Planet Drupal

Subscribe to Planet Drupal feed - aggregated feeds in category Planet Drupal
Updated: 13 hours 54 min ago

Drupal @ Penn State: How to export fields from one content type to another

14 October 2016 - 7:16am

The title kind of explains it all. Check out the screencast for a quick demo on how to do it.

Categories: Drupal

Drupal @ Penn State: #Drupal GovDay: #Purespeed talk

14 October 2016 - 7:16am

This is a recording of a presentation I gave at Drupal Gov Day called Purespeed. There’s many posts on this site that are tagged with purespeed if you want to dig into deeper detail about anything mentioned in this talk. This talk consolidates a lot of lessons learned in optimizing drupal to power elms learning network. I talk through apache, php, mysql, front end, backend, module selection, cache bin management, and other optimizations in this comprehensive full-stack tuning talk.

Categories: Drupal

Drupal @ Penn State: Web service requests via snakes and spiders

14 October 2016 - 7:16am

First off, hope you are all enjoying Drupalcon, super jealous.

Its been almost three months since I wrote about Creating secure, low-level bootstraps in D7, the gist of which is skipping index.php when you make webservice calls so that Drupal doesn't have to bootstrap as high. Now that I've been playing with this, we've been starting to work on a series of simplied calls that can propagate data across the network in different ways.

Categories: Drupal

OSTraining: Use the Drupal Hacked! module for peace of mind

14 October 2016 - 4:21am

Hacked! Is an extremely powerful Drupal module avalible in both Drupal 7 and 8 that allows you to check Drupal's modules and core against stored versions to make sure they have not been tampered with. This module is great for none coders to ensure that the modules are safe and have not been tampered with. It will not check any subthemes or custom modules that do not exist on

Categories: Drupal

Unimity Solutions Drupal Blog: My DrupalCon Dublin Board Retreat!

13 October 2016 - 10:10pm

Drupalcon is always special! Back from DrupalCon, left feeling happy, proud to be part of a caring Board, a passionate DA team and last but not least the wonderful Drupal community.

Categories: Drupal

Aurelien Navarre: How to find PHP code in Drupal nodes

13 October 2016 - 2:49am

Before Drupal 8 was released, the PHP Filter module was part of Drupal core and allowed site builders and developers to create a PHP filter text format. While very convenient for developers and themers, this was also very risky as you could easily introduce security or even performance issues on your site, as a result of executing arbitrary PHP code.

What's the use case for injecting PHP code in content anyway?

There never is a truly good reason to do so except when you're developing the site and willing to quickly test something. Most of the time, using PHP in content is either the result of laziness, lack of time (easiest to add raw PHP directly rather than having to build a custom module) or lack of Drupal API knowledge. PHP Filter is most often used to inject logic in nodes or blocks. As horrible as it sounds, there are very interesting (and smart!) use cases people have come up with and you have to respect the effort. But this is just not something acceptable as you should always advise a clear separation of concerns and use the Drupal API in every instance.

In the past 5 years I've seen things such as:

  • Creating logic for displaying ads after the body
  • Injecting theming elements on the page
  • Redirecting users via drupal_goto() which was breaking cron and search indexing
  • Using variable_set() to store data on node_view()
  • Including raw PHP files
  • ...

The list goes on and on and on.

After heated discussions, and because it was far too easy to have users shoot themselves in the foot, it was finally decided to remove the module from core for Drupal 8. But as the usage statistics for Drupal core page shows, we still have more than 1 million Drupal 6 and 7 sites out there that are potentially using it.

If you're still building Drupal 7 sites or if you're taking over maintaining a Drupal 6 or 7 site, it's thus your responsibility to ensure no PHP code is being executed in nodes, blocks, comments, views, etc.

Determine if the PHP text format is in use

So, before you start wondering if you have an issue to fix, let's find out if the PHP module is enabled.

mysql> SELECT name FROM system WHERE name = 'php'; +------+ | name | +------+ | php | +------+ 1 row in set (0.00 sec)

Now, we need to confirm there is indeed a PHP filter text format on your site. You can use the Security Review module, navigate through the Drupal UI, or query MySQL, which is preferred here and later on because it gives us the granularity we need.

mysql> SELECT format,name,status FROM filter_format WHERE format="php_code"; +----------+----------+--------+ | format | name | status | +----------+----------+--------+ | php_code | PHP code | 1 | +----------+----------+--------+ 1 row in set (0.00 sec)

When you do have the php_code text format in use on a site, then you need to start your investigation. In this post we'll focus only on nodes. But the same logic applies for all entities.

