Web

Subscribe to Web feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 11 hours 28 min ago

Appnovation Technologies: Simple Website Approach Using a Headless CMS: Part 1

Wed, 02/06/2019 - 3:00am
Simple Website Approach Using a Headless CMS: Part 1 I strongly believe that the path for innovation requires a mix of experimentation, sweat, and failure. Without experimenting with new solutions, new technologies, new tools, we are limiting our ability to improve, arresting our potential to be better, to be faster, and sadly ensuring that we stay rooted in systems, processes and...
Categories: Web

erdfisch: Drupalcon mentored core sprint - part 2 - your experience as a sprinter

Sat, 05/12/2018 - 5:00am
Drupalcon mentored core sprint - part 2 - your experience as a sprinter 12.05.2018 Michael Lenahan Body:  Drupalcon mentored core sprint - part 2 - your experience as a sprinter

Hello! You've arrived at part 2 of a series of 3 blog posts about the Mentored Core Sprint, which traditionally takes place every Friday at Drupalcon.

If you haven't already, please go back and read part 1.

You may think sprinting is not for you ...

So, you may be the kind of person who usually stays away from the Sprint Room at Drupal events. We understand. You would like to find something to work on, but when you step in the room, you get the feeling you're interrupting something really important that you don't understand.

It's okay. We've all been there.

That's why the Drupal Community invented the Mentored Core Sprint. If you stay for this sprint day, you will be among friends. You can ask any question you like. The venue is packed with people who want to make it a useful experience for you.

Come as you are

All you need in order to take part in the first-time mentored sprint are two things:

  • Your self, a human who is interested in Drupal
  • Your laptop

To get productive, your laptop needs a local installation of Drupal. Don't have one yet? Well, it's your lucky day because you can your Windows or Mac laptop set up at the first-time setup workshop!

Need a local Drupal installation? Come to the first-time setup workshop

After about half an hour, your laptop is now ready, and you can go to the sprint room to work on Drupal Core issues ...

You do not need to be a coder ...

You do not need to be a coder to work on Drupal Core. Let's say, you're a project manager. You have skills in clarifying issues, deciding what needs to be done next, managing developers, and herding cats. You're great at taking large problems and breaking them down into smaller problems that designers or developers can solve. This is what you do all day when you're at work.

Well, that's also what happens here at the Major Issue Triage table!

But - you could just as easily join any other table, because your skills will be needed there, as well!

Never Drupal alone

At this sprint, no-one works on their own. You work collaboratively in a small group (maybe 3-4 people). So, if you don't have coding or design skills, you will have someone alongside you who does, just like at work.

Collaborating together, you will learn how the Drupal issue queue works. You will, most likely, not fix any large issues during the sprint.

Learn the process of contributing

Instead, you will learn the process of contributing to Drupal. You will learn how to use the issue queue so you can stay in touch with the friends you made today, so that you fix the issue over the coming weeks after Drupalcon.

It's never too late

Even if you've been in the Drupal community for over a decade, just come along. Jump in. You'll enjoy it.

A very welcoming place to start contributing is to work on Drupal documentation. This is how I made my first contribution, at Drupalcon London in 2011. In Vienna, this table was mentored by Amber Matz from Drupalize.Me.

This is one of the most experienced mentors, Valery Lourie (valthebald). We'll meet him again in part 3, when we come to the Drupalcon Vienna live commit.

Here's Dries. He comes along and walks around, no one takes any notice because they are too engaged and too busy. And so he gets to talk to people without being interrupted.

This is what Drupal is about. It's not about the code. It's about the people.

Next time. Just come. As a sprinter or a mentor. EVERYONE is welcome, we mean that.

This is a three-part blog post series:
Part one is here
You've just finished reading part two
Part three is coming soon

Credit to Amazee Labs and Roy Segall for use of photos from the Drupalcon Vienna flickr stream, made available under the CC BY-NC-SA 2.0 licence.

Schlagworte/Tags:  planet drupal-planet drupalcon mentoring code sprint Ihr Name Kommentar/Comment Kommentar hinzufügen/Add comment Leave this field blank
Categories: Web

Sooper Drupal Themes: Out Now: Glazed Builder & Glazed Theme For Drupal 8! Check Out Our Revolutionary New Page Building Experience For Drupal

12 hours 54 min ago

We Just Released Our Themes And Visual Pager Builder For Drupal 8, An Update We've Been Working On For A Year!

Introduction Video Of Glazed Builder For Drupal 8

view on sooperthemes.com if you can't see the video

When I started building Glazed Theme 3 years ago most Drupal Theme shops had gone out of business. It's not just that Drupal was in a weird place, with Drupal 8 unfinished and Drupal 7's future uncertain.. The market for Drupal Themes had never lived up to the expectations of the Drupal community like WordPress themes did in the their community.

Despite this adversity I decided to restart SooperThemes and invest all my time, energy, and money in Drupal themes once more.

Our new value proposition is no longer just themes. We developed a full Drupal stack including a flexible framework theme, a drag and drop builder, and a complete selection of turn-key demo websites that are based around our open source Glazed CMS Drupal distribution. For small Drupal projects we provide value by providing a complete Drupal website that looks great and is easy to customize. For Fortune 500 companies and some of the largest NGO's and government institutions in the world we now provide tremendous value with our Drupal page builder Glazed Builder.

The Idea That Will Revolutionize Your Drupal 8 & 7 Experience Today I'm proud to announce the release of all our products on Drupal 8! We reinvented the Drupal authoring and site building experience again for Drupal 8 with a Glazed Builder module that was built from the ground up to fit Drupal 8's archictecture and design principles. It has taken us a full year to upgrade all our products, including our page builder, Glazed framework theme, portfolio module, GridStack module, 15 demo themes and 15 installation profiles, and our Glazed Drupal distribution which will soon also have a D8 release on drupal.org. Built From The Ground Up For Drupal 8

Glazed Builder is different from Wix, Squarespace, or any other drag and drop builder: it's made for Drupal and deeply integrated with Drupal APIs. Glazed Builder acts as a Drupal field formatter and you can have multiple instances per page, for your footer, main content, and blocks. It automatically understands Drupal's revisioning system, language systems, and permissions. This makes it the most advanced visual page builder in the world from a website architecture perspective.

