Drupal CMS News Digest

developments tricks, articles and reviews from Drupal specialists

News Categories: SEO  Design  Marketing
Morpht: Drupal 8 Configuration - Part 1: The Configuration API
Background We live in an age of Drupal complexity. In the early days of Drupal, many developers would have a single Drupal instance/environment (aka copy) that was their production site, where they would test out new modules and develop new functionality. Developing on the live website however sometimes met with disastrous consequences when things went wrong! Over time, technology on the web grew, and nowadays it's fairly standard to have a Drupal project running on multiple environments to allow site development to be run in parallel to a live website without causing disruptions. New functionality is developed first in isolated private copies of the website, put into a testing environment where it is approved by clients, and eventually merged into the live production site. While multiple environments allow for site development without causing disruptions on the live production website, it introduces a new problem; how to ensure consistency between site copies so that they are all working with the correct code. This series of articles will explore the Configuration API, how it enables functionality to be migrated between multiple environments (sites), and ways of using the Configuration API with contributed modules to effectively manage the configuration of a project. This series will consist of the following posts: Part 1: The Configuration API Part 2: How the API works (...
DrupalCon News: Reflections from DrupalCon Seattle’s Grant & Scholarship Recipients
What an event this last DrupalCon was! Thanks to all who joined us in April for DrupalCon Seattle 2019.

In planning this event, more funds than ever before — 30 percent more, to be exact — were allocated for grants and scholarships. This tied in with the overall aim of having a cross-section of attendees, all of whom play a part in contributing and advancing the Drupal Project. Funding for grants and scholarships is from the support of our conference partners, as well as conference registrations.

