Drupal Planet

Subscribe to canal de noticias Drupal Planet
Drupal.org - aggregated feeds in category Planet Drupal
Actualizado: hace 33 mins 42 segs

Agiledrop.com Blog: Best Drupal 8 Security Modules

Jue, 01/17/2019 - 09:13

In this post, I take a look at some of the best Drupal 8 security modules that help enhance the security of any Drupal site.

READ MORE

Drudesk: Awesome examples of beauty product websites built with Drupal

Jue, 01/17/2019 - 06:27

Beauty saves the world, and Drupal helps it in this mission. There are awesome beauty product websites built with Drupal, which are not only beautiful but feature-rich and powerful. This is another proof of Drupal’s versatility for websites in any sphere — e-commerce, real estate, law firm, or any other.

Drupal blog: Happy eighteenth birthday, Drupal

Mié, 01/16/2019 - 17:52

This blog has been re-posted and edited with permission from Dries Buytaert's blog.

Eighteen years ago today, I released Drupal 1.0.0. What started from humble beginnings has grown into one of the largest Open Source communities in the world. Today, Drupal exists because of its people and the collective effort of thousands of community members. Thank you to everyone who has been and continues to contribute to Drupal.

Eighteen years is also the voting age in the US, and the legal drinking age in Europe. I'm not sure which one is better. :) Joking aside, welcome to adulthood, Drupal. May your day be bug free and filled with fresh patches!

Security advisories: Drupal core - Critical - Third Party Libraries - SA-CORE-2019-001

Mié, 01/16/2019 - 15:17
Project: Drupal coreDate: 2019-January-16Security risk: Critical 16∕25 AC:Complex/A:User/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Third Party Libraries Description: 

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.

Solution: 
  • If you are using Drupal 8.6.x, upgrade to Drupal 8.6.6.
  • If you are using Drupal 8.5.x or earlier, upgrade to Drupal 8.5.9.
  • If you are using Drupal 7.x, upgrade to Drupal 7.62.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Reported By: Fixed By:  Additional information

Note: Going forward, Drupal core will issue individual security advisories for separate vulnerabilities included in the release, rather than lumping "multiple vulnerabilities" into a single advisory. All advisories released today:

Updating to the latest Drupal core release will apply the fixes for all the above advisories.

Security advisories: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2019-002

Mié, 01/16/2019 - 15:13
Project: Drupal coreDate: 2019-January-16Security risk: Critical 16∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Arbitrary PHP code executionDescription: 

A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI.

Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability.

This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Solution: 
  • If you are using Drupal 8.6.x, upgrade to Drupal 8.6.6.
  • If you are using Drupal 8.5.x or earlier, upgrade to Drupal 8.5.9.
  • If you are using Drupal 7.x, upgrade to Drupal 7.62.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

.phar added to dangerous extensions list

The .phar file extension has been added to Drupal's dangerous extensions list, which means that any such file uploaded to a Drupal file field will automatically be converted to a text file (with the .txt extension) to prevent it from being executed. This is similar to how Drupal handles file uploads with a .php extension.

phar:// stream wrapper disabled by default for Drupal 7 sites on PHP 5.3.2 and earlier

The replacement stream wrapper is not compatible with PHP versions lower than 5.3.3. Drupal 8 requires a higher PHP version than that, but for Drupal 7 sites using lower PHP versions, the built-in phar stream wrapper has been disabled rather than replaced. Drupal 7 sites using PHP 5.2 (or PHP 5.3.0-5.3.2) that require phar support will need to re-enable the stream wrapper for it; however, note that re-enabling the stream wrapper will re-enable the insecure PHP behavior on those PHP versions.

It is very uncommon to both be running a PHP version lower than 5.3.3 and to need phar support. If you're in that situation, consider upgrading your PHP version instead of restoring insecure phar support.

Reported By: Fixed By:  Additional information

Note: Going forward, Drupal core will issue individual security advisories for separate vulnerabilities included in the release, rather than lumping "multiple vulnerabilities" into a single advisory. All advisories released today:

Updating to the latest Drupal core release will apply the fixes for all the above advisories.