Our framework theme Glazed was also rebuilt using twig templates and the new Drupal 8 theme system.

Build, Write, And Edit Visually 

The experience of writing in Glazed Builder is easy like nothing else. You just click anywhere in a piece of content and start typing. Without any menus or network latency, our frontend application is the fast and distraction-free solution that Drupal content editors and marketers deserve! And thanks to the tight integration with Drupal's media systems you can upload and re-use media in Glazed Builder. It even provides easy settings to resize your images and add SEO fields like alt text and title text.

SooperThemes Is Super Fast! Need to edit an article or update the social links in your website's footer? Whatever the task it's just a single click away when using Glazed Builder. Because our page builder is a headless frontend application for Drupal it doesn't need to call the server for most tasks. Adding text, or marketing elements can happen instantly because there is no network delay. Even tasks that rely on Drupal like saving the page or loading a view happens very fast thanks to the expert programming by Drupal developers with at least 8 years of experience. Drag, Drop, Clone, Style

Our software is easy and intuitive to use because we designed it based on established best practices in user experience design. We stand on the shoulders of decades of research in computer interaction design and translated core concepts like dragging, typing, cloning, to a tool that seamlessly integrates with your Drupal website. Since we released the first beta version of Glazed Builder 3 years ago we made hundreds of improvements and have gone through many design changes based on feedback from our customers.

Save Time With Templates We have also made incredible progress in developing template features to improve workflow and productivity. You can save any element or collection of elements in the builder as a user template and it will instantly be accessible in every Glazed Builder instance on your website. We also creating page templates that you can use as a starting point on empty pages. Access A Complete Selection Of Marketing Tools For marketing staff Glazed Builder means liberation! No more need to hustle developers to code a landing page. Our builder provides anything from responsive layouts to countdown timers, sliders, and thousands of icons including the brand new Font Awesome 5 Pro set. Instead of posting a screenshot of marketing content here, I invite you to browse around sooperthemes.com and take a look at our product pages. Each page is built with Glazed Builder, even the blog post you're reading right now is build with Glazed Builder. We believe in eating our own dog food and as you might have guessed sooperthemes.com is themed with Glazed Theme as well. Enough about us.. Get 20% Off For A Limited Time Only

We've never in 3 years discounted our products this much because we believe in the value that we provide. However, because this release calls for celebration we offer 20% discount to new clients!

Remember that today is a great day to join because we won't wait long to disable this discount code after our Drupal 8 product launch!

You can use the discount by entering coupon code LAUNCH18 during checkout

Buy & Download Now

Try before you buy for free on trysooperthemes.com

Categories: Web

OpenConcept: Owning a .ee - why I Chose to Start a European Company

13 hours 2 min ago

I have to say that historically, I haven't had a good reason to think much about Estonia. It's just the first of the Baltic countries that we covered in history class in high-school. It wasn't until the FWD50 conference in Ottawa where this really shifted.

Siim Sikkut spoke about Estonia building up a digital government from the ground up. The contemporary Estonian government started only 1992, shortly after the WWW started. There were some bold leaders who decided to start not with what other countries had done, but to start digital. He mentioned e-Residency & the ease of starting a new business and I was intrigued.

I already own a digital business, so didn't sign up right away. I think that proximity generally is a bigger factor for our clients than nationality. I am still not sure what the financial opportunities of owning a European company are.

Reading about Estonia's X-Road, I got a sense of how citizens trust government. It is inspiring to see how much access Estonian citizens have to see and manage their own data. It is also amazing to see that Estonian citizens have the right to see who is looking at their file (in real time). It was interesting to see a small country experiment with creating "government as a platform".

I'm one of the co-founders of Civic Tech Ottawa. As an open source advocate, I have been watching the movement of both the open data and open government. Estonia's example kept coming up in discussions of countries that are doing it right. As far as principles for digital government, I was very impressed with the D5 Charter. The Digital 5 (D5) was Estonia, Israel, New Zealand, South Korea & the United Kingdom.

It was shortly after Canada joined (with Uruguay) signed the Charter it became the Digital 7 (D7). This made it real for Canada. Scott Brison put his political weight into shaping a Digital Government of Canada. Learning more about the Estonian system became much more important.

So I signed up to become an e-Resident, got my ID card at the Embassy and logged in to explore what I could of the X-Road. There's not much you can do as an e-Resident, so I decided I needed to also spin up an Estonian company. It wasn't quite as simple as I had been lead to believe. In part this was because I needed to secure a physical Estonian address.

Exploring their system I learned a bit about how the Estonian eID securely connects people to organizations. I needed to use the same card and process to login to several government sites. I also used it to verify that I am an Estonian e-Resident when registering OpenConcept.ee.

I could see first hand how the Estonian model leveraged open source and open standards. As a long time Drupal user I was very happy to see how much this open source CMS is being used in Estonia. Most government departments are using a common base. This allows them to have a consistent look/feel.

It also allows them to invest in common infrastructure to innovate on. With Drupal, they can leverage the community for security, accessibility & multi-lingual delivery. This allows real innovation, focusing on building a consistent secure eID infrastructure.

By focusing on the principles of the D5 Charter I do see a lot of opportunities. The individual technologies will change over time, but the foundation is open source and open standards. If sharing and learning remain key, then governments may one day be real contributors to the open web.