Sven Decabooter: How to make a Drupal 8 local task title dynamic
How to make a Drupal 8 local task title dynamic When defining local tasks (= tabs) in your Drupal 8 modules, you can specify a title for the tab via the 'title' property in your [MODULENAME].links.task.yml file. However, in some cases you might want to make the task title dynamic, e.g. depending on the context of the entity where the tab is displayed.
This can be achieved by overriding the \Drupal\Core\Menu\LocalTaskDefault class with your own class for that tab. Here is an example that uses a callback function to dynamically set the title, both for the route and the local task:   Add the dynamic logic to your controller File: my_module/src/Controller/DynamicTabController.php <?php namespace Drupal\my_module\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\node\NodeInterface; /** * Controller for our dynamic tab. */ class DynamicTabController extends ControllerBase { /** * Route title callback. * * @param \Drupal\node\NodeInterface $node * The node entity. * * @return string * The title. */ public function getDynamicTabTitle(NodeInterface $node) { return $this->t('Dynamic tab for @type', ['@type' => $node->bundle()]); } } Use the dynamic title callback for your route File: my_module/my_module.routing.yml entity.node.dynamic_tab: path: '/node/{node}/dynamic_tab'...
Specbee: Drupal 8.7 Features (What’s New and Why Should You Care)
How do you stay ahead of your competition? Easy - Be relevant. Address your audience’s pain points. Repeat. With the adoption of the continuous innovation model, Drupal is doing that and more. Drupal 8.7 was released on May 1st following the 6 months release cycle for Drupal 8. We saw huge improvements in Drupal 8.6 which was a big release. With 8.7, it just got better - With more stable modules ready to be used on productions and other interesting out-of-the-box features.
ThinkShout: Recognizing Insecure Drupal Code
Within the Drupal community, it seems like many developers are interested in ensuring their modules and themes are secure, but don’t really know what insecure code looks like. I’ve personally found a lot of resources that tell you about security best practices, but don’t dive deeper into common missteps and their consequences. Drupal 8 is the most modern and secure release of Drupal yet, which leads developers to expect that all Drupal 8 APIs are perfectly safe to use. While it’s great that Drupal has earned that reputation, there are still plenty of ways to leave your site vulnerable. In this blog I’ll go through examples of insecure code that I’ve seen doing security research and review into Drupal 8, which will hopefully make it easier for you to know what to look for when reviewing your own code. So you want to render HTML… Outputting HTML is Drupal’s bread and butter, but if you’re rendering user input you may be vulnerable to cross site scripting, otherwise known as XSS. XSS occurs when a malicious user identifies an exploit that allows user input to be executed as Javascript. Then, typically, an attacker leads someone without higher privileges (an administrator) to trigger the exploit. At that point, an attacker can do anything the administrator can do - add more administrator accounts, delete content, download sensitive data, and potentially use a chained exploit...
Freelock : Assessment of May 8 Drupal Security update SA-CORE-2019-007
Assessment of May 8 Drupal Security update SA-CORE-2019-007 John Locke Wed, 05/08/2019 - 14:12 New versions of Drupal core dropped today, to fix a file handling issue. After assessing the patches, statements, and risks associated with this update, we have decided this is an important update to apply, but not urgent for most of the sites we manage. Exploitation of the flaw takes two things: Drupal Drupal Planet Security Read more about Assessment of May 8 Drupal Security update SA-CORE-2019-007Add new comment
myDropWizard.com: Drupal 6 core security update for SA-CORE-2019-007
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!Today, there is a Moderately Critical security release for Drupal core to fix a vulnerability in the protections added in SA-CORE-2019-003. You can learn more in the security advisory:Drupal core - Moderately Critical - Third-party Libraries - SA-CORE-2019-007Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Security advisories: Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007
Project: Drupal coreDate: 2019-May-08Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Third-party librariesDescription: This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor: In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. [...] The current implementation is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file. Solution: Install the latest version: If you are using Drupal 8.7, update to Drupal 8.7.1 If you are using Drupal 8.6 or earlier, update to Drupal 8.6.16. If you are using Drupal 7, update to Drupal 7.67. Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage. Also see the Drupal core project page.Reported By: Daniel Le Gall Fixed By: Jess of the Drupal Security Team Michael Hess of the Drupal Security Team Oliver Hader David Snopek of the Drupal Security Team Alex Pott of the Drupal Security Team Daniel Le Gall Tim Plunkett
TEN7 Blog's Drupal Posts: Episode 059: 2019 Twin Cities Drupal Camp
Chris Weber and Dan Moriarty, volunteer organizers for the 2019 Twin Cities Drupal Camp are today's podcast guests. We'll be talking about the changes to this year's TCDrupal Camp and fond memories of previous camps.  TCDrupal Camp is a three-day conference for open source enthusiasts, designers, hackers, geeks, developers, UI experts, IT managers and anyone else that wants to find out more about Drupal. It’s a great place to learn, code, network and have fun with your fellow Drupalistas.
Dries Buytaert: Acquia acquires Mautic to create the Open Digital Experience Platform