Audit all nodes with the php_code text format

In the below example we only have 4 nodes. This means php_code was used only when it was required. But it might very well be that all nodes on a site would use the PHP text filter by default. Tracking down issues would then become more challenging. Worse, removing the text filter entirely would be a very time-consuming task in terms of site auditing, as you might not know what is or isn't going to break when you do the change.

mysql> SELECT nid,title,bundle,entity_type FROM field_data_body LEFT JOIN node ON node.nid=field_data_body.entity_id WHERE body_format='php_code'; +------+-----------------------+----------+-------------+ | nid | title | bundle | entity_type | +------+-----------------------+----------+-------------+ | 7571 | Test nid 7571 | article | node | +------+-----------------------+----------+-------------+ | 538 | Test nid 538 | page | node | +------+-----------------------+----------+-------------+ | 5432 | Test nid 5432 | article | node | +------+-----------------------+----------+-------------+ | 1209 | Test nid 1209 | article | node | +------+-----------------------+----------+-------------+ Find PHP code in nodes

Now that we know which nodes have the php_code text filter set, it's easy to find out if there's indeed PHP code in them, and if it's breaking the site in any way, causing performance troubles, or introducing a security hole.

mysql> SELECT body_value FROM field_data_body WHERE entity_id=7571; +--------------------------------------------------------------+ | body_value | +--------------------------------------------------------------+ | Thank you for participating! Your results can be found below. <?php include path_to_theme()."/calculator-results.php"; ?> | +--------------------------------------------------------------+ What about Drupal 8?

As we said in the introduction, the PHP Filter module now lives in contrib instead of Drupal core. And it's very good like that, because it'll prevent the vast majority of Drupal users from installing it. Because, you know, if they can, they will.

If it does exist in production though, then you're in for the same investigation. Fortunately, with Drupal 8 it's even easier to determine when a node is using the php_code text format as you only need one MySQL query and no JOIN.

mysql> SELECT entity_id,bundle,body_value,body_format FROM node__body WHERE body_format = 'php_code'; +-----------+---------+----------------------------+-------------+ | entity_id | bundle | body_value | body_format | +-----------+---------+----------------------------+-------------+ | 1 | article | <?php echo 'hi there!'; ?> | php_code | +-----------+---------+----------------------------+-------------+ 1 row in set (0.00 sec)

Now that you know how to find PHP code in nodes, it's your job to review the code and fix it if necessary, then find ways to remove it completely (custom / contrib module? Theming?). You'll feel a sense of joy when you can switch back to Basic HTML, Markdown, or any other controlled and secure text format.

Categories: Drupal Drupal 6 security update for Elysia Cron

12 October 2016 - 10:18am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Elysia Cron module to fix a Cross-Site Scripting (XSS) vulnerability.

Users who have permission to configure this module have the ability to add insufficiently sanitized JavaScript in the "Predefined rules" field, however, this vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer elysia cron".

You can download the patch for Elysia Cron 6.x-2.x.

If you have a Drupal 6 site using the Elysia Cron module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on

Categories: Drupal

Third & Grove: Third & Grove sponsors Bay Area Drupal BadCamp 2016

12 October 2016 - 8:43am
Third & Grove sponsors Bay Area Drupal BadCamp 2016 antonella Wed, 10/12/2016 - 11:43
Categories: Drupal

Appnovation Technologies: My Experience At DrupalCon Dublin

12 October 2016 - 2:31am

This year was special for me, for the first time since DrupalCon Copenhagen (back in 2010), I was able to attend a DrupalCon, thanks to Appnovation.

