Drupal

Conditional

New Drupal Modules - 18 April 2018 - 1:19am

It's a fork of Conditional Fields module that works with any Drupal elements.

Provides two render properties: #visible_when and #required_when.

Examples:

Categories: Drupal

Matt Glaman: DrupalCon: friends, family & fun in Nashville

Planet Drupal - 17 April 2018 - 7:00pm
DrupalCon: friends, family & fun in Nashville mglaman Tue, 04/17/2018 - 21:00

DrupalCon is always something I look forward to, ever since attending my first one at DrupalCon Los Angeles 2015. As I wrote over a week ago, I drove down from Wisconsin with my wife and two boys to Nashville. We came down for the weekend before and stayed for the weekend after to do some touristing and vacationing. I tried to write one blog about DrupalCon but realized I couldn't really condense everything I had to say. So I plan on pushing out a few post-Nashville blogs.

Categories: Drupal

Tandem's Drupal Blog: Tandem Named Leading Drupal Developer

Planet Drupal - 17 April 2018 - 5:00pm
April 18, 2018 Clutch has named Tandem one of the leading Drupal development agencies in SF for 2018. Last month, the B2B ratings and reviews platform Clutch named the top San Francisco agencies and developers in 2018. We are proud to announce that Tandem was recognized for our expertise and made the list! While we have experience with a variety...
Categories: Drupal

Acquia blocks 500,000 attack attempts for SA-CORE-2018-002

Dries Buytaert - 17 April 2018 - 12:51pm

On March 28th, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. Over the past week, various exploits have been identified, as attackers have attempted to compromise unpatched Drupal sites. Hackers continue to try to exploit this vulnerability, and Acquia's own security team has observed more than 100,000 attacks a day.

The SA-CORE-2018-002 security vulnerability is highly critical; it allows an unauthenticated attacker to perform remote code execution on most Drupal installations. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002.

That changed six days ago, after Checkpoint Research provided a detailed explanation of the SA-CORE-2018-002 security bug, in addition to step-by-step instructions that explain how to exploit the vulnerability. A few hours after Checkpoint Research's blog post, Vitalii Rudnykh, a Russian security researcher, shared a proof-of-concept exploit on GitHub. Later that day, Acquia's own security team began to witness attempted attacks.

The article by Checkpoint Research and Rudnykh's proof-of-concept code have spawned numerous exploits, which are written in different programming languages such as Ruby, Bash, Python and more. As a result, the number of attacks have grown significantly over the past few days.

Fortunately, Acquia deployed a platform level mitigation for all Acquia Cloud customers one hour after the Drupal Security Team made the SA-CORE-2018-002 release available on March 28th. Over the past week, Acquia has observed over 500,000 attacks from more than 3,000 different IP addresses across our fleet of servers and customer base. To the best of our knowledge, every attempted exploitation of an Acquia customer has failed.



The scale and the severity of this attack suggests that if you failed to upgrade your Drupal sites, or your site is not supported by Acquia Cloud or another trusted vendor that provides platform level fixes, the chances of your site being hacked are very high. If you haven't upgraded your site yet and you are not on a protected platform then assume your site is compromised. Rebuild your host, reinstall Drupal from a backup taken before the vulnerability was announced and upgrade before putting the site back online. (Update: restoring a Drupal site from backup may not be sufficient as some of the exploits reinstall themselves from crontab. You should assume the whole host is compromised.)

Drupal's responsible disclosure policy

It's important to keep in mind that all software has security bugs, and fortunately for Drupal, critical security bugs are rare. It's been nearly four years since the Drupal Security Team published a security release for Drupal core that is this critical.

What matters is how software projects or software vendors deal with security bugs. The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication. The team is careful to withhold as many details about the vulnerability as possible to make it difficult for hackers to create an exploit, and to buy Drupal site owners as much time as possible to upgrade. In this case, Drupal site owners had two weeks before the first public exploits appeared.

Historically, many proprietary CMS vendors have executed a different approach, and don't always disclose security bugs. Instead, they often fix bugs silently. In this scenario, secrecy might sound like a good idea; it prevents sites from being hacked and it avoids bad PR. However, hiding vulnerabilities provides a false sense of security, which can make matters much worse. This approach also functions under the assumption that hackers can't find security problems on their own. They can, and when they do, even more sites are at risk of being compromised.

