Planet Drupal

Subscribe to Planet Drupal feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 8 hours 35 min ago

mark.ie: Can I Stop PatternLab Variants from Inheriting Data from their Parent Component

19 October 2018 - 5:01am
Can I Stop PatternLab Variants from Inheriting Data from their Parent Component

I have a card component with a title, image, text, and link. How come all my card variants are inheriting all the values from the default one? Short answer, you don't. It's a feature, not a bug.

markconroy Fri, 10/19/2018 - 13:01

Where this really becomes frustrating is when you have a pattern that lists a number of items in an array. In that case, all variants will have (at least) that many items, even though you may want fewer.

For illustration:

list.twig has something like this:

{% for list_item in list_items %}
  {{ list_item }}
{% endfor %}

Then list.yml has something like this:

list_items:
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    -- loads of more teasers for the main listing page

Now you want to create a variant of list such as list~related-articles, but with only 2 items. You'd expect this would work
list_items:
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser

But, no. This will still render as many items as were in the parent component. That's the beauty (a feature, not a bug) of PatternLab's inheritance system. To stop it you need to do something like this:

list_items:
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  -
  -
  - and so on, so each extra one is basically set to 'false'

When we do this with a component such as a card, we might also want to have variants such as card~no-image, card~no-text, etc. In this case, we'd have a card.yml like so:

card_title: 'My Card Title'
card_image: ''
card_text: 'The text of the card will go here'

However, if we create variants, each of the items in card will be inherited to the variant. You'll notice this if you try to create one super mega component for all variants of a hero component for example (hero title, pre-title, sub-title, image, alignment, cta buttons, etc).

In this case, what I do is create a default component card.yml or hero.yml and give it only values for items that will more than likely be in all variants (basically whatever you are going to mark as a required field in Drupal (or whatever CMS you are using)), then set all others to 'false' in the component. Now when I create variants I only need to override the specifics for that variant, since everything else that is being inherited is already set to false. I also create a 'Kitchen Sink' version of the component which shows every item in action but DO NOT create this as the default/reference component.

My default card.yml might look like this:

card_title: 'My Card Title'
card_image: false
card_text: false

Now my variants can look as simple as:

card~with-image.yml
card_image: ''

And card~long-title will be just one line:

card_title: 'This is a long title on a card just to illustrate what happens when it wraps to more than one line'

And that is why this is a feature, not a bug - it allows us to write variants very simply and quickly. Is there a better way of doing this? I'm not aware of one. If you are, drop it in the comments. Thanks.

Categories: Drupal

Matt Glaman: Running Drupal's Nightwatch test suite on DDEV

18 October 2018 - 7:29pm
Running Drupal's Nightwatch test suite on DDEV Thursday 18, October 2018 mglaman

This is the third, and final post in my series on running Drupal’s various test suites using the DDEV local development stack. Previously I covered running Drupal’s Unit, Kernel, and Functional tests and then running Chromedriver to execute the FunctionalJavascript test suite. In this post, I will talk about running the newly introduced Nightwatch.js test framework.

Categories: Drupal

ComputerMinds.co.uk: Quickly update Drupal core

18 October 2018 - 4:17am

If you've got a Drupal site, which you need to update quickly (for example, to address last night's security advisory!), here's a tip. Run this from the command line:

curl 'https://github.com/drupal/drupal/compare/7.59..7.60.patch' | patch -p1

This assumes your codebase was on Drupal 7.59 and you're currently in Drupal's root directory. If you're currently on a different version, adjust the numbers in the patch URL accordingly.

Don't forget to still run database updates via /update.php or drush updatedb !

The Drupal repo on github is a verbatim mirror of the official Drupal repo from git.drupal.org. Github supports comparing arbitrary git references, with the /ORGANIZATION/REPO/compare/GITREF..GITREF URL, where the reference can be a tag, branch or revision. Adding '.patch' to the end of a github URL formats the page as a patch. So I've made use of these three things to give me an exact patch of the changes needed to update Drupal core's code.

We normally use Composer (especially for Drupal 8) or Drush make to manage our codebases, including core, which is definitely the ideal, but sometimes projects aren't organised this way for whatever reason. A simple patch like this avoids the need for drush, or even potential mistakes that can be made when running drush pm-updatecode (such as removing any customisations within core directories).

This method is even compatible with any core patches you already have in place, which normally have to be to re-applied when upgrading core by other methods. If you have any existing changes to core that are incompatible, you'll get errors about not being able to apply anyway, which you can then resolve manually.
(Any patches/hacks you make to core should be documented clearly somewhere, so drush make or composer-patches would be better in that scenario though!)