Topic: 
Categories: Web

Matt Glaman: Enabling RESTful web service interfaces in Drupal 8

17 hours 59 min ago
Enabling RESTful web service interfaces in Drupal 8 Drupal 8 ships with the RESTful Web Services module which allows you to expose various API endpoints for interacting with your Drupal site. While the community is making a push for the JSON API module, I have found the core' RESTful module to be pretty useful when I have custom endpoints or need to implement Remote Procedure Calls (RPC) endpoints. However, using the module and enabling endpoints is a bit rough. So, let's cover that! Also note, this blog covers the content from the introduction of the Web Services chapter from the Drupal 8 Development Cookbook.
Categories: Web

Drupal Association blog: Promote Drupal - Starting with Drupal.org Redesign

Wed, 04/25/2018 - 8:48pm

You may have noticed that the Drupal.org front page has a new look. It’s just the start of our Promote Drupal Initiative that focuses on getting new decision makers to fall in love with Drupal. We started this work with the front page redesign, which is detailed below. 

We will accelerate this initiative and do so much more once we reach the $100,000 goal of the Promote Drupal Fund. This allows us to put the staff and resources in place to coordinate a multi-prong Drupal promotion with community members. 

Good news! We are more than halfway to our $100,000 goal. Thank you early supporters for investing in this fund. 

Together, let's show the world just how amazing Drupal is for organizations.  

Invest in the Promote Drupal Fund today! About the New Drupal.org Front Page

Come for the software; stay for the community is Drupal community’s long time tagline and remains at the heart of the project. It resonates because so many of us chose Drupal as our CMS and then we fell in love with the community. We want more people to take this journey and it starts with getting more people to adopt Drupal. 

That is why the Drupal Association updated the Drupal.org front page. Today, it is oriented to serve the various types of decision makers and influencers who are considering Drupal for their organization – and who will hopefully be our new community members. You may have heard about this project in our public board updates, Supporting Partner updates, or other channels. If not,  this post should provide ample insight. 

The research

Over the last two years, the Drupal Association iterated to improve the front page to better communicate with the audience who comes to the front page – evaluators. We could tell they were evaluators because they click on the content that someone needs to evaluate Drupal: Case studies, Try Drupal, etc. While there are roughly 2 million unique visitors to Drupal.org each month, about 350,000 of those uniques are visiting the front page. 

With 93% of Drupal.org traffic being anonymous, what we didn’t know was “who were these evaluators and what did they need to fall in love with Drupal faster?”

Over the last six months we set out to answer those questions in order to inform a front page redesign. Research included:

  • Cross reference traffic with audience insight tools to know who is coming to the site (using our own implementation of Do-Not-Track to ensure user privacy is respected)
  • Industry research to understand who the CMS buyers and influencers are now
  • Interviews with agency owners to understand who they sell to (job function)
  • Persona research, especially front page user research about the key personas coming to evaluate Drupal
Identifying  our evaluators

What we found was that the majority of Drupal.org front page visitors have technical positions (developer to C-level) and they work for end users (like corporations, governments, universities, etc.) or agencies.  These were not surprising findings. 

What was notable was that a significant amount of visitors worked in marketing and communications. This persona is the marketer and they are the people who use a CMS to generate leads for their business, gain engagement around their company’s brand and content, and drive online sales conversions. 

The lead marketer is the Chief Marketing Officer and they are a new business decision maker for CMS. Many agencies are now selling to the CMO in addition to the CIO. When looking at industry reports, this isn’t surprising. Gartner and other industry reports show that the CMO spends nearly the same amount on technology as the CIO. It’s more and more the CMO or marketing technologist who determines what MarTech tools their team uses to drive their business. This includes their CMS, personalization, analytics, social, and more. 

Based on this initial research, we knew the Drupal.org front page had to serve three evaluator personas: developer, agency, and marketer.  The next question to answer was: “How do we design the evaluator experiences for these different audiences”?  This started our persona and user research. 

Understanding our evaluators

We used the research listed above to understand what these evaluators think, feel, and need when choosing Drupal. Below is a summary of our findings and how they informed the evaluator experience we created for the three personas. Note, there are many evaluation paths. Below provides a simple and consolidated view. 

End user technical decision maker and influencers

The technical decision maker is the CIO or Director of Engineering for an end user organization (e.g. corporation, government, university, etc.). They ultimately decide if the organization is going to standardize on a platform. Our interviews showed that they care about performance, security, maintenance, etc. A common theme showed they have a criteria scorecard. With or without a committee they shortlist CMSes. Then, they send their developers to get information and bring it back. These developers are influencers – very important people for us to cater to. 

If open source was one of the CMS criteria, then Drupal is often short listed. The developer goes to the Drupal.org front page to get information that the CIO requested such as case studies (to find out if their peers or companies of similar size use Drupal), analyst reports, and comparison sheets (e.g. Drupal vs Sitecore). Plus, this developer wants to Try Drupal so they can see how it works and decide if it is  a tool they want to work with.  From this point, there are many other steps like finding an agency in the Drupal.org marketplace to work with. 

The user research showed that the front page needs to amplify more recognizable brand name case studies and give more detail about the power of Drupal by industry. The research as well as Matthew Grasmick’s blog shows that we need a better Try Drupal experience. Plus, we need to provide a comparison sheet that that speaks to a technical person. 

While there was a need for Drupal to show up in analyst reports, there is also the understanding that Gartner and Forrester will only include software that generates income (via proprietary software license fee). Drupal being open source is not considered by these analysts (yet). So – no analyst report for now.  

Marketing decision maker and influencer

To understand this persona, we talked to CMOs and marketing technologists – the marketing people who select and maintain their marketing tools. What we found is that they want to hear how a CMS can help them achieve their business goals around lead generation, brand proliferation, customer engagement, and sales conversions. They want their team to have tools that are easy to use so they can make a fast impact doing things like pushing out press releases or new marketing campaigns. Plus, they want their teams to have autonomy so they can make the changes they need all on their own and without IT. The marketing decision makers’ needs are very different from the technical decision maker. 

