Tarteaucitron.js Cookie Manager #gdpr

New Drupal Modules - 18 October 2018 - 1:03am

Cookie Manager for GDPR

Categories: Drupal

Superseeds: The Other Side, Part Two

RPGNet - 18 October 2018 - 12:00am
The Agency of Exchange.
Categories: Game Theory & Design

Webform Query

New Drupal Modules - 17 October 2018 - 10:05pm

Query Webform Submission Data

The Webform module stores all submission data in the one table using the EAV model. This is great for performance but it can be tricky to extract submission data matching certain criteria.

Categories: Drupal

Buffer Schedule

New Drupal Modules - 17 October 2018 - 7:48pm

Buffer Schedule allows you to create a set of buffered posts that will publish over time based on your selected settings. You can set specific times between posts to publish new posts in your queue. Additionally, you can set up Buffer schedule to send you a email warning you when the buffer gets low or runs out of content to publish.

Categories: Drupal

Opigno User Reset

New Drupal Modules - 17 October 2018 - 7:23pm

Opigno User Reset is a module for the Opigno LMS Drupal profile that allows administrators or others with the requisite permissions to use a "reset" operation to clear all of a users quiz, course, and class progress. This can be useful when testing, developing a course, or in special situations when running an LMS. The operation should be used carefully as no attempt is made to preserve data for rollback.

Categories: Drupal Drupal 6 core security update for SA-CORE-2018-006 (and mimemail and htmlmail)

Planet Drupal - 17 October 2018 - 4:17pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix multiple vulnerabilities. You can learn more in the security advisory:

Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-006

The following vulnerabilities mentioned in the security advisory also affect Drupal 6:

  • External URL injection through URL aliases - Moderately Critical - Open Redirect

  • Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

The first vulnerability is in Drupal 6 core, however, the 2nd is only present in the contrib modules: htmlmail, and mimemail. If you don't use those modules, you're not affected by the 2nd vulnerability.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on

Categories: Drupal

Development assistant

New Drupal Modules - 17 October 2018 - 3:38pm
Categories: Drupal

Template Suggester

New Drupal Modules - 17 October 2018 - 1:34pm

This module provides template suggestions for everything that Drupal doesn't. So far:

  • Block templates per region

Please make your own suggestions or requests!

For block templates per block type, use Block Type Templates.

For node templates selected by content editors on a per-node basis, see Template Whisperer.

Categories: Drupal

Jacob Rockowitz: Acknowledging individuals contributing to Drupal

Planet Drupal - 17 October 2018 - 1:20pm

In my last blog post, I explained, "Why I am one of the top contributors to Drupal?" and examined my ongoing contribution to the Webform module for Drupal 8. My post was inspired by Dries Buytaert's annual who sponsors Drupal development post. Now I want to dig into that list of who’s and acknowledge other individuals contributing to Drupal.

I am deliberately limiting the discussed contributors to people that I have had minimal or no direct interaction with online or in-person. I want to explore their contributions based on their online presence versus directly interviewing them.

The Drunken Monkey

I genuinely value Drunken Monkey's contribution to Drupal's Search API module.

We rarely appreciate an API module until we have to start using them and diving into the code. The Search API module for Drupal 8 is a magnificent example of great code which conquers one of the hardest challenges in programming: naming things.

For a recent project, I was diving into Search API's code, and Drunkey Monkey helped me out when I discovered Issue #2907518: Breakup tracking of content entities into smaller chunks to prevent memory limit issue. For the developers out there, if you read through the issue to the final patch, you will notice that Drunken Monkey manages to even improve some APIs while fixing the problem.

The Search API Guy

The first place to understand who is who in the Drupal community is people's user profiles. The most immediate thing that stands out about Drunkey Monkey is that he is…

This statement is something I can relate to because I...Read More

Categories: Drupal

Security public service announcements: Drupal 7.x and 8.x release on Oct 17th, 2018 - DRUPAL-PSA-2018-10-17

Planet Drupal - 17 October 2018 - 1:11pm

The Drupal Security team has a core and contrib release window on the 3rd Wednesday of the month. This window normally ends at 5pm Eastern (9PM UTC).

Due to unforeseen circumstances, we are extending the current window we are in by 3 hours until Oct 17th, 2018 at 8pm Eastern (11:59PM UTC).

