednesday, July 20, 2016

ven, 15/07/2016 - 18:52
Start:  2016-07-20 11:00 - 12:00 America/Chicago Organizers:  xjm catch David_Rothstein stefan.r mlhess Event type:  Online meeting (eg. IRC meeting)

The monthly security release window for Drupal 8 and 7 core will take place on Wednesday, July 20.

This does not mean that a Drupal core security release will necessarily take place on that date for any of the Drupal 8 or 7 branches, only that you should watch for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix or feature release on this date. The next window for a Drupal core patch (bug fix) release for all branches is Wednesday, August 03. The next scheduled minor (feature) release for Drupal 8 will be on Wednesday, October 5.

Drupal 6 is end-of-life and will not receive further security releases.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented

Catégories: Elsewhere

Drupal @ Penn State: Special Menu Items and Breadcrumbs

ven, 15/07/2016 - 18:16

If you are using the Special Menu Items module to add things like HRs and unlinked titles to your menus, you might run into the Breadcrumb issue.

If you have a non-linked menu item it may show up on your breadcrumbs as a plain text title which you may not want to see. There are a number of issues for this in the modules queue, but as far as I can tell it has not been fixed.

My quick fix is a function in template.php

Catégories: Elsewhere

Janez Urevc: Sam Morenson is thinking about media in Drupal core

ven, 15/07/2016 - 17:34
Sam Morenson is thinking about media in Drupal core slashrsm Fri, 15.07.2016 - 17:34

My friend and a long time member of the Drupal media team has published a blog post where he thinks about media in Drupal core and possible ways forward.

I am very happy to see mature debate evolving in this area. We need more of that!

Catégories: Elsewhere

Drupal.org blog: What’s new on Drupal.org? - June 2016

ven, 15/07/2016 - 17:20

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

In June the Drupal Association had our annual staff retreat, where the remote team members joined the Portland, OR team for a three day retreat. This year's retreat was particularly important as we found our feet as a smaller, leaner team, and focused on our organizational roadmap for the next twelve months.

For the engineering team in particular, our focus will be on maintaining the critical systems that make project successful: issue queues, updates, testing, packaging, etc, while at the same time finding new ways to support and enable Drupal's evolution.

These were some heady days, but even as we worked through the best ways to continue serving the Drupal community on a strategic level in June, we also found the time to keep making Drupal.org a better home.

Drupal.org updates Documentation Migration

A long running initiative this year has been the creation of a new Documentation system for Drupal.org, a topic we've touched on in many prior updates as it has begun to come online. We are very happy to say that we are moving to the next stage of the documentation project: moving from development to migration.

In June tvn recruited several volunteers to join our documentation migration team, and to become some of the first maintainers for the new Documentation Guides. General documentation, such as Understanding Drupal, Structure Guide, etc. will be migrated first. Documentation for contributed projects will follow in the coming weeks.

Maintainers of contributed projects, who currently have their documentation on Drupal.org, will be added as maintainers to respective documentation guides and are encouraged to clean/tidy up their documentation post-migration.

if you are interested in helping, or sign up as a maintainer for some of the new documentation guides.

Composer Repositories are now in Beta

Drupal.org's Composer repositories allow developers building sites with Drupal to use the Composer command line tool for dependency management. In June we collected feedback from a variety of users, as well as the community volunteers who assisted us with the Composer Community Initiative.

We spent the month iterating quickly on the alpha implementation: fixing bugs and rebuilding the meta data to ensure that users get consistent and expected results. Because of those fixes, and after gathering yet more feedback from the community, we were able to move the Drupal.org Composer repositories to beta.

We encourage you to begin transitioning your composer based workflows to use Drupal.org's composer facade. Package names are stable, and downtimes will be planned and announced. For more information on how to use Drupal.org's Composer repositories, read our documentation.

Better issue credit tools for maintainers

The Drupal.org issue credit system is a unique innovation of our community. By allowing users to attribute their contributions as volunteers, to their employers, or to client customers, we have an insight into the contribution ecosystem for Drupal that is unparalleled among open source projects. We've also already seen the impact of incentivizing organizations to give back to Drupal, by using the credit system as the basis for organization rankings in the marketplace.