Categories: Drupal Blog: AGILEDROP: Drupal's path from 4.0 to 8.0

11 October 2016 - 10:23pm
Last time we guided you through early beginnings of Drupal. We explained how all started and how first versions of Drupal were made. This time we will look how this open-source content-management framework evolved from its fourth to its latest, eight version. Drupal 4.0 Drupal’s fourth version was released on 15. 6. 2002. It became a platform for any type of web application. Users were able to modify it and extend it to fit their needs. Developers came from all across Europe and US, so Drupal became international open source project with over 100 major pages using it. Taxonomy module, who… READ MORE
Categories: Drupal

Leopathu: Dynamic Block Weight in Drupal 8

11 October 2016 - 10:16pm
In such a time, i want to place blocks in sidebar region with the dynamic weight. It means the blocks should render in different position for each page request. I have searched and tried lots of method but unfortunately i can’t find proper method to do that. So i have decided to do that with some hacky way.
Categories: Drupal

Leopathu: Create a custom Twig filter in Drupal 8

11 October 2016 - 10:16pm
Twig can be extended in many ways; you can add extra tags, filters, tests, operators, global variables, and functions. You can even extend the parser itself with node visitors. In this blog, I am going to show you how to create new custom twig filters in drupal. For example we are going to create a filter to remove numbers from string, will explain with hello_world module. Create hello_world folder in modules/custom/ folder with the following files,
Categories: Drupal

Leopathu: Configure Multisite in Drupal 8

11 October 2016 - 10:16pm
One of the most favourite and  valuable features in drupal is multisite configuration, Drupal 8 provide simple way to create multisite it reduced lots of works. The following steps shows to configure multisite in drupal 8,
Categories: Drupal

Leopathu: Drupal Tricks - 1

11 October 2016 - 10:16pm
I needed a way to check the currect user has permission to view the currect/particular page, Searched lot finally got the exact way, going to show the tricks to you in this blog. Drupal has an api called " drupal_valid_path " , Normally it used to test the url is valid or not. but the trick is that, It also check the user has permission to view the currect/particular page.
Categories: Drupal

Leopathu: Install Drupal Using Drush

11 October 2016 - 10:16pm
Most of the times developers don't like the GUI, It makes feel lazy. Drupal has a tool (Drush) to do some management work from command line. And also the installing the drupal site makes very lazy while doing with browser, The Drush has an option to install the full site with a single command. The Following command will install the drupal in standard method, drush site-install standard --account-name=admin --account-pass=[useruser_pass] --db-url=mysql://[db_user]:[db_pass]@localhost/[db_name]
Categories: Drupal

Modules Unraveled: 163 Easy Local Development Using Kalabox with Mike Pirog - Modules Unraveled Podcast

11 October 2016 - 10:00pm
Published: Wed, 10/12/16Download this episodeKalabox
  • What is Kalabox?
  • Brief story on history Kalabox
  • Is there a plan to use the “official” Docker for mac backend instead of VirtualBox?
  • Current update on state of Kalabox
  • How does Kalabox compare with other local dev tools like Mamp, DrupalVM etc.?
    • Specifically: Speed, flexibility
  • Is Kalabox, or will it be usable with server environments other than Pantheon? Ie: Acquia, VPS, PlatformSH
Use Cases
  • Team standardization
  • Fast local dev
  • Automated repeatable tasks
  • Github workflow?
  • Composer based workflow?
  • Our three month roadmap
  • You mentioned Tandem in the into, and you gave me a brief description before the show, but can you expand a little bit on what that is?
Episode Links: Mike P. on drupal.orgMike P. on TwitterKalabox WebsiteMain DocumentationPantheon Specific DocumentationPHP Specific DocumentationKalabox on GithubIntro to Kalabox videoThinkTandemTags: Local DevelopmentKalaboxDevelopmentplanet-drupal
Categories: Drupal

Blair Wadman: Introduction to YAML in Drupal 8

11 October 2016 - 1:00pm

YAML is a data serialisation format that is both powerful and easy for us humans to read and understand. In Drupal 8 it's used where Drupal needs a list but doesn’t need to execute PHP. One of the reasons why YAML was chosen for Drupal 8 is because it is already used in Symfony.

Categories: Drupal

Chapter Three: Deploy Drupal updates and new features with Drush commands

11 October 2016 - 10:04am

In this blog post I will provide an example of a method I use to deploy changes on the projects that I work on my own time. This method is very useful when there is a need to make a lot of manual changes to the site when there is a new release. You could use this method to automate deployment process of your Drupal sites. In fact this method can be used for any other non-Drupal sites too.

For this blog post I am using Drush commands.

Lets start form a very simple example. I will use Acquia's directory structure to descibe where I am storing release scripts.