Categories: Drupal

Virtual reality can help make people more compassionate compared to other media

Virtual Reality - Science Daily - 17 October 2018 - 11:09am
Researchers found that people who underwent a virtual reality experience, called 'Becoming Homeless,' were more empathetic toward the homeless and more likely to sign a petition in support of affordable housing than other study participants.
Categories: Virtual Reality

Steam store pages now officially support animated gifs

Social/Online Games - Gamasutra - 17 October 2018 - 10:45am

Valve has rolled out an update to Steam that allows devs to embed animated gifs directly into the †œabout† section of a game†™s store page. ...

Categories: Game Theory & Design

Security advisories: Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

Planet Drupal - 17 October 2018 - 9:42am
  • Advisory ID: DRUPAL-SA-CONTRIB-2018-006
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2018-October-17

Content moderation - Moderately critical - Access bypass - Drupal 8

In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.

In order to fix this issue, the following changes have been made to content moderation which may have implications for backwards compatibility:

Two additional services have been injected into this service. Anyone subclassing this service must ensure these additional dependencies are passed to the constructor, if the constructor has been overridden.
An additional method has been added to this interface. Implementations of this interface which do not extend the StateTransitionValidation should implement this method.

Implementations which do extend from the StateTransitionValidation should ensure any behavioural changes they have made are also reflected in this new method.

User permissions
Previously users who didn't have access to use any content moderation transitions were granted implicit access to update content provided the state of the content did not change. Now access to an associated transition will be validated for all users in scenarios where the state of content does not change between revisions.

Reported by

Fixed by

External URL injection through URL aliases - Moderately Critical - Open Redirect - Drupal 7 and Drupal 8

The path module allows users with the 'administer paths' to create pretty URLs for content.

In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

The issue is mitigated by the fact that the user needs the administer paths permission to exploit.

Reported by

Fixed by

Anonymous Open Redirect - Moderately Critical - Open Redirect - Drupal 8

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

This vulnerability has been publicly documented.

RedirectResponseSubscriber event handler removal

As part of the fix, \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination has been removed, although this is a public function, it is not considered an API as per our API policy for event subscribers.
If you have extended that class or are calling that method, you should review your implementation in line with the changes in the patch. The existing function has been removed to prevent a false sense of security.

Reported by

Fixed by

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution - Drupal 7 and Drupal 8

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

Reported by

Fixed by

Contextual Links validation - Critical - Remote Code Execution - Drupal 8

The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Reported by

Fixed by


Upgrade to the most recent version of Drupal 7 or 8 core.

Minor versions of Drupal 8 prior to 8.5.x are not supported and do not receive security coverage, so sites running older versions should update to the above 8.5.x release immediately. 8.5.x will receive security coverage until May 2019.

Categories: Drupal

GDC 2019 is now open for registration!

Social/Online Games - Gamasutra - 17 October 2018 - 8:58am

Now's the time to register for GDC 2019! You'll want to look at pass options and register early to get the best price. Plus, some passes have limited quantities so if you†™re interested, don't wait! ...

Categories: Game Theory & Design


New Drupal Modules - 17 October 2018 - 7:20am
Categories: Drupal

Dynamic Entity List

New Drupal Modules - 17 October 2018 - 7:20am
Categories: Drupal

Breaking the VR Speed Barrier: Sprint Vector's Fluid Locomotion Technology - by Lauren Irvine Blogs - 17 October 2018 - 6:25am
Never a developer to shy away from a technical challenge, Survios's second game "Sprint Vector" was created to tackle an issue persistent in VR since its inception: locomotion. So naturally the studio built a game where speedrunning is its heart and soul.
Categories: Game Theory & Design

How Yacht Club Games Created Shovel Knight's Specter Knight, Plague Knight, and Propeller Knight Bosses - by David Craddock Blogs - 17 October 2018 - 6:24am
In another batch of stories from David L. Craddock's "Shovel Knight" published by Boss Fight Books, the author discusses how developer Yacht Club Games designed Shovel Knight's Specter Knight, Plague Knight, and Propeller Knight boss battles.
Categories: Game Theory & Design

Metaspoilers and how they can influence the player experience. - by Bruno Freitas Blogs - 17 October 2018 - 6:23am
In this post I will talk about metaspoiler, a term I create to talk about spoilers that transcends the original media and will analyze some examples.
Categories: Game Theory & Design

Top 3 Game Career Planning Videos from Ask Gamedev - by Matt AG Blogs - 17 October 2018 - 6:20am
Today Ask Gamedev turns 1 year old! If you haven't heard of Ask Gamedev, we're a YouTube channel made up of game industry veterans and we make videos on game design, marketing games, career planning and more. Here are our top 3 videos on career planning:
Categories: Game Theory & Design


Subscribe to As If Productions aggregator