Drupal's approach to security is best-in-class — from fixing the bug, testing the solution, providing advance notice, coordinating the release, being thoughtful not to over communicate too many details, being available for press inquiries, and repeatedly reminding everyone to upgrade.

Acquia's platform level fix

In addition to the Drupal Security Team's responsible disclosure policy, Acquia's own security team has been closely monitoring attempted attacks on our infrastructure. Following the release of the Checkpoint Research article, Acquia has tracked the origin of the 500,000 attempted attacks:

This image captures the geographic distribution of SA-CORE-2018-002 attacks against Acquia's customers. The number denoted in each bubble is the total number of attacks that came from that location.

To date, over 50 percent of the attempted attacks Acquia has witnessed originate from the Ukraine:

At Acquia, we provide customers with automatic security patching of both infrastructure and Drupal code, in addition to platform level fixes for security bugs. Our commitment to keeping our customers safe is reflected in our push to release a platform level fix one hour after the Drupal Security Team made SA-CORE-2018-002 available. This mitigation covered all customers with Acquia Cloud Free, Acquia Cloud Professional, Acquia Cloud Enterprise, and Acquia Cloud Site Factory applications; giving our customers peace of mind while they upgraded their Drupal sites, with or without our help. This means that when attempted exploits and attacks first appeared in the wild, Acquia's customers were safe. As a best practice, Acquia always recommends that customers upgrade to the latest secure version of Drupal core, in addition to platform mitigations.

This blog post was co-authored by Dries Buytaert and Cash Williams.
Categories: Drupal

Dries Buytaert: Acquia blocks 500,000 attack attempts for SA-CORE-2018-002

Planet Drupal - 17 April 2018 - 12:51pm

On March 28th, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. Over the past week, various exploits have been identified, as attackers have attempted to compromise unpatched Drupal sites. Hackers continue to try to exploit this vulnerability, and Acquia's own security team has observed more than 100,000 attacks a day.

The SA-CORE-2018-002 security vulnerability is highly critical; it allows an unauthenticated attacker to perform remote code execution on most Drupal installations. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002.

That changed six days ago, after Checkpoint Research provided a detailed explanation of the SA-CORE-2018-002 security bug, in addition to step-by-step instructions that explain how to exploit the vulnerability. A few hours after Checkpoint Research's blog post, Vitalii Rudnykh, a Russian security researcher, shared a proof-of-concept exploit on GitHub. Later that day, Acquia's own security team began to witness attempted attacks.

The article by Checkpoint Research and Rudnykh's proof-of-concept code have spawned numerous exploits, which are written in different programming languages such as Ruby, Bash, Python and more. As a result, the number of attacks have grown significantly over the past few days.

Fortunately, Acquia deployed a platform level mitigation for all Acquia Cloud customers one hour after the Drupal Security Team made the SA-CORE-2018-002 release available on March 28th. Over the past week, Acquia has observed over 500,000 attacks from more than 3,000 different IP addresses across our fleet of servers and customer base. To the best of our knowledge, every attempted exploitation of an Acquia customer has failed.



The scale and the severity of this attack suggests that if you failed to upgrade your Drupal sites, or your site is not supported by Acquia Cloud or another trusted vendor that provides platform level fixes, the chances of your site being hacked are very high. If you haven't upgraded your site yet, we recommend you do so as soon as possible, in addition to verifying that you haven't been compromised.

Drupal's responsible disclosure policy

It's important to keep in mind that all software has security bugs, and fortunately for Drupal, critical security bugs are rare. It's been nearly four years since the Drupal Security Team published a security release for Drupal core that is this critical.

What matters is how software projects or software vendors deal with security bugs. The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication. The team is careful to withhold as many details about the vulnerability as possible to make it difficult for hackers to create an exploit, and to buy Drupal site owners as much time as possible to upgrade. In this case, Drupal site owners had two weeks before the first public exploits appeared.

Historically, many proprietary CMS vendors have executed a different approach, and don't always disclose security bugs. Instead, they often fix bugs silently. In this scenario, secrecy might sound like a good idea; it prevents sites from being hacked and it avoids bad PR. However, hiding vulnerabilities provides a false sense of security, which can make matters much worse. This approach also functions under the assumption that hackers can't find security problems on their own. They can, and when they do, even more sites are at risk of being compromised.

