Acquia Developer Center Blog: 5 Mistakes to Avoid on your Drupal Website - Number 2: Security

Planet Drupal - 16 June 2016 - 2:49pm

Good security practices protect your site from hacker attacks. In this article we'll look at some methods for reducing security risks on your site. 

Drupal Security Best Practices

Drupal has good security built in if used correctly. However, once you begin to configure your site you might introduce new security issues. Plan configuration so that only trusted users have permissions that involve security risks.

Tags: acquia drupal planet
Categories: Drupal

DrupalCon News: Sharing the secrets of your success!

Planet Drupal - 16 June 2016 - 2:07pm

Welcome to Dublin, stranger. Why don't you come and warm yourself round our campfire? There. That's better.

Help yourself to stew, it's all we have, but you're welcome to share it.

It's good stew, warms all the right parts in all the right ways. The only thing we ask in return is that you share with us your secrets. You know, the secrets of your success.

Don't be shy now, I can see from the way you walk that you're a superstar project manager. Seeing that sort of thing is just a gift of mine, I guess.

Categories: Drupal

ImageX Media: Higher Education Notes and Trends

Planet Drupal - 16 June 2016 - 1:47pm

In this week’s higher education notes and trends, predictive behavior technology comes to the education sector, for-profit schools see sharp declines and a closer look at how the University of Southern California is differentiating itself from other prestigious private schools by becoming a leader in recruiting minorities. 

Categories: Drupal

Taxonomy Bootstrap Accordion

New Drupal Modules - 16 June 2016 - 1:17pm

Provides a Bootstrap accordion for taxonomy vocabularies. This module is compatible only with Bootstrap 3 since significant changes were made between version 2 and 3.


* Please see Bootstrap documentation for which version of jQuery is required.

Categories: Drupal

Lullabot: Lullabot Project Manager Roundtable

Planet Drupal - 16 June 2016 - 1:00pm
Matt & Mike sit around with several Lullabot project managers, and talks about the ins, outs, and hows of PMing.
Categories: Drupal

Acquia Developer Center Blog: The Risks and Rewards of Fully Decoupling Drupal

Planet Drupal - 16 June 2016 - 12:36pm

With the advent of web services in Drupal 8 core, decoupling Drupal — namely, using Drupal as a content repository to expose data for retrieval and manipulation by other applications — has never been easier. Now, with the REST module in core, you can transform Drupal into a data service without custom code or substantial configuration. But is it a good idea? What are some of the considerations you should scrutinize when opting for a fully decoupled project?

Tags: acquia drupal planet
Categories: Drupal

Field Visibility

New Drupal Modules - 16 June 2016 - 12:10pm

Provides a method for hiding or displaying fields when editing a node to a user based on their role. This works differently than field_access that is an "opt-in". This uses an "opt-out" model where all fields are visible by default unless turned off for that role. All default or existing values of the field are maintained.


Categories: Drupal

Commerce Commdoo

New Drupal Modules - 16 June 2016 - 5:48am

Drupal Commerce Payment Gateway integration for CommDoo.

Categories: Drupal

Darren Mothersele: PHP Framework in One Weekend

Planet Drupal - 16 June 2016 - 5:30am

Earlier this year I set about creating a day of training for DrupalCamp London. It was based on a PHP Framework course I’d given, but reduced to fit into a day. We ended up focusing on Modern PHP, as that was most useful for the attendees in their transition from Drupal 7 to Drupal 8.

It was a really successful day, and I had some great feedback. I have since developed the idea into a two day training course, which looks at some of the core concepts behind most modern PHP apps.

Over the past couple of months I have worked hard to refine the content and edit it down into a short guide. I’ve released it (thanks to Leanpub) in the form of a book. It guides the reader through a weekend-long project to construct a simple PHP web framework.

“a weekend, the fundamental unit of coding self-improvement” - Peter Shirley

In particular, it uses Symfony Components, and some other popular PHP packages, to demonstrate the core features of web frameworks, like routing, templating, controllers, and dependency injection. Projects such as Drupal, phpBB, Laravel, eZ Publish, Joomla!, Magento, Piwik, and many more are using Symfony Components as a foundation on which to build. The book uses these, and more, to build our own PHP Framework in a weekend.