The CMO or marketing technologist’s decision making process starts with the need to drive business and have the right tools to do this. Often they bring in a marketing consultant to provide a brand or business strategy. As part of the strategy implementation recommendation, the consultant may recommend a new CMS or other MarTech tool

In the absence of bringing in a business consultant, the CMO / marketing technologist will do their own research, coming up with a scorecard focused on the marketing team’s needs (content authoring experience, ease of use, impact, business ROI). They will read technologist blogs that provide product comparisons. Then, they go to the product websites to get product comparison sheets that have a marketing/business focus, watch videos known as sizzle reels and they watch videos that show what it is like to use the tool from the marketing team’s perspective. They also want to see case studies, but they want to read about the product’s business impact. They do not want to read about which modules were used. Plus, they want to learn about how a product is used in their industry. After their interest is peaked, they want to talk to someone who can answer their questions and give them a demo. 

The CMO or marketing technologist also gets recommendations from their influencers; individuals on the marketing team. They ask if anyone used the tool and if they liked using it and want to use it again. These individuals on the marketing team have a lot of power in deciding if a tool is selected or if a tool remains in their department. If they can’t use the tool well to make the business impact they must make, then they will replace that product. 

As you can see, these two decision makers within an end user organization have different evaluation paths and are choosing software based on different criteria. This means we need to offer them unique paths with different value propositions and resources that resonate with each one. 

Agency evaluator

We love when an agency choses Drupal. They provide an adoption multiplier by getting more clients to use Drupal. Plus, they are the ones who decide to have a contribution culture and encourage their staff to contribute back. 

It is often the organization’s tech lead who decides which CMS to use for their clients. That title can range from the CEO to the solution architect. This persona has similar evaluator needs as the technical end user. What is different is that they also keep in mind what their clients are asking for in terms of technology choices and functionality. 

General Drupal.org user research

Whichever persona we interviewed, there were some common themes that came up. They are:

  • There are way too many calls to action. “I don’t know what you want me to do first.”
  • The page is trying to serve too many types of people. “It’s not clear what is the page’s goal.”
  • The language on the page makes me feel like this site is not for me
  • When I click on things I don’t get what I expect to get
  • The main navigation is confusing
  • The page feels very 1990s and needs to be modernized and have a personality (not corporate, please)
Turning feedback into a redesign

After all that research and feedback, it was clear that the time was now for redesigning the Drupal.org front page. 

With all this research, we decided to

  • Modernize the look and feel, which was done by the amazing sixeleven who donated their services.
  • Streamline the front page to reduce the calls to action
  • Add evaluation paths for developers, marketers, and agencies that take them to landing pages that are tailored for their evaluation needs.
  • Highlight more big name case studies
  • Expand the industries pages
  • Use community marketing assets like the Acquia video to provide a better evaluation experience for marketing personas.
  • Update the main navigation so it is user-centric for those evaluating Drupal, Building with Drupal, and participating in the community.
What this redesign doesn’t do

We knew that we alone could not create all of the resources that are needed to effectively support each evaluation path. While we did use resources from the business community, there are many gaps such as videos that show the content authoring experience. 

Promote Drupal Fund

We will complete this work via the Promote Drupal Initiative. We can begin once we reach our $100,000 goal for the Promote Drupal Fund. Funding will allow us to put the staff and resources in place to coordinate a multi-prong Drupal promotion. Contribute today!

What About The Sponsored Content

Yes, Drupal.org is funded by placing relevant and contextual content in the evaluation path. Try Drupal is a great example. We also highlight great case studies from our Premium and Signature Supporting Partners.  Evaluators can still find our community case studies and we will amplify strong ones on the front page, too.  We started this approach in 2014 and will continue to find ways to highlight the power of the community’s work while also finding ways to generate income through sponsored content so we can grow our Promote Drupal investments.

What about the Community Resources?

Come for the software; Stay for the community – as we improve the evaluation path, we need to make it easy for these new users to find their way to the community – to understand the power and passion of our community as well as join us in our efforts. Our Community Liaison, Rachel Lawson, will begin to work with a community group this year to improve drupal.org/community<https://www.drupal.org/community>. Much of the improvements will be guided by the feedback from the community governance group and their very useful discussions and insightful recommendations.

File attachments:  persona final.png front page screenshot.jpg
Categories: Web

Lullabot: The Blue Drop and the Red Pill

Wed, 04/25/2018 - 4:20pm
In this episode, Matthew Tift discusses DrupalCon Nashville, the movie *The Matrix*, and various ways to understand the Drupal community. He plays clips from the Driesnote and Steve Francia's keynote, describes some of his experiences at DrupalCon, and offers ideas for what it might mean to understand "the real" Drupal.
Categories: Web

roomify.us: Tutorial: using BEE for Tours, Classes and Appointments

Wed, 04/25/2018 - 2:33pm
BEE makes it easy to quickly implement all kinds of booking & reservation use cases. We've created a new video that walks you through setting up reservations for classes using BEE and Drupal 8.
Categories: Web

Valuebound: Visualising Drupal Security Advisory Data

Wed, 04/25/2018 - 2:30pm
Drupalgeddon 2.0 brought a lot of focus on the Drupal security initiative and its practices. The way the security team was proactive with respect to disclosure,  the way it was communicated to the developers, community and press was commendable. In addition to all these the communication was continuous.

The vulnerability which started off with a risk score of 21/25 on March 28th was upgraded to 22/25 on April 13th and was finally marked as 24/25 on April 14th. If you are interested in what changed across these days for the score to vary you can checkout the revisions and…

Categories: Web

Platform.sh: Another Drupal security update: We've still got you covered

Wed, 04/25/2018 - 1:54pm
Another Drupal security update: We've still got you covered Crell Wed, 04/25/2018 - 17:54 Blog

The Drupal project today released another security update to Drupal 7 and 8 core, SA-CORE-20108-004. It is largely a refinement of the previous fix released for SA-CORE-2018-002 a few weeks ago, which introduced a Drupal-specific firewall to filter incoming requests. The new patch tightens the firewall further, preventing newly-discovered ways of getting around the filters, as well as correcting some deeper issues in Drupal itself.