Drupal's approach to security is best-in-class — from fixing the bug, testing the solution, providing advance notice, coordinating the release, being thoughtful not to over communicate too many details, being available for press inquiries, and repeatedly reminding everyone to upgrade.

Acquia's platform level fix

In addition to the Drupal Security Team's responsible disclosure policy, Acquia's own security team has been closely monitoring attempted attacks on our infrastructure. Following the release of the Checkpoint Research article, Acquia has tracked the origin of the 500,000 attempted attacks:

This image captures the geographic distribution of SA-CORE-2018-002 attacks against Acquia's customers. The number denoted in each bubble is the total number of attacks that came from that location.

To date, over 50 percent of the attempted attacks Acquia has witnessed originate from the Ukraine:

At Acquia, we provide customers with automatic security patching of both infrastructure and Drupal code, in addition to platform level fixes for security bugs. Our commitment to keeping our customers safe is reflected in our push to release a platform level fix one hour after the Drupal Security Team made SA-CORE-2018-002 available. This mitigation covered all customers with Acquia Cloud Free, Acquia Cloud Professional, Acquia Cloud Enterprise, and Acquia Cloud Site Factory applications; giving our customers peace of mind while they upgraded their Drupal sites, with or without our help. This means that when attempted exploits and attacks first appeared in the wild, Acquia's customers were safe. As a best practice, Acquia always recommends that customers upgrade to the latest secure version of Drupal core, in addition to platform mitigations.

This blog post was co-authored by Dries Buytaert and Cash Williams.
Categories: Drupal

Closest Zip Code

New Drupal Modules - 17 April 2018 - 10:47am

A Drupal 8 module which allows you get a closest zip code to another zip code. An API is provided, but no user interface.

Usage Step 1: Install as you would any Drupal module: drush dl closest_zip_code Step 2: Try it!

Let's say you are at zipcode 78376, and you have three locations, 78629, 01343 and 99919, and you want know which is closest, run:

Categories: Drupal

Acquia Environment Config

New Drupal Modules - 17 April 2018 - 9:17am

Allows per-environment configuration settings on the Acquia Cloud servers.

Based on a module by Andrew Larcombe - Environment Config.

Categories: Drupal

Web Wash: Differentiate Websites using Environment Indicator in Drupal 8

Planet Drupal - 17 April 2018 - 8:00am

As a web developer, you probably build your sites first in a local environment (aka localhost), then you commit all your changes to a staging server (i.e. an online server to which only you or the development team has access) and if everything works fine in the staging server, you’ll commit these changes to a production or live server (that’s your online site).

However, you don’t have a way to differentiate between your local, your staging and your production environments apart from the address box of your browser, so it’s very easy to mix up everything and that could lead to complications. The worst case scenario is making changes directly to your live site without testing and breaking it. In order to prevent this, you can use the Environment Indicator module.

The Environment Indicator module adds a visual hint to your site, that way you’ll always be aware of the environment you’re working on. We’re going to cover installation and usage of this module in this tutorial.

Let’s start!

Categories: Drupal

Smooth mouse scrolling

New Drupal Modules - 17 April 2018 - 5:47am

Provides a smooth scroll effect in all the pages using the jQuery.scrollSpeed plugin. Additionally, there is a configuration option to admin to control the scroll step and speed.

Categories: Drupal

Manifesto: Create conversational experiences with the Chatbot API for Drupal 8

Planet Drupal - 17 April 2018 - 5:07am
This is my second post based on the talk I delivered at DrupalCamp London 2018: “Hi user, I am Drupal. How can I help you?” In the first post I looked at some of the scenarios in which chatbots and personal assistants might be used to beneficially serve website content to your audiences and briefly. Continue reading...
Categories: Drupal

Electric Citizen: Electric Citizen and DrupalCon Nashville

Planet Drupal - 17 April 2018 - 4:30am
Nashville Music City Center, a world-class venue

DrupalCon Nashville is in the history books and it was a doozy. The whole team was able to attend a stellar week of learning, sharing our hard-earned knowledge, and networking–interspersed with plenty of fun social events.

Seasoned Drupalers know that DrupalCon is a lot more than a tech conference. It is the community event of the year; a place to meet old friends and new, a celebration, and a barometer of the health of the Drupal platform itself–something we are collectively invested in. Attendees converged from far and wide to be part of it, to contribute, to engage, to learn and share, and to support our chosen technology.