OPTASY: How Do You Deal with Duplicate Content in Drupal? 4 Modules to Get this Issue Fixed

Mié, 01/16/2019 - 15:08
How Do You Deal with Duplicate Content in Drupal? 4 Modules to Get this Issue Fixed adriana.cacoveanu Wed, 01/16/2019 - 17:08

Accidentally creating duplicate content in Drupal is like... catching a cold: 

It's as easy as falling off a log.

All it takes is to:
 

  • further submit your valuable content on other websites, as well, and thus challenging Google with 2 or more identical pieces of content
  • move your website from HTTP to HTTPs, but skip some key steps in the process, so that the HTTP version of your Drupal is still there, “lurking in the dark”
  • have printer-friendly versions of your Drupal site and thus dare Google to face another duplicate content “dilemma”
     

So, what are the “lifebelts” or prevention tools that Drupal “arms” you with for handling this thorny issue?

Here are the 4 modules to use for boosting your site's immunity system against duplicate content.

AddWeb Solution: Our dearest, Drupal, turns 18!

Mié, 01/16/2019 - 11:53

We’re all engrossed in the mode of celebration and the festive fly game was on point. In fact, everyone else was too painted in that mood, cheering and celebrating the spirit of flying. But our zest for celebration was a notch hire, for our reason for celebration was doubled. 15th January is not merely a date when the kite-flying festival falls but that’s the very day when our dearest of all - Drupal came into existence!

 

Eighteen years before this very day, the very first version of Drupal - 1.0.0 was released by its founder - Dries Buytaert. And just as it happens with all other path-breaking changes world, this one too came with a lot of faith but a humble approach towards its future. And look, how proficiently has it grown in all these years. Today, it’s one of the largest and most-trusted open-source community and the future looks even brighter.  

 

In the age of data-threats, Drupal is trusted for its security, worldwide. Constantly moving towards strengthening the open-source community, Drupal has never compromised on the security, content, and scope. Drupal is also known for its power of personalisation and flexibility. Drupal Commerce is also the preferred one when it comes to building an easy-looking e-commerce platform with complex functionalities. And if that was not enough, the launch of Decoupled Drupal has blown the tech world like a boss!

 

We might sound a little biased here, but we’re speaking nothing but the truth. Everyone from ‘The Beatles’ to ‘Estee Lauder’, ‘Columbia University’, ‘NBC Universal’, ‘NBA’, ‘Paramount’ and many more have trusted and adapted Drupal for years now. Dries has rightly quoted about it in his birthday note for Drupal and let us also conclude, our birthday note for Drupal, on the very same note -

,

         “What do the biggest brands in the world have in common?” - ‘Powered by Drupal!’

 

          Happy 18th birthday to Drupal!

Flocon de toile | Freelance Drupal: Accelerate the site building of a Drupal 8 project

Mar, 01/15/2019 - 19:54
It is not uncommon for a Drupal 8 project, because it has structured content, to develop many content types, each with many fields, which are themselves rendered in a different way through no less than many display modes. One of the consequences is that the design phase known as site building can then become extremely time-consuming. Fortunately, with Drupal 8 we have two modules that allow us to significantly simplify and accelerate this phase.

Dries Buytaert: Happy eighteenth birthday, Drupal

Mar, 01/15/2019 - 18:45

Eighteen years ago today, I released Drupal 1.0.0. What started from humble beginnings has grown into one of the largest Open Source communities in the world. Today, Drupal exists because of its people and the collective effort of thousands of community members. Thank you to everyone who has been and continues to contribute to Drupal.

Eighteen years is also the voting age in the US, and the legal drinking age in Europe. I'm not sure which one is better. :) Joking aside, welcome to adulthood, Drupal. May your day be bug free and filled with fresh patches!