We previously added the same logic to our own network-wide WAF to address SA-CORE-2018-002. With the latest release we've updated out WAF rules to match Drupal's updates, and the new code is rolling out to all projects and regions as we speak.

The upshot?

  1. You really need to update Drupal to 7.59 or 8.5.3 as soon as possible. We believe that some of the attack vectors fixed in the latest patch cannot be blocked by a WAF. See our earlier post for quick and easy instructions to update your Drupal 7 or 8 sites on Platform.sh in just a few minutes.

  2. Still, most of the attack vectors fixed in the latest release are covered by the WAF. That should help keep your site safe from most attacks until you can update. But please, update early and often.

Stay safe out there on the Internet!

Larry Garfield 25 Apr, 2018
Categories: Web

myDropWizard.com: Critical Drupal core security update for SA-CORE-2018-004 (including Drupal 6!)

Wed, 04/25/2018 - 12:53pm

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

This issue also affects Drupal 6 (although, less severely than Drupal 7 or 8). So, we're also making a Drupal 6 Long-Term Support (D6LTS) release of Drupal core and the Filefield module.

Drupal 6 core security update

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

This fix is both for Drupal 6 core and the Filefield module. This is because the Drupal 7 & 8 fixes include changes to the core 'file' module, which isn't in Drupal 6 core, but an equivalent fix applies to the Filefield module.

Here you can download:

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install security updates for contrib modules (even though they won't necessarily have a release on Drupal.org).

Categories: Web

Lullabot: Should you Decouple?

Wed, 04/25/2018 - 12:44pm

One of the major topics of discussion in the Drupal community has been decoupled (or headless) Drupal. Depending on who you ask, it’s either the best way to build break-through user experiences, or nothing short of a pandemic. But what exactly is a decoupled architecture?

A decoupled content store splits the content of a website from how it is displayed into multiple independent systems. Decoupled sites are the logical evolution of splitting content from templates in current CMSs. Decoupled architectures started to become mainstream with the publication of NPR’s Create Once, Publish Everywhere (COPE) series of articles. Other media organizations including Netflix have seen great benefits from a decoupled approach to content.

Like many other solutions in computer science, decoupling is simply adding a layer of technical abstraction between what content producers create and what content consumers see.

Technical decision makers face an important choice when evaluating Drupal 8. When an existing site is upgraded to Drupal 8, how do we decide if we should decouple the site or not? Before we decide to work on a decoupled implementation, it’s critical that everyone, from developers and project managers, to content editors and business leaders, understand what decoupling is and how to ensure a decoupled effort is worth the technical risk.

Why Decouple?

I’ve seen many people jump to the conclusion that decoupling will solve problems unrelated to a decoupled architecture. Decoupling doesn’t mean a website will have a cleaner content model or a responsive design. Those are separate (though relevant) solutions for separate problem sets.

These are the specific advantages of a decoupled architecture for a large organization:

  • Clean APIs for mobile apps: Since the website front-end is consuming the same APIs as mobile apps, app developers know that they aren’t a second-tier audience.
  • Independent upgrades: When the content API is decoupled from the front-end, the visual design of a website can be completely rebuilt without back-end changes. Likewise, the back-end systems can be rebuilt without requiring any front-end changes. This is a significant advantage in reducing the risk of replatforming projects, but requires strict attention to be paid to the design of the content APIs.
  • APIs can grow to multiple, independent consumers: New mobile apps can be created without requiring deep access to the back-end content stores. APIs can be documented and made available to third parties or the public at large with little effort.
  • Less reliance on Drupal specialists: Drupal is a unique system in that front-end developers need to have relatively deep understanding of the back-end architecture to be effective. By defining a clear line between back-end and front-end programming, we broaden our pool of potential developers.
  • Abstraction and constraints reduce individual responsibilities while promoting content reuse: Content producers are freed from needing to worry about exact presentation on every single front-end that consumes content. Style and layout tweaks are solely the responsibility of each front-end. Meanwhile, front-end developers can trust the semantics of content fields and the relationships between content as determined by the content experts themselves.
Here Be Dragons

At the beginning of a decoupled project, the implementation will seem simple and straight-forward. But don’t be fooled! Decoupled architectures enable flexibility at the cost of simplicity. They aren’t without risk.

  • One system becomes a web of systems: A decoupled architecture is more complex to understand and debug. Figuring out why something is broken isn’t just solving the bug, but sorting out whether the problem lies in the request or in the API itself.
  • Strict separation of concerns is required to gain tangible benefits: As front-end applications grow and change, care has to be taken to ensure that front-end display logic isn’t encoded in the API. Otherwise, decoupled systems can slowly create circular dependencies. This leads to systems with all of the overhead of a decoupled architecture and none of the benefits.
  • Drupal out-of-the-box functionality only works for the back-end: Many contributed modules provide pre-built functionality we rely on for Drupal site builds. For example, the Google Analytics module provides deep integration with Drupal users and permissions, "page not found" tracking, and link tracking. In a decoupled architecture, this functionality must be rewritten. Site preview (or even authenticated viewing of content) has to be built from scratch in every front-end, instead of using the features we get for free with Drupal. Need UI localization? Get ready for some custom code. Drupal has solved a lot of problems over the course of its evolution so you don’t have to—unless you decouple.
  • The minimum team size is higher for efficient development: A Drupal site with a small development team is not a good candidate for decoupling unless content is feeding a large number of other applications. In general, decoupling allows larger teams to work concurrently and more efficiently, but doesn't reduce the total implementation effort.
  • Abstraction and constraints affect the whole business: The wider web publishing industry still has the legacy of the "webmaster". Editors are used to being able to tweak content with snippets of CSS or JavaScript. Product stakeholders often view products as a unified front-end and back-end, so getting the funding to invest in building excellent content APIs is an uphill battle. Post-launch support of decoupled products can lead to short-term fixes that are tightly coupled, negating the original investment in the first place.
The Heuristic

To help identify when decoupling is a good fit for a client, Lullabot uses the following guidelines.

