Drupal (core)

Episode Number:  216 The Drupal 8 Image Widget Crop Module is a handy module for allowing your content editors on your website to crop images after they upload them. Have you ever uploaded an image on a website and had it automatically crop the ... [More] image for you in a way that just looks wrong? This module solves that problem! Tags:  Drupal Contrib Drupal 8 Image Handling Site Building Drupal Planet [Less]

Episode Number:  215 In this episode, we cover the Drupal 8 Contact Storage Export Module. This episode covers a module that adds additional functionality to the Contact Storage Module (which we covered in episode 213). This module allows you to ... [More] export your contact form submissions to a CSV file. It's a simple module that serves a very specific purpose. If you need to export your contact form submissions, this is how you do it! Tags:  Drupal Contrib Drupal 8 Site Building Drupal Planet [Less]

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post. If you are still using PHP 5, now is the time to upgrade to a newer version of PHP. PHP, the Open Source scripting ... [More] language, is used by nearly 80 percent of the world's websites. According to W3Techs, around 61 percent of all websites on the internet still use PHP 5, a version of PHP that was first released fourteen years ago. Now is the time to give PHP 5 some attention. In less than two months, on December 31st, security support for PHP 5 will officially cease. (Note: Some Linux distributions, such as Debian Long Term Support distributions, will still try to backport security fixes.) If you haven't already, now is the time to make sure your site is running an updated and supported version of PHP. Beyond security considerations, sites that are running on older versions of PHP are missing out on the significant performance improvements that come with the newer versions. Drupal and PHP 5 Drupal 8 Drupal 8 will drop support for PHP 5 on March 6, 2019. We recommend updating to at least PHP 7.1 if possible, and ideally PHP 7.2, which is supported as of Drupal 8.5 (which was released March, 2018). Drupal 8.7 (to be released in May, 2019) will support PHP 7.3, and we may backport PHP 7.3 support to Drupal 8.6 in the coming months as well. Drupal 7 Drupal 7 will drop support for older versions of PHP 5 on December 31st, but will continue to support PHP 5.6 as long there are one or more third-party organizations providing reliable, extended security support for PHP 5. Earlier today, we released Drupal 7.61 which now supports PHP 7.2. This should make upgrades from PHP 5 easier. Drupal 7's support for PHP 7.3 is being worked on but we don't know yet when it will be available. Thank you! It's a credit to the PHP community that they have maintained PHP 5 for fourteen years. But that can't go on forever. It's time to move on from PHP 5 and upgrade to a newer version so that we can all innovate faster. I'd also like to thank the Drupal community — both those contributing to Drupal 7 and Drupal 8 — for keeping Drupal compatible with the newest versions of PHP. That certainly helps make PHP upgrades easier. [Less]

We’ve prepared for you an overview of the best Drupal blog post written in the previous month - October 2018. Enjoy. READ MORE

I'll keep this short and sweet, but we thought this would be a useful tip to share with the world as a potential security issue with the combined use of File::getFileUri() and FileSystem::realpath(). Consider the following code excerpt : $file = ... [More] File::load($some_file_uri); if ($file) { $uri = $file->getFileUri(); $file_realpath = \Drupal::service('file_system')->realpath($uri); } Seems pretty harmless right? Load up the file from $some_file_uri , If we have a valid file then get the URI and then grab the real path. Wrong (potentially, depending on what you do with $file_realpath). If $file is a valid file, but for whatever reason the file is no longer physically located on disk, then $file->getFileUri() will return a blank string. It turns out that passing this blank string $uri into \Drupal::service('file_system')->realpath($uri) will return the full webroot of your site! Depending on what you were doing with said $file_realpath, it could then be a security issue. We were handling a user webform submission and then sending the submission over to a CRM system... because $file_realpath was now the webroot of the site, then code that followed to archive the user submitted file ended up archiving the entire webroot and sending this over to the client's CRM system.  Luckily in this instance, the archive was only ever available temporarily server side and then went directly to the clients own CRM system, but in another circumstance this could have easily been a very serious security issue. Fortunately the fix is quite simple, ensure the the $uri returned from ->getFileUri() is valid by some method, before passing through realpath(). Here, I now validate the uri matches what I know it should be for the current webform submission. if ($file) { $uri = $file->getFileUri(); $webform_id = $webform->get('id'); $submission_id = $webform_submission->get('sid')->getValue()[0]['value']; $valid_file_scheme = strpos($uri, 'private://webform/' . $webform_id . '/' . $submission_id . '/') !== FALSE; if ($valid_file_scheme) { // Proceed with the rest of the code.. } }   [Less]