Categories: Drupal

Sooper Drupal Themes: Beautiful New Header Designs, Exciting New Portfolio Features, New Landcsaping & Gardening Demo!

11 October 2016 - 7:40am

Before jumping into the release blog post I wanted to repond to the recent Drupal Planet blog posts about the fact that Drupal 8 has so few themes. In my opinion the short answer is: Drupal 8 adoption is very slow.

The slightly longer answer is that Drupal also faces more competition in the lower end of the market, where themes are most often used. WordPress' growth has been great and is now stagnating, but online site builders like Wix, Weebly, and squarespace are growing and their products are maturing. Another factor that I think relates to Drupal 8's slow adoption especially in the lower end of the market is that Drupal 8 will rely more on distributions due to increased complexity of assembling a fully featured site. As someone who manage a Drupal distribution full time I can tell you it's not as easy as it should be.

Glazed 2.5.3 Release

Today we release what is just the start of a new class of Drupal themes. Over the past year our Glazed theme and Carbide Builder combo has stabilized and proven it's capabilities. With our latest Landscaping Theme Demo we are showing that our framework theme is capable of so much more than your average Multipurpose WordPress theme or Bootstrap template. With refined design options and microinteractions we are pushing our Glazed framework theme forward to make way for a future full of beautiful, effective Drupal theme designs. New header options were added, our main menu system got some improvements.. 


  • Added pull-down header design
  • Improved overlay menu style
  • Support for transparent and full-width menus
  • New minimalistic form theming
  • New design for portfolio pages
  • Image Compare 
  • Lightbox Gallery for portfolio pages
  • Next / Previous node pager
  • CHANGELOG Glazed Theme
  • CHANGELOG Carbide Builder
Glazed Landscaping Theme

As you can see on our roadmap SooperThemes is currently focussing on designing a large collection of Business niche themes based on our Glazed framework Drupal theme and Carbide Drag and Drop Builder. Our most recent addition is Landscaping and Gardening theme. We are not in the business of designing generic niche themes, we aim to release the best niche themes. We developed additional features for this theme including a unique new header and main menu design, an image comparison widget and a lightbox gallery option for portfolio pages. 

Check out the Landscaping & Gardening live demo to view our latest niche theme!

    New Header Options

    While designing new niche theme I quickly realised that our generic bootstrap navbar layout was the most important bottleneck preventing us from producing truly great niche business website designs. The Glazed Settings for the header were refactored, optimized and extended with new style options and 11 new color options. These options are now also made available in our Glazed Content Design field collection so that you can customize headers for specific landing pages and match your creative content. 

    You can now view all these header in our live demo under the new Headers Dropdown menu!

      Image Compare, Lightbox and Portfolio Page Design

      For a landscaping business it's important to showcase your best work to potential customers. The portfolio content type was extended with additional layout options. New features include a Next / Previous node pager at the bottom, an advanced lightbox gallery system for viewing portfolio images and last but not least: an image comparison widget. The comparison widget really makes your case studies stand out, providing an effective and fun way to demonstrate the awesome service your business provided to your customer.

      The comparison widget is touchscreen compatible and responsive. 

        New Form  Design & Theming

        The default Bootstrap 3 forms already started looking dated. We replaced it with a minimalistic new design. Forms now blend in perfectly with any design. Form elements are sublty colored only when interacted with. The selectbox now features are custom themed dropdown icon that is themed using the default font that you configured in Glazed Settings. The selectbox also sports are a subtle microinteraction animation when hovered.

        The Landscaping contact form uses the webform bootstrap 3 layout module.

        Looking Ahead

        In the future look forward to more Drupal Niche Business themes, as well as our move into Magazine themes. WordPress magazine themes have seen a surge in sales on themeforest recently and I think there is oppurtunity for Drupal to shine in this growing market. After all, Drupal is naturally best at managing large amounts  of structured content and magazines are just that. Combine that with the capability of our drag and drop builder to easily generate attractive creative content and there you have a basis for best-in-class magazine themes. If you are interested in joining our little theme shop you can join now for just $48.

        Categories: Drupal Drupal 8 Views: How to set as admin path

        11 October 2016 - 5:00am

        In many cases, uniting routing with admin path definition makes things easier, but not when it comes to Views because their routes are generated dynamically. The solution I have come up with is to use a RouteSubscriber.

        Categories: Drupal