Jacob Rockowitz: The Webform module for Drupal joins Open Collective

Mar, 01/15/2019 - 14:20

Open Source

Open source and me

For the past two years, I have been blogging about my experience building and maintaining the Webform module for Drupal 8 and have had some lively discussions about them all. As the Webform module moved from beta or release candidates, I shared my experience in two posts titled Webform 8.x-5.x: Where Do We Come From? What Are We? Where Are We Going? and Webform, Drupal, and Open Source...Where are we going?. Throughout my blog posts, the question persists…

Open source and organizations

In 2018, open source has become a success story, particularly for large organizations. As someone who has been building websites since Microsoft Internet Explorer 4.0 (1997), I see the fact that Microsoft is going to use the open source Chromium rendering engine as an amazing achievement for open source and even Microsoft. Microsoft has transformed from calling Linux a cancer to fully embracing open source collaboration.

Organizations sponsor open source, however, the work is done by individual developers who may work for an organization or independently within the open source community.

Open source and individuals

I recently wrote about Why I am one of the top contributors to...Read More

wishdesk.com: Drupal City map created with Drupal module names

Mar, 01/15/2019 - 13:45
To honor the 18th birthday of our fabulous Drupal, we invite you all to visit the special Drupal City map made of Drupal module, theme, and distribution names.

DrupalCon News: Community Connection - Katrin Valdre

Lun, 01/14/2019 - 16:50

We’re featuring some of the people in the Drupalverse! This Q&A series highlights individuals you could meet at DrupalCon.

Every year, DrupalCon is the largest gathering of people who belong to this community. To celebrate and take note of what DrupalCon means to them, we’re featuring an array of perspectives and fun facts to help you get to know your community.
 

Matt Glaman: Come to MidCamp and kick off contribution sprints for DrupalCon Seattle

Lun, 01/14/2019 - 14:10
Come to MidCamp and kick off contribution sprints for DrupalCon Seattle Monday 14, January 2019 mglaman MidCamp, the Midwest Drupal Camp, is coming around the corner! March 20th through the 23rd, hundreds of Drupalistas will converge in Chicago for training workshops, contribution sprints, and sessions! This is one of my favorite conferences. The organizers put together so much thought and effort into each detail.

Agiledrop.com Blog: Our blog posts from December 2018

Lun, 01/14/2019 - 10:21

Here's a quick recap of our blog posts from December 2018.

READ MORE

The Accidental Coder: 8: Compound (bundled) fields - your new best friend - Part 5

Dom, 01/13/2019 - 01:38
8: Compound (bundled) fields - your new best friend - Part 5 j ayen green Sat, 01/12/2019 - 22:38

Jeff Geerling's Blog: Cleaning up after adding files in Drupal Behat tests

Vie, 01/11/2019 - 17:51

I've been going kind of crazy covering a particular Drupal site I'm building in Behat tests—testing every bit of core functionality on the site. In this particular case, a feature I'm testing allows users to upload arbitrary files to an SFTP server, then Drupal shows those filenames in a streamlined UI.

I needed to be able to test the user action of "I'm a user, I upload a file to this directory, then I see the file listed in a certain place on the site."

These files are not managed by Drupal (e.g. they're not file field uploads), but if they were, I'd invest some time in resolving this issue in the drupalextension project: "When I attach the file" and Drupal temporary files.

Since they are just random files dropped on the filesystem, I needed to:

The Accidental Coder: The Flip Side of Community and Open Source

Vie, 01/11/2019 - 13:12
The Flip Side of Community and Open Source j ayen green Fri, 01/11/2019 - 10:12

Agiledrop.com Blog: Top Drupal blog posts from December 2018

Vie, 01/11/2019 - 08:54

Despite the hectic holiday season, we never stop researching and digging up interesting Drupal content. Our team has once again scoured all the feeds, read countless Drupal articles and made the selection of the most engaging bits of content from last month. So, without further ado, here are what we found to be the top Drupal blog posts from December 2018.