It's easy to take PHP for granted. The Open Source scripting language is used by nearly 80% of the world's websites. According to W3Techs, around 61 percent of websites on the internet still use PHP 5. PHP 5 was first released fourteen years ago. ... [More] Fourteen years is a long time, and makes it easy to take it for granted. Now is the time to give PHP 5 some attention. In less than two months, on December 31st, security support for PHP 5 will officially cease. (Note: Some Linux distributions, such as Debian Long Term Support distributions, will still try to backport security fixes.) If you haven't already, now is the time to make sure your site is running an updated and supported version of PHP. Beyond security considerations, sites that are running on older versions of PHP are missing out on the significant performance improvements that come with the newer versions. Drupal and PHP 5 Drupal 8 Drupal 8 will drop support for PHP 5 on March 6, 2019. We recommend updating to at least PHP 7.1 if possible, and ideally PHP 7.2, which is supported as of Drupal 8.5 (which was released March, 2018). Drupal 8.7 (to be released in May, 2019) will support PHP 7.3, and we may backport PHP 7.3 support to Drupal 8.6 in the coming months as well. Drupal 7 Drupal 7 will drop support for older versions of PHP 5 on December 31st, but will continue to support PHP 5.6 as long there are one or more third-party organizations providing reliable, extended security support for PHP 5. Earlier today, we released Drupal 7.61 which now supports PHP 7.2. This should make upgrades from PHP 5 easier. Drupal 7's support for PHP 7.3 is being worked on but we don't know yet when it will be available. Thank you! It's a credit to the PHP community that they've made it easy for all of us to take this programming language for granted. But that can't go on forever. It's time to move on from PHP 5 and upgrade to a newer version so that we can all innovate faster. I'd also like to thank the Drupal community — both those contributing to Drupal 7 and Drupal 8 — for keeping Drupal compatible with the newest versions of PHP. That certainly helps make PHP upgrades easier. [Less]

Now that I’ve settled back down in Alaska after a fun trip to Berkeley for BADCamp, I’m finally digesting all of the info I gathered throughout the week. As always, it was cool to look over the schedule and ... [More] see what topics were getting a lot of attention; and, without a doubt, it seemed like GatsbyJS was the hot-ticket item this year. So here’s a primer on what GatsbyJS is and why the Drupal community seems so head-over-heels for this up and coming site generator. [Less]

Now that the excitement of BADCamp has worn off, I have a moment to reflect on my experience as a first-time attendee of this amazing, free event. Knowing full well how deeply involved Kanopi Studios is in both the organization and thought ... [More] leadership at BADCamp, I crafted my schedule for an opportunity to hear my colleagues while also attending as many sessions on Accessibility and User Experience (UX) as possible. Kanopi’s sessions included the following: A case study on a complex franchise-based business with geolocation features by Sean and Jim A concise, informative breakdown of metadata and schema for enhanced SEO opportunities by Jim A step-by-step overview of a series of clever tactics for gathering indirect data about your users by Kat A comprehensive breakdown of considerations for updating versus rebuilding a website with a review of pros and cons for D7, D8 and D9 by Anne The rest of my schedule revolved around a series of sessions and trainings tailored toward contributing to the Drupal community, Accessibility and User Experience. Navigating the Issue Queue – A beginner’s guide to contribution by Amy June Hineline, John Nguyen and Daniel Rose of Hook 42 Web Accessibility 101 Training by Aimee Degnan, Amy June Hineline and John Nguyen of Hook 42 Accessibility 201: Tales from the Front End Caroline Boyden of UC Berkeley What’s for Dinner? Using Predictive UX to Help Users Decide by Gurwinder Antal and Lauren Motl of Elevated Third Designing for Drupal: Tips & Tricks for a Clean, User-Friendly Website by Valerie Neumark and Andrew Goldsworthy of Rootid Making Accessibility Audits Easy: Tips and Tricks For Auditing by Michaela Blackham of Aten Design Group For the sake of this post, I want to cover a topic that everyone who builds websites can learn from. Without further ado, let’s dive a bit deeper into the accessibility portion of the camp.   Who is affected by web accessibility? According to the CDC, 53 million adults in the US live with some kind of disability; which adds up to 26% of adults in the US. Issues range from temporary difficulties (like a broken wrist) to permanent aspects of daily life that affect our vision, hearing, mental processing and mobility. Creating an accessible website allows you to communicate with 1 in 4 adults you might otherwise have excluded. What is web accessibility? Accessibility is a detailed set of requirements for content writers, web designers and web developers. By ensuring that a website is accessible, we are taking an inclusive attitude towards our products and businesses. The Web Content Accessibility Guidelines (WCAG) are a globally acknowledged set of standards that help us publish content that fits within the established success criteria. These guidelines are organized into the following four categories. WCAG Categories: Is your website perceivable? This applies to non-text content, time-based media (audio and video), color contrast, text size, etc. Is your website operable? This ensures that content is easy to navigate using a keyboard, that animations and interactions meet real-user requirements, buttons are large enough to click, etc. Is your website understandable? This means that text content is easy to read for someone at a ninth grade reading level, that interactions follow design patterns in a predictable manner, that form errors are easy to recover from, etc. Is your website robust? This means that content should be easy to interpret for assistive technologies, such as screen readers. The World Wide Web Consortium (W3C) is an international community whose mission is to lead the Web to its full potential. They have also published a checklist to aid our efforts in meeting WCAG success criteria. How can we be successful in making the web accessible? Industries have varied requirements when it comes to web accessibility. WCAG has three levels of compliance, ranging from A to AA to AAA. A conformity has the lowest set of requirements and AAA has the strictest set of requirements; so strict, in fact, it may be impossible to achieve across an entire site. Efforts to meet these standards fall on every individual involved in the process of creating a website. Although there are many tools that aid in our journey, we reach accessibility through a combination of programmatic and manual means. The most important thing to keep in mind is the fact that achieving success in the world of accessibility is a journey. Any efforts along the way will get you one step closer towards a more inclusive website and a broader audience base. Please Remember: Once Kanopi helps you launch an accessible site, it’s your job to maintain it. Any content you add moving forward must be properly tagged; images should have proper alt text and videos should have captions. Users come to your site because they love your content, after all! The more you can make your content accessible, the more you will delight your users. Interested in making your site more accessible? Check out some of the resources I linked to above to join in learning from my peers at BADCamp. If you need more help getting there, let’s chat! The post BADCamp + Accessibility = Education, Inspiration and Opportunity appeared first on Kanopi Studios. [Less]