Decoupled architectures may be appropriate when:

  1. The front-end teams require full freedom to structure and display the data.
  2. The front-end team does not have Drupal expertise.
  3. More than one content consumer (such as a website and multiple mobile apps) is live at the same time.
  4. Display front-ends combine data from multiple distinct API sources like CMSs, video management systems, and social media.
  5. A project consists of multiple development teams.

If a project meets some of these criteria, then we’ll begin a deep-dive into what decoupling would require.

  • Does decoupling also require a complete content rewrite, such as when migrating from legacy "full-page" CMS’s? We’ve encountered sites that haven’t made the move to structured data yet and still consist primarily of HTML “blobs.” This scenario presents a significant hurdle to decoupling, though it’s a separate problem from decoupling.
  • Does the development team have the time needed to build and document a content API with something like Swagger? Or is using Drupal as a site building (but coupled) development framework a better fit?
  • Does the web team consist primarily of Drupal developers, and will those developers continue to support the website in the future? Would the front-end team be better served by Views, Panels and the theme layer, or by a pure front-end solution like React or Angular?
  • Is there enough value in decoupling that the business is willing to change how they work to see it’s benefits?

Decoupled architectures are a great solution - but they’re not the only solution. Some of the best websites are built with a completely coupled Drupal implementation. It’s up to us as technical leaders and consultants to ensure we don’t let our excitement over an updated architecture get in between us and what a client truly needs.

Header image by Daniel Schwen CC BY-SA 4.0, from Wikimedia Commons

Categories: Web

Security advisories: Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

Wed, 04/25/2018 - 12:13pm
Project: Drupal coreDate: 2018-April-25Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: 

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. While SA-CORE-2018-002 is being exploited in the wild, this vulnerability is not known to be in active exploitation as of this release.

Solution: 

Upgrade to the most recent version of Drupal 7 or 8 core.

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, upgrade to Drupal 8.4.8. (Drupal 8.4.x is no longer supported and we don't normally provide security releases for unsupported minor releases. However, we are providing this 8.4.x release so that sites can update as quickly as possible. You should update to 8.4.8 immediately, then update to 8.5.3 or the latest secure release as soon as possible.)

If you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:

These patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)

Reported By: Fixed By: 
Categories: Web

Web Wash: Easily Link to Content using Linkit in Drupal 8

Wed, 04/25/2018 - 11:11am

The Linkit module allow site editors to work in a more comfortable way when linking to internal entities (i.e. content, users, taxonomy terms, files, comments, etc.) and when linking to external content as well.

The benefit of the module is that your editors won’t have to copy and paste URLs of content they're linking to, instead the module provides an autocomplete field, which they can use to search for content.

Linkit works based on a profile system. You can choose as many or as few plugins (linking options) for each profile and then assign each profile to a particular text format. This provides an extra layer of granularity, because the linking permissions are granted in the text editor and not within Linkit. That way you can add multiple roles or just one role to a Linkit profile.

Categories: Web

mark.ie: Showing Fields in a Referenced Node Depending on the Value of a Boolean in a Paragraph Bundle

Wed, 04/25/2018 - 9:18am
Showing Fields in a Referenced Node Depending on the Value of a Boolean in a Paragraph Bundle

Mission: you have 2 fields in a Drupal paragraph bundle, one a node reference field and one a boolean field. Show certain fields in the referenced node depending on the value of the boolean field.

markconroy Wed, 04/25/2018 - 14:18

That's a question that popped up today in the DrupalTwig Slack. Here's my response, which I implemented a version of recently.  (In that particular case, we had an 'Event' content type with fields for 'address', 'phone number', etc and also a reference field for 'Amenity'. If the fields were filled in in the event content type, they were to be presented, but if they were left blank on the event content type, we had to pull in the corresponding fields for address, phone number, etc from the referenced amenity.) Anyway, my response:

{# Check the value of the boolean field #}
{% if paragraph.field_boolean.value === 'on' %}
  {# Just render the title of the referenced node #}
  {{ paragraph.field_reference.0.entity.label }}

{% else %}
  {# Render the title and the image field #}
  {{ paragraph.field_reference.0.entity.label }}
 
{% endif %}

{# Ensure that the cache contexts can bubble up by rendering the {{ content }} variable #}
{{ content|without('field_boolean', 'field_reference') }}

Just for clarity - variables in that code snippet are simply made up off the top of my head (this is what happens when answering questions on Slack). I'm sure I have things slightly wrong and you'll need to play with them to get them to work correctly.

Also, the reason for the cache contexts bit? Say thanks to Lee Rowlands from Previous Next for his blog post Ensuring Drupal 8 Block Cache Tags bubble up to the Page

Categories: Web

Specbee: Drupal 8.5.0 - What Is New And What To Expect!

Wed, 04/25/2018 - 8:56am

The latest version of Drupal was released with a bunch of bug fixes and some amazing new features to help your business grow. Discover what Drupal 8.5.0 means to your business and learn the advantages it holds in Drupal web development.

Categories: Web

OSTraining: Integrate Telegram Chat in Your Drupal 8 Site

Wed, 04/25/2018 - 1:36am

Telegram is an easy to use free chat application, that is rapidly winning fans all over the world. 

There is a Telegram plugin for WordPress but there is no a Telegram module for Drupal.

In this tutorial, you will learn how to integrate the Telegram app with your Drupal 8 site using a JavaScript from Re:plain.