READ MORE

Droptica: Rules module – automatic conditionally executed actions in Drupal 8

Vie, 01/11/2019 - 07:23
Automate actions on your Drupal-based website. This will enable it to run even more independently from your input. Automated mailing, publishing new content at a specified time and redirects after meeting certain conditions are only some of the functionalities featured in the Rules module. Rules is a tool that enables you to define automatic, conditionally executed actions, triggered by various types of events. What are some examples of such automated actions? For example: redirecting the user after logging in; sending an e-mail after adding content; publishing content at a specific time. At the foundation of the module lies the Event – Condition – Action rule, with one caveat – the CONDITION does not have to be a part of this scheme. An example scheme could be as follows:

Vardot: 3 Reasons Why Drupal Distributions Are Essential

Jue, 01/10/2019 - 12:13
Firas Ghunaim January 10, 2019

Amongst ambitious brands and serious digital operators; Drupal adoption rate on the rise.

Governments and major brands across the globe are already testifying to the positive impact that Drupal has made on their digital business.

As a developer, you might be approached by a client that insists on developing their digital platform and/or experience using Drupal.

Here are 3 key reasons why Drupal distributions will make your life much easier:

 

1. Time

“How long do you need to complete the project? That long?!?”

Dealing with continuous amendments and changes to the project requirements is the bane of all developers.

Distributions feature tons of tried and tested best-in-class features, modules and components that are already integrated and tested together. This allows developers to successfully complete project tasks that normally consume a scary amount of time to build.

For example; should you be required to build a Media Entity Browser for a certain project may consume up to 6 to 8 hours from your time.

 

Source: Varbase

Imagine it took you that long for project A... now you have to repeat the same process for project B.

However; with Drupal distributions such as Varbase, the Media Entity Browser is already built-in, optimized and integrated with other modules you might require.

Total time consumed on Media Entity Browser development: Zero.

Thanks to DRY (Don’t-Repeat-Yourself); Drupal distributions will shorten the project development time by hundreds of hours. You won’t ever have to repeat the same development process for any other project.

 

LEARN MORE ABOUT VARBASE

 

2. Efficiency

Not all programmers and web developers are equal in skill and expertise. But, we all face challenges and issues that might arise during the project development process.

Drupal distributions offer a wealth of solutions that fix issues you might not even realize you had. Why? Open-source.

For example; you are currently developing an e-commerce platform for a client and face an issue with a particular component.

The fact is that you weren’t the first developer to encounter this issue.

When using Drupal distributions, you will find almost all challenges and issues related to components or modules you may need have been solved and addressed by someone before you.

Working on almost ready-built websites not only saves time but also affords you the opportunity to personalize any ready-made component or feature based on your project requirements.

Take the aforementioned example; you already have a Media Entity Browser ready, but you wish to match it to your clients’ requirements. In no time at all, you can build upon the ready-made feature via customization or integration. Simples.

 

3. Standards

At Vardot, we refer to “websites” as digital experiences. The difference between them?

Standards.

Drupal has built a name for itself due to the focus on building the best user-friendly digital experiences possible and the fact that Drupal is open-source has enabled its evolution based on actual feedback from various practical perspectives.

Your ability to develop a website (e.g.) the best online equestrian market; depends entirely on the standards you apply throughout the development process.

For example; Varbase is an ideal distribution to develop platforms that rely on rich multi-media content such as Al Jazeera and Georgetown University. On the other hand, Drupal distributions such as Commerce Kickstart feature every possible component needed by a developer to build an e-commerce digital experience.

Case Study: Georgetown University - Qatar

Of course, when we speak of standards; we are not referring solely to quality standards. You will be able to develop the best possible digital experience for any industry using Drupal distributions whilst maintaining all W3C standards and accessibility standards.

 

Bonus: Drupal Distributions Maintenance

Drupal distributions are rich in features that are all integrated with each other.

You will never have to scour for individual updates for each module you need. All you’ll ever possibly need is to update the distribution itself.

Since all modules and features are integrated. All would be updated and tested together.

If you are considering starting a Drupal project or to build a Drupal-based digital experience, let us know. We'd love to help.  Contact Us.

Páginas