Here’s the full contents:

  • Getting Started
  • Managing Complexity
  • Testing
  • HTTP
  • Templating
  • Content
  • Routing
  • Controllers
  • Dependency Injection
  • Design and Layout
  • Reuse

Click the cover image below to get the book:

Drop me a line if you have any questions.


Categories: Drupal

Dynamic Entity Access

New Drupal Modules - 16 June 2016 - 2:32am

Drupal 8 content access control gone meta. DIY taxonomy access control / organic groups / domain access.

Categories: Drupal

Image Popup Formatter

New Drupal Modules - 16 June 2016 - 1:08am

Popup Field formatter for Image field Types

Categories: Drupal

Savas Labs: Using XHProf to profile your Drupal module

Planet Drupal - 15 June 2016 - 5:00pm

Second part in a series of how to use XHProf effectively within a VM for a Drupal website. Continue reading…

Categories: Drupal

Drupal Association News: Acknowledging the Drupal Association's Supporting Partners - Q2

Planet Drupal - 15 June 2016 - 3:20pm

There are so many amazing companies in the Drupal universe contributing their time and resources to the community and project right now. They’re taking the initiative to encourage their employees to contribute code. They’re sharing what they've learned while trying to provide clients with superior digital experiences. They’re donating their time to provide educational content to the community. And they’re doing a lot of it through their own internal operations.

Some of these businesses are also members of our Supporter Programs, which fund Drupal.org’s maintenance and improvements. And for that, we can’t thank them enough.

"Supporting Partners help us make Drupal.org a better home for our community. Their financial support is directly responsible for DrupalCI, the Issue Credits system, and all the other initiatives we've undertaken as a team. Take the Drupal 8 landing page as one example. Funding from Supporting Partners let us promote the release of Drupal 8 with a level of professionalism and finesse that no Drupal release has had before. Work like that builds a stronger ecosystem for our Supporters and for the wider community." - Tim Lehnen (hestenet), Drupal Association Project Manager

In this quarter alone, with financial support from the Supporting Partners, the Drupal.org tech team has been able to:

  • Launch the Alpha of their Composer façade
  • Update the Git Twisted daemon, which serves as the backend for the Drupal.org Git repositories and packaging process
  • Launch a new staging environment that more closely matches the production environment, optimizing the development workflow
  • Improve performance of the DrupalCon Events website
  • Deploy CKEditor to Drupal.org's Section, Page, and Post content types, which brings a more impressive editorial experience to Drupal.org
  • Bring PhantomJS testing to DrupalCI, so the Drupal project can now test at the JavaScript level

All of this happened while ensuring DrupalCI ran smoothly for DrupalCon New Orleans sprints, successfully launching registration for DrupalCon Dublin (get your tickets now!), and launching the DrupalCon Baltimore splash page. Needless to say, the Drupal.org team has been busy, and it wouldn’t have been possible without our Supporting Partners financial contributions.

Check out our recent Drupal.org update for more details on exactly what the team was able to accomplish this past quarter. And to see where the team is headed next, take a look at the Drupal.org team's working roadmap.

As a testament to the relentless support these companies continue to show, here’s a list of new or renewing partners just this quarter:

  1. EPAM Systems
  2. Aten Design Group
  3. Phase2 Technology
  4. Lullabot
  5. Digital Circus
  6. HS2 Solutions
  7. Cybage Software, Inc.
  8. The Cherry Hill Company
  9. Cheeky Monkey Media
  10. Access
  11. Message Agency
  12. Adapt A/S
  13. Unleashed Technologies, LLC
  14. Promet Source
  15. Digital Echidna
  16. ThinkShout Inc.
  17. Amazee Labs
  18. ImageX Media
  19. Four Kitchens
  20. Evolving Web
  21. Acro Media Inc
  22. Aquilent
  23. Facet Interactive
  24. Last Call Media
  25. QED42 Engineering Pvt Ltd.
  26. Bluehost
  27. Blackmesh
  28. OpsGenie
  29. Arvixe
  30. GreenGeeks
  31. JetBrains

If you want to give back to the Project and help fund this important work, please contact our Executive Director, Megan Sanicki, for details. Your participation will be much appreciated and your company will also be able to enjoy great benefits in return!