You can use this method to patch from github even if your core codebase is not in version control. But if it is... always check your diffs before committing! :-)

Categories: Drupal

myDropWizard.com: Drupal 6 core security update for SA-CORE-2018-006 (and mimemail and htmlmail)

17 October 2018 - 4:17pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix multiple vulnerabilities. You can learn more in the security advisory:

Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-006

The following vulnerabilities mentioned in the security advisory also affect Drupal 6:

  • External URL injection through URL aliases - Moderately Critical - Open Redirect

  • Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

The first vulnerability is in Drupal 6 core, however, the 2nd is only present in the contrib modules: htmlmail, and mimemail. If you don't use those modules, you're not affected by the 2nd vulnerability.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Categories: Drupal

Jacob Rockowitz: Acknowledging individuals contributing to Drupal

17 October 2018 - 1:20pm

In my last blog post, I explained, "Why I am one of the top contributors to Drupal?" and examined my ongoing contribution to the Webform module for Drupal 8. My post was inspired by Dries Buytaert's annual who sponsors Drupal development post. Now I want to dig into that list of who’s and acknowledge other individuals contributing to Drupal.

I am deliberately limiting the discussed contributors to people that I have had minimal or no direct interaction with online or in-person. I want to explore their contributions based on their online presence versus directly interviewing them.

The Drunken Monkey

I genuinely value Drunken Monkey's contribution to Drupal's Search API module.

We rarely appreciate an API module until we have to start using them and diving into the code. The Search API module for Drupal 8 is a magnificent example of great code which conquers one of the hardest challenges in programming: naming things.

For a recent project, I was diving into Search API's code, and Drunkey Monkey helped me out when I discovered Issue #2907518: Breakup tracking of content entities into smaller chunks to prevent memory limit issue. For the developers out there, if you read through the issue to the final patch, you will notice that Drunken Monkey manages to even improve some APIs while fixing the problem.

The Search API Guy

The first place to understand who is who in the Drupal community is people's user profiles. The most immediate thing that stands out about Drunkey Monkey is that he is…

This statement is something I can relate to because I...Read More

Categories: Drupal

Security public service announcements: Drupal 7.x and 8.x release on Oct 17th, 2018 - DRUPAL-PSA-2018-10-17

17 October 2018 - 1:11pm

The Drupal Security team has a core and contrib release window on the 3rd Wednesday of the month. This window normally ends at 5pm Eastern (9PM UTC).

Due to unforeseen circumstances, we are extending the current window we are in by 3 hours until Oct 17th, 2018 at 8pm Eastern (11:59PM UTC).

Categories: Drupal

Security advisories: Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

17 October 2018 - 9:42am
  • Advisory ID: DRUPAL-SA-CONTRIB-2018-006
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2018-October-17
Description

Content moderation - Moderately critical - Access bypass - Drupal 8

In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.

In order to fix this issue, the following changes have been made to content moderation which may have implications for backwards compatibility:

ModerationStateConstraintValidator
Two additional services have been injected into this service. Anyone subclassing this service must ensure these additional dependencies are passed to the constructor, if the constructor has been overridden.
StateTransitionValidationInterface
An additional method has been added to this interface. Implementations of this interface which do not extend the StateTransitionValidation should implement this method.

Implementations which do extend from the StateTransitionValidation should ensure any behavioural changes they have made are also reflected in this new method.

User permissions
Previously users who didn't have access to use any content moderation transitions were granted implicit access to update content provided the state of the content did not change. Now access to an associated transition will be validated for all users in scenarios where the state of content does not change between revisions.

Reported by

Fixed by

External URL injection through URL aliases - Moderately Critical - Open Redirect - Drupal 7 and Drupal 8

The path module allows users with the 'administer paths' to create pretty URLs for content.

In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

The issue is mitigated by the fact that the user needs the administer paths permission to exploit.

Reported by

Fixed by

Anonymous Open Redirect - Moderately Critical - Open Redirect - Drupal 8

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

This vulnerability has been publicly documented.

RedirectResponseSubscriber event handler removal

As part of the fix, \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination has been removed, although this is a public function, it is not considered an API as per our API policy for event subscribers.
If you have extended that class or are calling that method, you should review your implementation in line with the changes in the patch. The existing function has been removed to prevent a false sense of security.

Reported by

Fixed by

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution - Drupal 7 and Drupal 8

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

Reported by

Fixed by

Contextual Links validation - Critical - Remote Code Execution - Drupal 8

The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Reported by

Fixed by

Solution

Upgrade to the most recent version of Drupal 7 or 8 core.

