Drupal @ Penn State: Building conversational interfaces in Drupal

Planet Drupal - 14 October 2016 - 7:16am

I know Dreis caused a lot of smiles when he used Amazon Echo and Drupal 8 to be notified about “Awesome Sauce” going on sale. The future is bright and requires increasingly more ways of engaging with technology. But what if you wanted to start to have a conversation without Echo to do it? What if we wanted to progressively enhance the browser experience to include lessons learned from conversational input technologies.

Categories: Drupal

Drupal @ Penn State: How to export fields from one content type to another

Planet Drupal - 14 October 2016 - 7:16am

The title kind of explains it all. Check out the screencast for a quick demo on how to do it.

Categories: Drupal

Drupal @ Penn State: #Drupal GovDay: #Purespeed talk

Planet Drupal - 14 October 2016 - 7:16am

This is a recording of a presentation I gave at Drupal Gov Day called Purespeed. There’s many posts on this site that are tagged with purespeed if you want to dig into deeper detail about anything mentioned in this talk. This talk consolidates a lot of lessons learned in optimizing drupal to power elms learning network. I talk through apache, php, mysql, front end, backend, module selection, cache bin management, and other optimizations in this comprehensive full-stack tuning talk.

Categories: Drupal

Drupal @ Penn State: Web service requests via snakes and spiders

Planet Drupal - 14 October 2016 - 7:16am

First off, hope you are all enjoying Drupalcon, super jealous.

Its been almost three months since I wrote about Creating secure, low-level bootstraps in D7, the gist of which is skipping index.php when you make webservice calls so that Drupal doesn't have to bootstrap as high. Now that I've been playing with this, we've been starting to work on a series of simplied calls that can propagate data across the network in different ways.

Categories: Drupal

Fullcube Connector

New Drupal Modules - 14 October 2016 - 4:26am

This module provides integration with Fullcube.
The fullcube platform enables high-affinity Brands to enter the subscription economy with programs that fully monetize direct relationships with a Brand's most avid – and most valuable Consumers/Fans.

This package contains 4 modules:

1. **Fullcube API** (fullcube_api)
API connector to fullcube platform.

2. **Fullcube Field Mapping** (fullcube_field_mapping)
Map fields from the Drupal user entity to fullcube person object.

Categories: Drupal

OSTraining: Use the Drupal Hacked! module for peace of mind

Planet Drupal - 14 October 2016 - 4:21am

Hacked! Is an extremely powerful Drupal module avalible in both Drupal 7 and 8 that allows you to check Drupal's modules and core against Drupal.org stored versions to make sure they have not been tampered with. This module is great for none coders to ensure that the modules are safe and have not been tampered with. It will not check any subthemes or custom modules that do not exist on Drupal.org.

Categories: Drupal

Unimity Solutions Drupal Blog: My DrupalCon Dublin Board Retreat!

Planet Drupal - 13 October 2016 - 10:10pm

Drupalcon is always special! Back from DrupalCon, left feeling happy, proud to be part of a caring Board, a passionate DA team and last but not least the wonderful Drupal community.

Categories: Drupal

RAVE Alerts

New Drupal Modules - 13 October 2016 - 8:58am

This module provides integration with the RAVE system for campus alerts used 1400 campuses to communicate with 40% of the U.S. Higher Education population in the event of an emergency or campus closure.

Categories: Drupal

Commerce Vipps

New Drupal Modules - 13 October 2016 - 3:23am

Vipps is a Norwegian payment application designed for smartphones developed by DNB. Vipps was released May 30, 2015 and by reaching 1 million users November 5, 2015 - Vipps is Norways largest payment application. Although Vipps is developed by DNB it is an application open for customers from any Norwegian bank and 40% of the users are non-dnb customers.

Categories: Drupal

Aurelien Navarre: How to find PHP code in Drupal nodes

Planet Drupal - 13 October 2016 - 2:49am

Before Drupal 8 was released, the PHP Filter module was part of Drupal core and allowed site builders and developers to create a PHP filter text format. While very convenient for developers and themers, this was also very risky as you could easily introduce security or even performance issues on your site, as a result of executing arbitrary PHP code.

What's the use case for injecting PHP code in content anyway?