As attendees, sponsors and presenters, Electric Citizen was fully in the mix this year. Read more in this blog post, or on our Twitter, LinkedIn and Facebook channels.

Categories: Drupal

InviteReferrals - Customer Referral Program Software

New Drupal Modules - 17 April 2018 - 2:53am

InviteReferrals : Simplest Referral Marketing Software to design and launch Customer Referral Campaigns within minutes to reach new customers. Install once, edit or create multiple campaigns without changing the code ever on your site. http://www.invitereferrals.com

You can set up 3 types of referral campaigns:

Categories: Drupal

OPTASY: Artificial Intelligence Consulting: What Are the Typical Activities?

Planet Drupal - 17 April 2018 - 2:44am
Artificial Intelligence Consulting: What Are the Typical Activities? adriana.cacoveanu Tue, 04/17/2018 - 09:44

So, you've (finally) overcome your skepticism regarding it: artificial intelligence does have the potential to propel your business right into the future! To drive productivity, enhance efficiency and flexibility and, overall, to transform your brand from the ground up. But how do you know what AI technology to go with? What are the AI use cases perfectly suited for your own business? And this is where artificial intelligence consulting comes in!

An AI consultant/AI consulting company's role is precisely that of answering all your questions and pointing out to you the right AI approach, the AI-powered solution(s) suitable for your own business:
 

Categories: Drupal

Sooper Drupal Themes: How To Use Blocks And Custom Blocks In Drupal 8 | 8 Days To Drupal 8 | Day 2

Planet Drupal - 17 April 2018 - 2:34am

We're counting down the days to the official SooperThemes Drupal 8 Release! Count with us as we're writing a Drupal 8 related blog post every day for the next 8 days.

Drupal 8 block management and drag and drop block video tutorial

view on sooperthemes.com if you can't see the video

Block Administration And Placement In Drupal 8

Same as in Drupal 7, Drupal 8 blocks are placed in regions from the blocks administration page, which is located at Structure > Block layout. A notable improvement in Drupal 8 is that you can now place the same block in different regions. For example: previously it was impossible to put a block in the sidebar on the blog section of your website and at the top of the masthead in another section of your website.

When placing a block in Drupal 8 you're offered block visibility settings that are familiar to people who have experience with Drupal 7. You limit visibility based on content type, paths, and user roles. Third party modules can extend this in Drupal 8, in the video below you see that the Webform module lets you place blocks whenever specific webfoms are showing. 

The Drupal 8 Blocks Administration Page

view on sooperthemes.com if you can't see the video

Custom Content Blocks In Drupal 8

To those familiar with Drupal 7: Drupal 8 lets you make new blocks and enter custom text or HTML. Except it's better. In the old system custom blocks were neutered content, without support for revisions, permissions, or custom block types.

In Drupal 8 blocks are proper first class citizens and support revisioning and custom block types. Basically Drupal 8 does with blocks what we did with the BEAN module in our Drupal 7 theme installation profiles. That's one less contrib module you'll need in Drupal 8! In our Drupal themes' demo installation profiles we offer "Basic Blocks" and "Drag and drop blocks" The latter option will let you design blocks with our front-end visual page builder.

Placing Blocks With Our Visual Page Builder Glazed Builder  Glazed Builder lets you place any Drupal block with our visual drag and drop module. The only blocks that will be missing from the blocks tab are views blocks. This is because we treat all views displays equally and put them under the Views tab. Here you will find every single views display, including Master displays. Moreover we allow you to override some useful views parameters, like pager settings, pager offset, exposed filters, and contextual filters. This is very powerful and you can use Glazed Builder to make news portal layouts, magazine layouts, and even personalized user dashboards. Creating A Footer Block In Drupal 8 I made a little video showing the complete process of creating a footer block in Drupal 8, you probably already found it at the top of this page. We start by adding a simple Copyright notice block using Drupal's native CKEditor. Then we show how you can build a 3 column footer easily with our frontend visual page builder. With Glazed Builder you can add any Drupal blocks and views in the footer, as well as all the standard drag and drop elements, and the extendable suite of HTML snippets in the Glazed Builder sidebar. If you add a drag and drop block to any region in your theme, you can view, edit, and save the block on any page where the blocks shows. It's very convenient and easy to get used to. Glazed Builder handles multiple blocks per page, automatically saves new revisions, and is also language aware.
Categories: Drupal

Deeson: Warden release 1.3.0

Planet Drupal - 17 April 2018 - 2:07am

At the end of March we released the next version of Warden, our open source solution that allows in-house development teams and agencies to keep track of the status of multiple Drupal sites hosted on different platforms. Release 1.3.0 contained the following changes:

  • Added Slack notification for sites on the dashboard
  • Logging request information from Drupal sites
  • Sorting the list of modules
Slack notifications.