In June we added two new tools for maintainers to improve how they grant credit to users. Firstly, maintainers can now deselect the automatic credit attribution for users who have submitted patches. This change was important to prevent gaming the credit system. Secondly, we've given the maintainers the ability to credit users who have not commented in the issue. Whether that help was provided in IRC, Slack, on a video call, or in a sprint room, maintainers can now ensure that those users who helped resolve an issue receive credit for their contributions. Any user who is credited this way can edit their credit attribution if they want to extend that attribution to a supporting organization or customer.

Friendly path aliases for release nodes

We also made a relatively small change that will have a big impact. Path auto is now enabled for project releases, so you for any project a specific release can now be found at:
drupal.org/project/[project_name]/[version]
And you can also find a list of all the releases for a project at:
drupal.org/project/[project_name]/[version]

Take, for example, the Token module:
https://drupal.org/project/token/

You can find the complete index of releases for this project at: https://www.drupal.org/project/token/releases and individual releases now have friendly urls, like this one: https://www.drupal.org/project/token/releases/8.x-1.0-alpha2

Spam Fighting Improvements

Fighting spam on Drupal.org is a never ending battle, but in June we deployed a refinement to our spam fighting tools that helps us to find patterns in registration behavior and prevent spam registrations before they've even started. After flipping on our latest iteration of this spam fighting tool we saw an immediate and dramatic drop-off in suspicious account registrations. With the additional data we've been able to collect we already see ways to improve this even further, so we hope to continue make Drupal.org a cleaner home for the community.

Highlighting Supporting Technologies

Drupal is many things to many different people, but one central function of Drupal is to be the hub of interconnected and complementary technologies. Several of the companies that build these technologies have chosen to support the Drupal project by becoming supporters. To better highlight some of these supporting technologies that work well with Drupal, we've added a supporting technologies listing to the marketplace.

Sustaining support and maintenance DrupalCon

DrupalCon Dublin is coming up soon, from September 26 - 30th. This year we smashed all our previous records for session submissions, and the caliber of speakers and topics is higher than ever before.

In June we opened registration for the event. We encourage you to buy your tickets now! Early bird registration will end soon.

Infrastructure

Infrastructure is the bedrock of Drupal.org - and we're continuing to tune the infrastructure for efficiency, economy, and performance. Alongside the launch of registration for DrupalCon Dublin, we implemented APDQC to improve the performance of the Events website under heavy load.

We've also been upgrading our configuration management from Puppet 3 to Puppet 4, and continuing to standardize our configuration across all of our environments to make our infrastructure durable, consistent, and portable.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects.

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Catégories: Elsewhere

InternetDevels: The BigPipe Drupal 8 module for your website performance optimization

ven, 15/07/2016 - 15:46

We once told you about some great new features of Drupal 8
(in part 1 and part 2). Now it’s time to have a closer look at one
of the most exciting innovations for Drupal 8: the BigPipe Module.

Read more
Catégories: Elsewhere

Zivtech: Foster a Culture of Training

ven, 15/07/2016 - 15:00
What Are Your Values? What really matters? People. I see our staff get married, have children, buy houses, enjoy their lives, their coworkers, and their working environment, and I know that I was part of that. They also created our value.
What You Gain Early on we adopted this idea that we were going to train up our people, and that we weren't going to just expect them to come in all ready to go. We were going to bring people in at all different levels including having no experience at all. Over the years we found that we gained a lot from doing that, so we have much better employee retention than most of our peers. A lot of our people have been here almost since our start.

Our team is very close, and communicates very well. Think of a team as neurons in your brain. The more connections that they have, the better they communicate, the stronger the team.

They are harmonious because they've all been trained in the same way. We don't have a lot of strong conflicts about how we do things. All of our projects are done in the same way.

We're not undoing old opinions, and we also have a lot of generosity towards each other. People give you retention, loyalty, and generosity because you gave them something. You took a chance on them when they didn't have a lot of opportunities, and you invested a lot in them. We also have a lot of developers with other strengths. They are more well-rounded. Our staff includes people with many outside skills, including musicians, artists, writers, and polyglots. Their diverse cognitive frameworks help solve problems creatively.

In a culture of training, everyone values the idea of working together to teach each other. That extends not just to our own team, but to how we interact with our clients. Ultimately I find that clients often value being taught more than they value the end product.

We have this whole team of great communicators who value teaching. Whether they're the project manager, the developer, or the QA person, they're always finding that chance to teach the client something.