There never is a truly good reason to do so except when you're developing the site and willing to quickly test something. Most of the time, using PHP in content is either the result of laziness, lack of time (easiest to add raw PHP directly rather than having to build a custom module) or lack of Drupal API knowledge. PHP Filter is most often used to inject logic in nodes or blocks. As horrible as it sounds, there are very interesting (and smart!) use cases people have come up with and you have to respect the effort. But this is just not something acceptable as you should always advise a clear separation of concerns and use the Drupal API in every instance.

In the past 5 years I've seen things such as:

  • Creating logic for displaying ads after the body
  • Injecting theming elements on the page
  • Redirecting users via drupal_goto() which was breaking cron and search indexing
  • Using variable_set() to store data on node_view()
  • Including raw PHP files
  • ...

The list goes on and on and on.

After heated discussions, and because it was far too easy to have users shoot themselves in the foot, it was finally decided to remove the module from core for Drupal 8. But as the usage statistics for Drupal core page shows, we still have more than 1 million Drupal 6 and 7 sites out there that are potentially using it.

If you're still building Drupal 7 sites or if you're taking over maintaining a Drupal 6 or 7 site, it's thus your responsibility to ensure no PHP code is being executed in nodes, blocks, comments, views, etc.

Determine if the PHP text format is in use

So, before you start wondering if you have an issue to fix, let's find out if the PHP module is enabled.

mysql> SELECT name FROM system WHERE name = 'php'; +------+ | name | +------+ | php | +------+ 1 row in set (0.00 sec)

Now, we need to confirm there is indeed a PHP filter text format on your site. You can use the Security Review module, navigate through the Drupal UI, or query MySQL, which is preferred here and later on because it gives us the granularity we need.

mysql> SELECT format,name,status FROM filter_format WHERE format="php_code"; +----------+----------+--------+ | format | name | status | +----------+----------+--------+ | php_code | PHP code | 1 | +----------+----------+--------+ 1 row in set (0.00 sec)

When you do have the php_code text format in use on a site, then you need to start your investigation. In this post we'll focus only on nodes. But the same logic applies for all entities.

Audit all nodes with the php_code text format

In the below example we only have 4 nodes. This means php_code was used only when it was required. But it might very well be that all nodes on a site would use the PHP text filter by default. Tracking down issues would then become more challenging. Worse, removing the text filter entirely would be a very time-consuming task in terms of site auditing, as you might not know what is or isn't going to break when you do the change.

mysql> SELECT nid,title,bundle,entity_type FROM field_data_body LEFT JOIN node ON node.nid=field_data_body.entity_id WHERE body_format='php_code'; +------+-----------------------+----------+-------------+ | nid | title | bundle | entity_type | +------+-----------------------+----------+-------------+ | 7571 | Test nid 7571 | article | node | +------+-----------------------+----------+-------------+ | 538 | Test nid 538 | page | node | +------+-----------------------+----------+-------------+ | 5432 | Test nid 5432 | article | node | +------+-----------------------+----------+-------------+ | 1209 | Test nid 1209 | article | node | +------+-----------------------+----------+-------------+ Find PHP code in nodes

Now that we know which nodes have the php_code text filter set, it's easy to find out if there's indeed PHP code in them, and if it's breaking the site in any way, causing performance troubles, or introducing a security hole.

mysql> SELECT body_value FROM field_data_body WHERE entity_id=7571; +--------------------------------------------------------------+ | body_value | +--------------------------------------------------------------+ | Thank you for participating! Your results can be found below. <?php include path_to_theme()."/calculator-results.php"; ?> | +--------------------------------------------------------------+ What about Drupal 8?

As we said in the introduction, the PHP Filter module now lives in contrib instead of Drupal core. And it's very good like that, because it'll prevent the vast majority of Drupal users from installing it. Because, you know, if they can, they will.

If it does exist in production though, then you're in for the same investigation. Fortunately, with Drupal 8 it's even easier to determine when a node is using the php_code text format as you only need one MySQL query and no JOIN.

mysql> SELECT entity_id,bundle,body_value,body_format FROM node__body WHERE body_format = 'php_code'; +-----------+---------+----------------------------+-------------+ | entity_id | bundle | body_value | body_format | +-----------+---------+----------------------------+-------------+ | 1 | article | <?php echo 'hi there!'; ?> | php_code | +-----------+---------+----------------------------+-------------+ 1 row in set (0.00 sec)

Now that you know how to find PHP code in nodes, it's your job to review the code and fix it if necessary, then find ways to remove it completely (custom / contrib module? Theming?). You'll feel a sense of joy when you can switch back to Basic HTML, Markdown, or any other controlled and secure text format.