Categories: Web

Evolving Web: Integrating Auth0 with Drupal for Single Sign-On Authentication

Tue, 04/24/2018 - 9:36pm
Using Auth0 to create a centralized login page for Drupal sites

Drupal’s basic user authentication system is ideal for small and isolated apps. But when users are signing into multiple interactive sites and apps, it makes sense to offer a centralized authentication system to save users from remembering multiple passwords.

These days, social sites have become de facto identity providers. Users expect websites to provide social login and single sign on functionality. In these scenarios, the built-in Drupal authentication system is very limited.

Introducing Auth0: authentication and authorization as a service

There are several ways of enabling single sign-on and social logins on Drupal websites. In this article, we’ll introduce Auth0 and explain how to use it to create a cool, centralized login page like the one shown below.

Auth0 provides authentication and authorization as a service. It includes various methods to authenticate, such as username/password, social accounts, SAML and OTP. It can also connect on-premise identity databases. The authentication mechanism is device-agnostic, so it works consistently across various devices.

Auth0 implements OAuth 2.0 — an open standard for authentication that can be used between applications and websites. It also implements other standards that can be used for authentication, including SAML and OpenID Connect.

Here are some of the ways you can integrate Auth0 with Drupal

  • As a single sign-on across multiple Drupal apps, where Auth0 acts as a central store for credentials

  • To allow users to log into Drupal using existing credentials from systems such as LDAP, Google Suite, or Office 365

  • To integrate social logins such as Google and Facebook

How to implement Auth0

In the steps below, you’ll learn how to set up Auth0 on a Drupal site for a typical use case. It will enable users to log into your Drupal site using their social media accounts. They'll also be able to create an account if they don't already have one.

There are two Auth0 modules you can choose from:

  • Auth0 module on GitHub: is the official module. It has more features but doesn't follow all of Drupal coding standards.

  • Auth0 module on Drupal.org is a fork of the official module on drupal.org. It follows coding standards, but lacks some functionality, as many changes have not been merged from the aforementioned GitHub repository.

When we integrated Auth0 on a client’s site a few months ago, we spent a good amount of time analyzing these two modules.

Only some basic features were required, all of which were available in the Drupal.org module. We therefore opted for cleaner code over the additional features.

In fact, both modules contained errors that we needed to fix. The generic patches that resulted from this process were submitted to both repositories. These patches were recently merged; there is some collaboration underway to sync changes between the two repositories. In the future, this will save users the extra step of choosing a module.

Create an Auth0 Application

Here is the basic configuration to get started with Auth0 for Drupal.

Note that it’s very important that the callback you use in this configuration is HTTPS. You should always use HTTPS in production (or even during development if sensitive user accounts are being used).

  1. Create an Auth0 account and log into the Auth0 Dashboard.

  2. Create a new application and select Type as "Regular Web Applications".

  3. In the Settings tab, do the following:

    1. Add https://example.com/auth0/callback to the Allowed callback URLs section. Make sure you replace example.com with the domain name of your site. You can also add local URLs.

    2. Add https://example.com/user/logout to the allowed logout URLs section.

    3. Add https://example.com to the Allowed Origins (CORS) section to allow the origins that will be able to make requests.

  1. Proceed to the next step and select PHP for "What technology are you using for your web app?"

  2. Go to Connections > Social and enable the social logins that you want to use (these links are located in left sidebar of the Auth0 Dashboard)

You are now done with the basic setup! Users can now create accounts, or log in using their credentials from the providers that you enabled in the previous step.

Optional Configuration

Additionally, Auth0 provides many features for building advanced authentication mechanisms, and it can determine how data is stored and passed to applications.

For example, Auth0 enables you to:

  • Use add-ons to generate access tokens for systems such as Salesforce, Azure Service Bus and SAP.

  • Configure social connections for authentication.

  • Implement username and password authentication to have an Auth0 DB or your own DB connected to store authentication information.

  • Use passwordless authentication to send a login link to email or OTPs to mobile.

  • Use multi-factor authentication.

  • Customize data shared with apps, but using simple JavaScript based rules.

Configure Auth0 in Drupal

Next, you'll need to configure Drupal to connect to the Auth0 Client we created:

  1. Go to the Auth0 configuration page (admin/config/auth0) in your Drupal site’s admin area.

  2. Add the Auth0 Credentials Client ID, Domain and Client Secret. This information is in the Auth0 dashboard.

  3. Make sure you select RS256 as the "JWT signature algorithm". This is the default algorithm configured in the Auth0 Client.

Advanced Setup

Depending on how you want users to log in, you can use the Auth0 hosted login page or embed a widget in the Drupal login page/block:

  • Select Redirect login for SSO to use an Auth0 hosted login page. We recommend this option because it’s more secure. It is ideal if you have multiple web applications using the same authentication information — users will be logged in automatically without having to provide their credentials each time. If you want more control over how the widget looks using the hosted login approach, you can customize the look in the "Hosted Pages" section in the Auth0 Dashboard.

  • Select Redirect login for SSO to embed a widget in the login page and block. This makes more sense for an isolated app.

Similarly you can select other options, such as: allowing users to signup via Auth0, or requiring users to verify their email addresses before they can log in.

Next Steps

Now that you have done the basic Auth0 setup, it’s time to learn more about what Auth0 can bring to your Drupal site and explore how you can extend Auth0 functionality:

  • Read the Auth0 official documentation pages.

  • Extend the Auth0 module’s functionality by subscribing to various events, such as Auth0UserSigninEvent and Auth0UserSignupEvent.

We’d love to hear about new ways you’ve found to implement Auth0 to streamline authentication. Leave us a comment to share your questions, experiences and use cases.

+ more awesome articles by Evolving Web
Categories: Web

Mike Crittenden: Drupal 8 Cache API examples cheat sheet

Tue, 04/24/2018 - 8:00pm

Here are some random useful snippets for dealing with caches in Drupal 8, just because I keep having to dig them up from the API.