This new feature provides a notification command which enables Warden to send details of the sites that need updating (those that are shown in the dashboard) to Slack.

In order to use this, a webhook needs to be set up within your Slack account to send notifications to a specific channel of your choice. Once this has been set up, the webhook URL can be added to the parameters settings within the Warden application (which will be asked for when running composer install after updating the application or can manually be added to the app/config/parameters.yml file to add it post install).

The notification can then be triggered using cron to generate the details and send them to the relevant Slack channel using the following command:

php app/console deeson:warden:dashboard-send-notification --type=slack Logging requests from Drupal sites.

This new feature shows a list of log requests that Warden makes to your Drupal sites. This enables users to be able to see when requests started failing, and will report on a relevant reason (depending upon what is returned from the request).

When viewing a site, there is an additional item in the ‘Actions’ list as well as a link next to the last successful request date time.

This provides a list in reverse chronological order of the requests that have been made to the site, highlighting which ones have failed. This helps users to be able to see when a sites started failing and potentially why.

Sorting the list of modules.

This update adds some additional functionality to the module listing page. By default, this page is sorted by the most used modules first, which is great for understanding how the modules are used, but not so great if you are trying to find a particular module.

With this update, this list can be sorted by module name as well as the number of sites that are using a module. This can be done by clicking on the table header to change the type of sorting that the table is displayed in.

Are you using Warden successfully? What else does the tool need? Come and let us know on our GitHub issues listing page.

Categories: Drupal

Google Analytics Node Reports

New Drupal Modules - 17 April 2018 - 1:30am

Google Analytics Node Reports is an add-on module. That provides site administrators and programmers to graphically represents the reports based on Google Analytics data. This graphical representation of reports is based on each node in Drupal system.

There is an administrator configuration page (admin/config/system/ga-node-report)
available to control the content types that are needed for accessing the report.

The reports are generated from real-time details of Google Analytics. Totally there are 3 types of reports are generated by this module.

Categories: Drupal

Valuebound: Drupal highly critical vulnerability SA-CORE-2018–002 - We've got you covered

Planet Drupal - 17 April 2018 - 12:23am

This blog post attempts to focus on the highly critical vulnerability that was announced by Drupal on 28th March tagged as SA-CORE-2018–002, Drupalgeddon 2.

Recently, Drupal core announced a security advisory rated as highly vulnerable - dubbed DrupalGeddon 2 (SA-CORE-2018-002 / CVE-2018-7600) - that has the potential to affect the vast majority of Drupal 6, 7 and 8 websites.

According to BuiltWith, around 9% of websites are running on Drupal and hence had a high probability of being affected by the vulnerability as the score is 24/25.

Categories: Drupal

Valuebound: Drupal highly critical vulnerability SA-CORE-2018–002 - We've got your back

Planet Drupal - 17 April 2018 - 12:23am

This blog post attempts to focus on the highly critical vulnerability that was announced by Drupal on 28th March tagged as SA-CORE-2018–002, Drupalgeddon 2.

Recently, Drupal core announced a security advisory rated as highly vulnerable - dubbed DrupalGeddon 2 (SA-CORE-2018-002 / CVE-2018-7600) - that has the potential to affect the vast majority of Drupal 6, 7 and 8 websites.

According to BuiltWith, around 9% of websites are running on Drupal and hence had a high probability of being affected by the vulnerability as the score is 24/25.

Categories: Drupal

Preserve page cache

New Drupal Modules - 16 April 2018 - 11:05pm

A variant of Drupal's page cache which ignores cache tags.

By not setting cache tags when writing cache entries, caches are not invalidated by cache tags but only expire after a certain time. Only nodes are kept tagged by node:nid to get invalidated on update.

Categories: Drupal

Pages

Subscribe to As If Productions aggregator - Drupal