Categories: Drupal

Crop Instance

New Drupal Modules - 12 October 2016 - 1:42pm

Crop Entity allows you to create a context specific crop of an image. When you crop an image from e.g. a node form, a crop entity will be created and a relation from the node to the crop will be registered. Thereby you can safely reuse images from your media library and crop them specific to the content at hand. It creates a new image in the file system that will replace the original image when rendering the referencing entity.

Categories: Drupal

myDropWizard.com: Drupal 6 security update for Elysia Cron

Planet Drupal - 12 October 2016 - 10:18am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Elysia Cron module to fix a Cross-Site Scripting (XSS) vulnerability.

Users who have permission to configure this module have the ability to add insufficiently sanitized JavaScript in the "Predefined rules" field, however, this vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer elysia cron".

You can download the patch for Elysia Cron 6.x-2.x.

If you have a Drupal 6 site using the Elysia Cron module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Categories: Drupal

Third & Grove: Third & Grove sponsors Bay Area Drupal BadCamp 2016

Planet Drupal - 12 October 2016 - 8:43am
Third & Grove sponsors Bay Area Drupal BadCamp 2016 antonella Wed, 10/12/2016 - 11:43
Categories: Drupal

Appnovation Technologies: My Experience At DrupalCon Dublin

Planet Drupal - 12 October 2016 - 2:31am

This year was special for me, for the first time since DrupalCon Copenhagen (back in 2010), I was able to attend a DrupalCon, thanks to Appnovation.

Categories: Drupal

Agiledrop.com Blog: AGILEDROP: Drupal's path from 4.0 to 8.0

Planet Drupal - 11 October 2016 - 10:23pm
Last time we guided you through early beginnings of Drupal. We explained how all started and how first versions of Drupal were made. This time we will look how this open-source content-management framework evolved from its fourth to its latest, eight version. Drupal 4.0 Drupal’s fourth version was released on 15. 6. 2002. It became a platform for any type of web application. Users were able to modify it and extend it to fit their needs. Developers came from all across Europe and US, so Drupal became international open source project with over 100 major pages using it. Taxonomy module, who… READ MORE
Categories: Drupal

Leopathu: Dynamic Block Weight in Drupal 8

Planet Drupal - 11 October 2016 - 10:16pm
In such a time, i want to place blocks in sidebar region with the dynamic weight. It means the blocks should render in different position for each page request. I have searched and tried lots of method but unfortunately i can’t find proper method to do that. So i have decided to do that with some hacky way.
Categories: Drupal

Leopathu: Create a custom Twig filter in Drupal 8

Planet Drupal - 11 October 2016 - 10:16pm
Twig can be extended in many ways; you can add extra tags, filters, tests, operators, global variables, and functions. You can even extend the parser itself with node visitors. In this blog, I am going to show you how to create new custom twig filters in drupal. For example we are going to create a filter to remove numbers from string, will explain with hello_world module. Create hello_world folder in modules/custom/ folder with the following files,
Categories: Drupal

Leopathu: Configure Multisite in Drupal 8

Planet Drupal - 11 October 2016 - 10:16pm
One of the most favourite and  valuable features in drupal is multisite configuration, Drupal 8 provide simple way to create multisite it reduced lots of works. The following steps shows to configure multisite in drupal 8,
Categories: Drupal

Leopathu: Drupal Tricks - 1

Planet Drupal - 11 October 2016 - 10:16pm
I needed a way to check the currect user has permission to view the currect/particular page, Searched lot finally got the exact way, going to show the tricks to you in this blog. Drupal has an api called " drupal_valid_path " , Normally it used to test the url is valid or not. but the trick is that, It also check the user has permission to view the currect/particular page.
Categories: Drupal

Leopathu: Install Drupal Using Drush

Planet Drupal - 11 October 2016 - 10:16pm
Most of the times developers don't like the GUI, It makes feel lazy. Drupal has a tool (Drush) to do some management work from command line. And also the installing the drupal site makes very lazy while doing with browser, The Drush has an option to install the full site with a single command. The Following command will install the drupal in standard method, drush site-install standard --account-name=admin --account-pass=[useruser_pass] --db-url=mysql://[db_user]:[db_pass]@localhost/[db_name]
Categories: Drupal


Subscribe to As If Productions aggregator - Drupal