Minor versions of Drupal 8 prior to 8.5.x are not supported and do not receive security coverage, so sites running older versions should update to the above 8.5.x release immediately. 8.5.x will receive security coverage until May 2019.

Categories: Drupal

TEN7 Blog's Drupal Posts: Episode 041: Steve Persch

17 October 2018 - 6:01am
It is our pleasure to welcome to the TEN7 podcast Steve Persch, lead developer advocate at Pantheon. Here's what we're discussing in this podcast: Steve's background; Celebrating a Drupal birthday; Theater background and blogging; WordPress experience; Improv comedy and Comedy Sports gaining self confidence; Experience at Palantir in Chicago; Contributing to Workbench; Discovering Git; Teaching WordPress' Guttenberg editor; What the WordPress & Drupal communities can learn from each other; The 2018 Twin Cities Open Source CMS Unconference; WordPress, Drupal & Joomla; Supporting Backdrop; Alexander Hamilton; Steve Vector (alias)
Categories: Drupal

Hook 42: September Accessibility (A11Y) Talks - Love thy Keyboard

16 October 2018 - 6:08pm

Keyboard accessibility is vital, as many assistive devices emulate the keyboard. Using semantic HTML one can achieve an accessible User Interface (UI) with less code than non-semantic markup.

By managing and guiding focus with semantic HTML, developing an accessible UI is rather easy. Semantic HTML plays an important role in not only accessibility but SEO (Search Engine Optimization) as well. Although we are aware of it, it's often overlooked.

In September’s accessibility talk, Sarbbottam Bandyopadhyay shared the trade-offs of using semantic vs non-semantic markup with an everyday example. He also shared how to manage and guide focus. It was a brief presentation emphasizing the various aspects of keyboard accessibility. He concluded with a brief introduction to WAI-ARIA.

Sarbbottam is a frontend engineer, with more than 14 years experience. He currently works at LinkedIn. He is part of LinkedIn's core accessibility team, focusing primarily on web accessibility. He’s been involved with web accessibility since his Yahoo days.

Categories: Drupal

DrupalCon News: DrupalCon Seattle: Where cutting-edge content, networking & contributing come together.

16 October 2018 - 5:06pm
*/

As you’re performing a cost-benefit analysis about attending DrupalCon Seattle — and the days tick closer to the early-bird registration deadline of October 31 — we have valuable feedback from DrupalCon attendees to share.

Categories: Drupal

agoradesign: Using a cart event subscriber to automatically add order items in Drupal Commerce

16 October 2018 - 1:59pm
This time I'm showing you, how you can automatically add another order item after a product has been added to the cart in Drupal Commerce 2.x. The most important info here is, how you can pass the pitfall of possible transient data problems here.
Categories: Drupal

agoradesign: Remove or replace the add to cart message in Drupal Commerce 2.x

16 October 2018 - 9:49am
Commerce ships with a default success message after adding a product to the shopping cart. This is done via an event subscriber, in order to be easy customizable. However, removing, replacing or extending existing services in Drupal 8 is a thing, not every developer is used to do. I'll show you, how easy this is.
Categories: Drupal

Drupal Modules: The One Percent: Drupal Modules: The One Percent — User Password Reset Link Timeout (video tutorial)

16 October 2018 - 7:29am
Drupal Modules: The One Percent — User Password Reset Link Timeout (video tutorial) NonProfit Tue, 10/16/2018 - 09:29 Episode 48

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll consider User Password Reset Link Timeout, a module which permits you to set the duration of password reset links.

Categories: Drupal

Matt Glaman: Running Drupal's FunctionalJavascript tests on DDEV

16 October 2018 - 7:12am
Running Drupal's FunctionalJavascript tests on DDEV Tuesday 16, October 2018 mglaman

This is part two of a series on running Drupal’s testing suites on DDEV. We left off last time with trying to execute a FunctionalJavscript test and having every test case skipped because no browser emulator was available. In this post, we will run through getting set up to execute Drupal’s FunctionalJavascript tests inside of your DDEV web container.

Categories: Drupal

OpenSense Labs: Drupal in the age of FinTech

16 October 2018 - 6:41am
Drupal in the age of FinTech Shankar Tue, 10/16/2018 - 19:11

FinTech and the disruption it can cause to the traditional banking systems is now a hot topic of debate in the banking conferences. Global venture capital funds are super-bullish on this front and are accentuating investments in the FinTech companies. Thanks to the burgeoning demand of FinTech in recent times, more crowdsourcing platforms are letting artists or fledgling entrepreneurs to crowd-source capital from a large constituency of online donors or investors.