I'll try to add more here as I go.

Set an expiring cache item \Drupal::cache()->set('cache_key', 'cache_data', $expiration_timestamp); Set a permanent cache item \Drupal::cache()->set('cache_key', 'cache_data', CacheBackendInterface::CACHE_PERMANENT); Set a permanent cache item with tags \Drupal::cache()->set('cache_key', 'cache_data', CacheBackendInterface::CACHE_PERMANENT, array('tag_one', 'second_tag')); Fetch an item from the cache $cache = \Drupal::cache()->get('cache_key'); if (!empty($cache->data) { // Do something with $cache->data here. }

(Note that in Drupal 8 you don't have to manually check to make sure the cache isn't expired, thanks to this issue)

Invalidate a cache item \Drupal::cache()->invalidate('cache_key'); Invalidate multiple cache items \Drupal::cache()->invalidateMultiple($array_of_cache_ids); Invalidate specific cache tags

This one allows you to pass in an array of cache tags to invalidate manually.

use Drupal\Core\Cache\Cache; Cache::invalidateTags(['config:block.block.YOURBLOCKID', 'config:YOURMODULE.YOURCONFIG', 'node:YOURNID']);

Note that the invalidation functions also exist for deleting caches, by just replacing invalidate with delete.

Flush the entire site cache

This one is still the same as Drupal 7.

drupal_flush_all_caches();

The end!

Categories: Web

Sooper Drupal Themes: Drupal 8 Menu Tutorial And How To Create Dropdown Menus | 8 Days To Drupal 8 | Day 8

Tue, 04/24/2018 - 4:49pm

We're counting down the days to the official SooperThemes Drupal 8 Release! Count with us as we will be writing a Drupal 8 related blog post every day for the next 8 days.

Drupal 8 menus, menu links, and dropdown menus video tutorial

view on sooperthemes.com if you can't see the video

A well designed menu is a menu that works great on all devices and gets your users where they need to go with minimal effort. We'll first get into the basics of creating and placing menu links in Drupal 8 and then cover the topic of dropdown menus. 

Managing Menu Links In Drupal 8

Menus are part of the structure of your Drupal website and you manage them by clicking Structure and then Menus. Here you find a listing of menus installed on your website. The most important item in the list is the Main Navigation. There may be other menus in your website, but there is one menu that is more important than all others because it links to your most important pages and is placed at the top of your page. 

At the far right in the Menus administration page click the "edit links" item in the Main Navigation row. This will take you to an overview of the links in your main menu. If you just installed the Drupal 8 default installation profile this menu will only contain the Home link. If you installed one of the Glazed Theme demos the main menu will contain a number of links already

Drupal 8 Links Administration

Adding New Menu Links In Drupal 8

Once you are at the Main Navigation administration form (Structure > Menus > Main Navigation/edit menu) you see an overview of the links that are already in your main menu. Here you can add, edit, and delete links. You can also change the order of links by dragging the move icon at the left hand side of the table.

To add a new link click the "+ Add link" button at the top of the table. For the menu link title fill in the link text that you want to appear in your main menu. In the link field you can add an internal path, or an external URL. With the weight option in the end of the form you can tell Drupal to place new menu items to the front or the back of the menu. For example you can add a weight of 10 to you Contact link because you typically want that link to appear in the end of the menu.

The other optionsnot important now and they'll be covered in the next section when we talke about dropdown menus. 

Drupal 8 Creating A New Link

Creating A Dropdown Menu

Dropdown menus are a popular solution when you want site visitors to be able to reach a large number of pages in a single click. One such situation is in the main demo website of our Glazed Theme and Glazed Builder products. We know people want to explore the elements and features that are offered to we organize close to a 100 menu items all in the main navigation.

There are generally 2 different paths to get a dropdown menu in your Drupal website: From your theme or from a module. If you use our Glazed Theme you have a dropdown menu system built into the theme. If you use a theme that doesn't support dropdown menus (like Drupal's default theme) and you don't want to code it yourself, you can rely on a module like SuperFish.

Drupal 8 Glazed Main Demo Dropdown Menu

Dropdown Menus Included In Glazed Theme

The menu system in Glazed theme is one of the biggest selling points of the theme because it's a beautiful, user-friendly menu that works perfectly with Drupal's native menu administration. With the flick of a switch you can have a horizontal menu or a vertical menu. It supports multi-level menus by automatically creating a megamenu for large devices and collapsing into a beautiful vertical menu on small devices. The menu's design is customizable in the Glazed Theme Settings system.

To create a dropdown menu on your Glazed Theme website, or when using any theme that has support for dropdown menus built in we're only have to edit our Main Navigation menu links to have parent and child links. By parent links we mean the menu links that are in show navigation bar and the child links are the links that are contained in a dropdown box that appears only when we hover a parent link. One little quirck in Drupal is that you have to remember to enable the Expanded checkbox on every parent link for your dropdowns to work. Check out the video above to see how we build the menu structure.

Dropdown Menus With The SuperFish Drupal 8 Module

If your theme doesn't support dropdown menus natively you can add the SuperFish module to your Drupal website. You might also use this module if it has some features or design elements that you prefer over the system built into your theme. 

The SuperFish module also relies on the menus created in Drupal's native menu administration pages, and you'll also be creating a menu structure with parent and child links. Check out the video above to see how the structure is made.

Once you have the menu structure set up you can download the SuperFish module and follow the instructions on their project page to install it. Next you will go to the blocks administration page to remove the Main Navigation block to then replace it with the SuperFish Main Navigation block. This is a new block the is generated by the SuperFish module. Once you place this block you can view your homepage and the dropdown menu should be working. As was the case in our demo that we did in our video above you may have to do some theming to style the menu.

Categories: Web

Pages