Categories: Drupal

Acquia Developer Center Blog: Drupal 8 Module of the Week: Rules

Planet Drupal - 15 June 2016 - 1:30pm

Each day, between migrations and new projects, more and more features are becoming available for Drupal 8, the Drupal community's latest major release. In this series, the Acquia Developer Center is profiling some prominent, useful, and interesting projects--modules, themes, distros, and more--available for Drupal 8. This week: Rules.

Tags: acquia drupal planetRulesworkflowintegration
Categories: Drupal

myDropWizard.com: Drupal 6 security update for Views!

Planet Drupal - 15 June 2016 - 1:29pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Views to fix an Access Bypass vulnerability.

An access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view.

This issue is mitigated by the fact that the view must be configured to show a "Content statistics" field, such as "Total views", "Views today" or "Last visit".

Download the patch for Views 6.x-2.x or 6.x-3.x.

If you have a Drupal 6 site using the Views module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Categories: Drupal

Drupal Blog: Drupal 8.1.3 and 7.44 released

Planet Drupal - 15 June 2016 - 12:32pm

Drupal 8.1.3 and 7.44, maintenance releases which contain fixes for security vulnerabilities, are now available for download.

See the Drupal 8.1.3 and Drupal 7.44 release notes for further information.

Download Drupal 8.1.3 Download Drupal 7.44

Upgrading your existing Drupal 8 and 7 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 8.1.x release series, consult the Drupal 8 overview. More information on the Drupal 7.x release series can be found in the Drupal 7.0 release announcement.

Security vulnerabilities

Drupal 8.1.3 and 7.44 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security vulnerabilities, please upgrade to either Drupal 8.1.3 or Drupal 7.44.

Change log

Drupal 8.1.3 is a security release only. For more details, see the 8.1.3 release notes. A complete list of all changes in the stable 8.1.x branch can be found in the git commit log.

Drupal 7.44 is a security release only. For more details, see the 7.44 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 8.1.3 and 7.44 release notes for details on important changes in each release.

Known issues

See the 8.1.3 and 7.44 release notes for details on known issues affecting each release.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 8 and 7 include the built-in Update Manager module, which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 8.1.x and 7.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Categories: Drupal

Annertech: Reusable Media in Drupal 8 - it's a reality, here's how!

Planet Drupal - 15 June 2016 - 11:10am
Reusable Media in Drupal 8 - it's a reality, here's how!

Adding media (for most people that means adding images) in Drupal has been an issue for a long time. Adding reusable media (upload an image once, use it on any page on your website) has been even trickier.

With the advent of Drupal 8 and the sterling work done by the media team, adding reusable media (in a very user friendly manner) is now a reality. This tutorial shows you how:

Categories: Drupal

Acquia Developer Center Blog: How to Develop a Multisite Platform with Acquia Cloud Site Factory

Planet Drupal - 15 June 2016 - 10:58am

Leveraging a common Drupal codebase to power multiple Drupal sites provides compelling benefits, including faster site launches, reduced maintenance overhead, and centralized security updating.

However, in order to be successful and avoid typical traps, the use of a common Drupal codebase requires some extra design care and strategy.

Tags: acquia drupal planet
Categories: Drupal


New Drupal Modules - 15 June 2016 - 8:53am
Categories: Drupal

Cryptic.Zone: Customer Chat: Live Customer Support for Drupal

Planet Drupal - 15 June 2016 - 8:47am

E-commerce sites are more and more commonly offering live chat for their visitors as a way of customer support. There is a wide selection of modules for Drupal that can add this functionality. However, most, if not all, I found rely on third party chat services. A while ago, I decided to build a native live chat module in connection with a project of mine. The module has been released as Customer chat.

Categories: Drupal


Subscribe to As If Productions aggregator - Drupal