For instance, peer to peer (P2P) lending, the high-tech equivalent of borrowing money from friends, helps in raising a loan from an online community at a mutually negotiated interest rate. Also, digital wallet providers allow people to zip money across borders even without any bank accounts using handheld devices.

Amalgamation of these technologies, which goes under the umbrella term FinTech, is expected to metamorphose the way all of us use banking and financial services. And Drupal can act as the perfect content management framework for building a great FinTech platform.

A portmanteau of financial technology


Financial technology, which is referred to as FinTech, illustrates the evolving intersection of financial services and technology. FinTech allows people to innovate while transacting business ranging from digital money to double-entry bookkeeping.

The lines between technology and the financial services are blurring

Since the advent of the internet revolution and later the mobile internet revolution, financial technology has grown multifold. Originally referred to   technology applied to the back office of banks or trading firms, FinTech now caters to a broad variety of technological interventions into personal and commercial finance.

According to EY’s FinTech Adoption Index, one-third of consumers leverage at least two or more FinTech services and more and more of these consumers are also aware of FinTech being a part of their daily lives.

FinTech encompasses the startups, technology companies or even legacy providers. Startups use technology to offer existing financial services at affordable costs and to provide new tech-driven solutions. Incumbent financial enterprises look to acquire or work with startups to drive digital innovation. Technology companies offer payment tools. All these can be seen as FinTech. Surely, the lines between technology and the financial services are blurring.

Origins of FinTech Source: 16Best

In broad lines, the financial industry has seen a gargantuan shift over the years with the way it is leveraged in the times of rapid technological advancements. 16Best has compiled a brief history of FinTech which shows how the gap between financial services and the technology has got bridged over the years.

The gap between financial services and the technology has got bridged over the years.

In 1918, the Fedwire Funds service began offering electronic funds transfer. And while the Great Depression was ravaging the world’s economies, IBM provided some solace with its 801 Bank Proof Cach Machine that offered the means for faster cheque processing. Subsequently, credit cards and ATMs came into existence in the ‘50s and ‘60s.

In 1971, first all-electronic trading emerged in the form of NASDAQ. And in 1973, the SWIFT (Society for Worldwide Interbank Financial Telecommunications) built a unified messaging framework between banks for handling money movement.

1997 was the year which saw the emergence of mobile payment through Coca-Cola Vending Machine. Fast forward to 2000s and the present decade, a slew of innovations crashed into the finance sector with the introduction of digital wallets, contactless payments and cryptocurrencies.

FinTech is definitely re-inventing a quicker and more durable wheel as the world continues to witness a superabundance of new ventures refining financial services with technology.

Merits of FinTech


Financial technology has taken the financial services to a whole new level with a cluster of merits that it offers. Here are some of the major benefits of FinTech:

  • Robo Advisors: They are one of the biggest areas of FinTech. These online investment services put users through a slew of questions and then relies on algorithms to come up with an investment plan for them.
  • Online Lending: It encompasses all aspects of borrowing from personal loans to refinancing student loans which improves money lending.
  • Mobile payments: There is a growing demand for mobile payment options with the stupendous rise of mobile devices over the years.
Total revenue of global mobile payment market from 2015 to 2019 (in billion U.S. dollars) | Statista

Personal Finance and Savings: A plethora of FinTech organisations in the micro saving department have been helping people to save their change for rainy days and a whole lot of them rewarding customers for doing so. For instance, Digit allows you to automate the process of saving extra cash.

Source: Statista

Online Banking and Budgeting: Online banks like Simple reward users for using their ‘automatic savings’ service and also offer a cost-effective option over a traditional bank. Leveraging online tools, they assist users to plan budgets and handle their money smartly from their mobile devices with minimal effort to meet their savings goals.

Insurance: New insurance models have been strengthening the FinTech space. Metromile, an insurance model, sells pay per mile car insurance.

Source: Statista

Regtech: Regulation Technology, which utilises IT to enhance regulatory processes, is one of the significant sectors where numerous FinTech app ideas have come into light around this domain. Regtech is useful for trading in financial markets, monitoring payment transactions and identification of clients among others. For instance, PassFort helps in standardising the online compliance processes.

How is Drupal powering FinTech?

Organisations offering FinTech solutions need to maintain a robust online presence. Drupal has been powering the landscape of FinTech with its enormous capabilities.

The launch of TPG Capital


TPG Capital is one of the major enterprise-level FinTech companies which has leveraged the power of Drupal 8.