MidCamp is Coming MidCamp is returning for its sixth year next March 20-23, 2019. We’ll be back at DePaul University for four days of presentations, professional training ... [More] , contribution sprints, and socials. Designers, developers, and users will be able to brush shoulders with Drupal service providers, hosting vendors, and other members of the broader web development community. Agenda Overview This year we have some changes to our general agenda. We’ll be adding summits for the first time! We’ve also moved our sessions to Thursday and Friday so that attendees get some of their weekends back. A high-level agenda is as follows: Wednesday, Mar 20 - Summits, Training, and Contribution Sprints Thursday and Friday, Mar 21-22 - Sessions Saturday, Mar 23 - Contribution Sprints Stay Tuned for these Upcoming Dates Stay tuned into the website and our newsletter for some upcoming dates. NOW! - Ticket sales are open on Eventbrite. Spread the word and get your tickets early: https://midcamp2019.eventbrite.com/ Nov 14, 2018 - Our website will be fully up and running. It will be ready to open our call for papers. Dec 12, 2018 - Call for papers will close and travel information will be available on the website. Jan 9, 2019 - We will open the registration for training and summits. Jan 16, 2019 - Announce Featured speakers on the website. Jan 23, 2019 - We will post the Final schedule for the website. Help us Make MidCamp! It’s not too late to get involved with MidCamp 2019. We’re on MidCamp Slack. You can also contribute by telling us what topics you’re interested in seeing in the 2019 program.   Join the conversation Register on Eventbrite Join the MidCamp Slack Attend the Drupal Chicago Meetup Follow us on Twitter Follow us on Instagram Sign up for our newsletter Subscribe on YouTube Follow us on LinkedIn [Less]

Drupal is one of the most successful open source projects in the world. Governance is fundamental to the project's success. The community and the code has been built from the ground up. And as the code has grown, so has the community. When ... [More] communities are first emerging it's easy to bring newcomers along, but over time the community begins to mature, change, and then needs to adapt. Challenges and opportunities emerge as evolution occurs, and our community needs to navigate them strategically. A Governance Task Force has been meeting weekly since May to put together the strategic proposal we now share with you. We've synthesized ideas, discussions, and experiences from people we've interviewed, and we've revisited the themes that emerged from the community listening project run by Whitney Hess and by previous governance discussions. This Drupal Governance Task Force 2018 Proposal serves two purposes. Firstly, it's clear that for community evolution to occur there needs to be broad agreement and buy-in. People are comfortable jumping in and building a new module, but community change and action is hard. People talked to us openly about the unclear processes and barriers holding back community progress. We heard strong perceptions that support from Dries or the Drupal Association is needed before initiatives could be created or scaled; real or otherwise, this is affecting community progress and action. Speaking to people from the Drupal Association, the Community Working Group and other initiative leaders, they also feel limitations. But to change their terms of reference and priorities they also need to have a community directive. The community is stronger and more influential than we sometimes assume  --- when we are speaking together. That's why at the heart of this proposal is a new community governance structure. The second purpose of the proposal is to create a starting point --- a framework. We’ve been practical, highlighting a range of actions that form a backbone for community evolution. It’s not a defined roadmap, and it’s not a list of every idea we had or heard. We welcome the discussion, debate and idea generation that this document will spark. We want to hear your solutions on how to get change done, and what you would like to contribute. We strived to make practical recommendations with the potential to make progress, lower barriers, and help our community to continue to evolve with time. Throughout this process we have heard people say they believe change is necessary. Change is necessary for the longevity of Drupal the project and the code. Change is necessary to create a new generation of Drupallers — the people we want to help build ambitious things and to have the chance to build a career within our community. It is hard to not feel the project is at a crossroads. We’ve climbed the mountain of Drupal 8, we sit at the peak and look to the valley below. Where we go next, and who we take with us, is up to you. We hope this proposal helps. David, Ela, Stella, Lyndsey, Rachel, Hussain, and Adam File attachments:  Drupal-Governance-Task-Force-Proposal-2018.pdf [Less]