Download the full Grow Your Own white paper for free.
Catégories: Elsewhere

Miloš Bovan: Post comments via email

ven, 15/07/2016 - 13:08
Post comments via email

The overall test coverage of Mailhandler module has been improved in the week 7 of Google Summer of Code. The plan for the week 8 was to implement feature for posting comments by sending an email.

Similarly to MailhandlerNode (handler for nodes), we had to create a new config entity: inmail.handler.mailhandler_comment and a handler plugin class. Since comments will have limited support, during the last weekly meeting with my mentors (Miro and Primoz), we decided not to add more analyzers as proposed first, but rather to move comment specific business logic to MailhandlerComment Inmail handler plugin.

In order to simplify the logic in the comment handler, EntityTypeAnalyzer was updated to support partial entity type matching. The entity type was extracted from the subject independently of the second part, which can be bundle or entity ID in case of comments.

The current steps in the comment handler are:

  • Assert we are dealing with comments (the identified entity type is comment)

  • Parse the referenced entity ID from the mail subject: [comment][#entity_id]

  • Validate (authenticate and authorize) a user

  • Create a comment entity if all previous conditions are met

The pull request on Github was already created and it will request additional updates after it received some nice suggestions from my mentor.

The Inmail issue Lack of standard result in collaboration of analyzers progressed well during the last week. After several feedbacks and broad discussion, it is currently in “Needs review” state. In my opinion, it is quite close to be fixed and we will be able to implement the standard analyzer result object into Mailhandler module very soon.

Also, last week I made a few UX improvements in the module.
Inmail demo now supports sample mail messages from mailhandler_d8_demo module. As a related issue, PGP-signed sample mails were added to the demo.

The Mailhandler Demo is our focus for the following week. It will be extended with a sample Mailhandler user with already preconfigured Inmail settings, PGP keys and relevant form and display updates. The goal is to provide an easy start for new Mailhandler users. The progress made on the module so far, will be presented as a short (video) demo. Stay tuned!

 

 

Milos Fri, 07/15/2016 - 13:08 Tags Drupal Open source Google Summer of Code Drupal Planet Add new comment
Catégories: Elsewhere

Janez Urevc: Presentations about various Drupal 8 media modules

jeu, 14/07/2016 - 22:34
Presentations about various Drupal 8 media modules slashrsm Thu, 14.07.2016 - 22:34

In the past few months I gave many talks about the modules that we created as part od Drupal 8 media initiative.

Slide decks for all sessions are available on GitHub and are released under Attribution-NonCommercial-ShareAlike 4.0 International License. This basically means that anyone is free to change and use them for non-commercial purposes. The only thing I ask is to give attribution to the original authors.

If you'd like to give a similar talk at your local meetup or camp feel you are encouraged to do so.

What are the topics that you can cover?

Entity embed

Embedding solution for Drupal 8: https://github.com/slashrsm/entity-embed-session.

Entity browser

Entity browsing and selecting tool for Drupal 8: https://github.com/slashrsm/entity-browser-session.

Drupal 8 cropping

Cropping solutions for Drupal 8: https://github.com/slashrsm/d8-cropping-session.

I co-authored and co-presented this session with Alexander Ross.

NP8 enterprise media distribution

Enterprise media distribution built on Drupal 8: https://github.com/slashrsm/np8-session.

Catégories: Elsewhere

ImageX Media: Higher Education Notes and Trends for the Week of July 11, 2016

jeu, 14/07/2016 - 22:10

There’s never a dull moment in the higher education sector. This week, we had our eyes on a dozen interesting articles across higher education. As always, you’ll find an undercurrent of themes that generally revolve around revenue and student demographics. This week’s higher education notes and trends has topics ranging from wealth distribution amongst North American post-secondary institutions, “over-education” of millennials and enrollment staff becoming the next generation of corporate headhunters.

Catégories: Elsewhere

Acquia Developer Center Blog: Accessibility Testing: The Basic Facts You Need to Know

jeu, 14/07/2016 - 22:04

As businesses realize the importance of having an accessible website, there is a push to check both content and code to ensure that they are meeting 508 compliance standards and other accessibility standards, such as the Web Content Accessibility Guidelines (WCAG).

Tags: acquia drupal planet
Catégories: Elsewhere

Pages