One of the primary objectives for TPG’s marketing circuit was to harness the Drupal’s flexibility as a digital empowerment platform. They wanted the ability to make alterations to content on the fly and try out new messaging approaches. Simultaneously, the financial industry’s stringent legal and regulatory requirements called for a flexible TPG platform that would meet the specific needs of the sector thereby offering top-notch security.

Drupal came out as the right choice when it came to the CMS that would facilitate the TPG’s goal for mirroring their cutting-edge business practices and incorporate modern website design and branding.

A digital agency built a responsive, mobile-first site. It featured newer CSS features like Flexbox and CSS animations and minimised the site’s dependence on Compass by introducing auto prefixer. Moreover, Drupal 8 version of Swifttype was built for the search component and contributed back to the Drupal Community.

The launch of Tech Coast Angels


Tech Coast Angels are one of the biggest angel investment organisation in the US. 

Tech Coast Angels selected Drupal as their CMS of choice for its excellent features vis-à-vis user authentication, account management, roles and access control, custom dashboards, intricate web forms for membership and funding application, workflow management and email notifications.

Performance improvements were made by a digital agency to both the Drupal application and the server environments which brought down the costs to a huge extent by minimising the hardware requirements necessary to run the Drupal codebase in both staging and production environments.

With Drupal being one of the most security focussed CMSs, it helped a great deal in making amendments related to security of the site. Views caching were enabled and unnecessary modules were turned off on the production server.

Market trends


The Pulse of FinTech 2018 by KPMG shows that global investments activity in FinTech companies has been steadily rising with 2018 turning out as the most profitable year. It is only going to grow more in the coming years.

In the coming years, the main trends in the asset and wealth management, banking, insurance and transactions and payments services industries can be seen in the illustration above.

Conclusion

FinTech is a great alternative to traditional banks. FinTech excels where traditional banks lag behind. In addition to offering robust financial services leveraging technological advancements, organisations offering FinTech solutions need to have a superb digital presence to offer a great digital experience. Drupal can be an awesome content store for an enterprise-level FinTech platform.

Drupal experts at Opensense Labs have been powering digital transformation pursuits of organisations offering a suite of services.

Contact us at hello@opensenselabs.com to build a FinTech web application for your business using Drupal.

blog banner blog image FinTech Drupal FinTech Drupal and FinTech Financial Technology FinTech platform FinTech web application FinTech website Blog Type Articles Is it a good read ? On
Categories: Drupal

Web Wash: Getting Started with Bootstrap 4 using Barrio in Drupal 8

16 October 2018 - 5:45am

Bootstrap is a powerful front-end framework which helps you build sites and web applications faster by offering prebuilt CSS and JavaScript components.

Some of the CSS components it offers are a grid system, buttons, navigation, jumbotron and so much more. On the JavaScript side, it comes with a few useful items such as a modal, collapsible divs, carousel to name a few. Read the Bootstrap documentation to find out more.

Bootstrap in Drupal

If you search for “drupal bootstrap” in Google, the first result will likely be the Bootstrap theme. This theme is the most popular on drupal.org with over 150,000 reported installs. But as of this writing, the theme only supports Bootstrap 3, not version 4 which is the latest.

So if you want to use Bootstrap 4 you’ll need to use another theme until the Bootstrap theme supports version 4.

In this tutorial, you’ll learn how to configure and use the Drupal 8 version of the Barrio theme which uses Bootstrap 4.

Categories: Drupal

Agiledrop.com Blog: Our blog posts from September 2018

16 October 2018 - 4:09am

You have already seen what Drupal blogs were trending in previous months, and now it is time to look at all the blog posts we’ve written. Here are the blog topics we covered in September 2018.

READ MORE
Categories: Drupal

OSTraining: How to Install CKEditor Plugins in Drupal 8

15 October 2018 - 10:25pm

CKEditor is the WYSIWYG editor that you'll see in Drupal 8.

The default installation of CKEditor has a lot of options, but you can also add more features. CKEditor is an open source editor and has a wide range of extra plugins.

One of our customers asked how they could add 'color",  "text" and "font family" buttons to their CKEditor. This tutorial will explain how to add these buttons to the editor.

Categories: Drupal

agoradesign: Two ways to ajaxify and decouple Drupal Commerce add to cart and wishlist actions

15 October 2018 - 2:17pm
There are a couple of modules out there to ajaxify the add to cart form of Drupal Commerce, but I'll introduce to one that on top offers a real decoupled solution. Additionally I'll show how you can achieve a simpler version of that with only a few lines of custom JS code.
Categories: Drupal

Pages