I'm happy to announce today that Acquia acquired Mautic, an open source marketing automation and campaign management platform. A couple of decades ago, I was convinced that every organization required a website — a thought that sounds rather obvious now. Today, I am convinced that every organization will need a Digital Experience Platform (DXP). Having a website is no longer enough: customers expect to interact with brands through their websites, email, chat and more. They also expect these interactions to be relevant and personalized. If you don't know Mautic, think of it as an alternative to Adobe's Marketo or Salesforce's Marketing Cloud. Just like these solutions, Mautic provides marketing automation and campaign management capabilities. It's differentiated in that it is easier to use, supports one-to-one customer experiences across many channels, integrates more easily with other tools, and is less expensive. The flowchart style visual campaign builder you saw in the beginning of the Mautic demo video above is one of my favorite features. I love how it allows marketers to combine content, user profiles, events and a decision engine to deliver the best-next action to customers. Mautic is a relatively young company, but has quickly grown into the largest open source player in the marketing automation space, with more than 200,000 installations. Its ease of...
Hook 42: Stanford Web Camp 2019
Stanford Web Camp 2019 Lindsey Gemmill Wed, 05/08/2019 - 12:45
Cheeky Monkey Media: 3.5 Ways To Approach (And Budget) For a Drupal 8/9 Migration
3.5 Ways To Approach (And Budget) For a Drupal 8/9 Migration dennis Tue, 05/07/2019 - 23:09 Back in September 2018, Dries Buytaert, founder and project lead of Drupal, announced,  Drupal 7 will be end-of-life in November 2021, Drupal 9 will be released in 2020, and Drupal 8 will be end-of-life in November 2021.  You can read the announcement and get further information on this here - https://dri.es/drupal-7-8-and-9 Since that announcement, Cheeky Monkey Media has been in a lot of conversations with businesses of all shapes and sizes, not-for-profit and for-profit, that are currently on the Drupal 7 CMS platform and are considering migrating to Drupal 8. The first thing everyone needs to realize is the move to drupal 8 will be painful, and almost as expensive as building a Drupal website from scratch. The second thing everyone should realize is that once they’re on Drupal 8, the move to Drupal 9 will be relatively painless. As Dries announced in a later article,
Security public service announcements: Drupal 7 and 8 release on May 8th, 2019 - PSA-2019-05-07
Date: 2019-May-07Vulnerability: Drupal 7 and 8 release on May 8th, 2019Description: The Drupal Security Team will be coordinating a security release for Drupal 7 and 8 this week on Wednesday, May 8th, 2019. We are issuing this PSA in advance because according to the regular security release window schedule, May 8th would not typically be a core security window. This release is rated as moderately critical. The Drupal 7 and 8 core release will be made between 16:00 – 21:00 UTC (noon – 5:00pm Eastern). May 8th also remains a normal security release window for contributed projects.
OSTraining: Define Role Based Field Permissions in Drupal 8
The Field Permissions module in Drupal 8 allows you to set permissions (enter, edit or view) on a Drupal field, based on the role the user belongs to. In order to demonstrate how this module works, we are going to create a content type called "Essay" for the website of a school. There will be 2 roles: Freshman Sophomore. The Freshmen permission will not be allowed to choose the subject of the essay, whereas the Sophomores will have the possibility to choose between literature and history. However, there will be no possibility to change the subject once a student has made a choice. Let’s start!
Drupal Association blog: New on Drupal.org: better visibility into the humans behind the comments
We're excited about a feature built by a member of our community and recently deployed on Drupal.org: to give more human context to discussions in the Drupal issue queue, you can now choose to display your primary language, pronoun, and location. Update your profile now This is an opportunity to bolster human context within an online medium where tone and posture can be difficult to read. Providing this level of detail allows for visibility into the global composition of our community — such as when a person's primary language is not English or when a person resides in a distant time zone. It is important to recognize what being global means and drawing attention to the details that remind us about the people behind the project helps us all to have a greater understanding of one another. You can enable this new feature by editing your user account and adding pronouns to the personal information tab, and location language on the Language/location tab. Finally, you can opt into what you would like shown inline in comments under the "comments" tab.
Agaric Collective: Agaric is Coming to Drupaldelphia this Friday
City Hall in Philadelphia. Photo by Jason Murphy, licensed as Creative Commons By 2.0   Drupaldelphia is an annual camp held in Philadelphia happening this Friday May 10th for the open source content management platform, Drupal. The event attracts developers, site-builders, content administrators, designers, and anyone interested in using Drupal in their organization or upcoming project. We're excited to have Ben present two sessions at the camp. Tickets are only $30 (if you buy today, May 7th!) and the day is packed with helpful presentations and hands-on clinics. See the full schedule. Iterative UX: Find It Cambridge Case Study 2:15-3:45pm
Hussian Room 125 Developing a trusted, ongoing feedback loop with your users ensures that your project is effective and relevant. We call this approach Iterative UX and Ben will share how this looks in practice with the city of Cambridge. You will get a holistic, honest look at both the highlights and challenges of this type of relationship to help you apply Iterative UX in your projects. Read the full description. Scaling Community Decision-making 3:45-4:55pm
Hussian Room 125 Any libre software, volunteer, or even startup project will have elements of do-ocracy (rule of those who do the work) but not all decisions should devolve to implementors. Rather, a basic principle is that decisions should be made by the people...

Twitter Followers
Tweets Impressions Monthly
Facebook Followers
Pinterest Followers

35,3K
61,4K
1,710
4,202

Alexa Global Rank
Alexa Rank in US
Keywords Tracked
Updated

502,8K
912,8K
2,288
Sep 17 2019