Software

Media team is very active. Purpose of this post is to provide the progress update to the rest of the community that might not be aware of everything that is going on in this field. I am planning to publish this posts on a regular basis. We'll see how it goes :).

Media sprint in Zurich

We had a very productive sprint about a week ago in Zurich were we've worked on various core and contrib issues (see below of details). Sprint was organized by MD-Systems. They did their best to bring everyone togehter and made sure that we felt comfortable and welocome. Thank you so much (special thanks go to @miro_dieteker and @Berdir)!

Core

In Zurich @blueminds fixed [#2078473] Use entity access API for checking access to private files.

We are currently focusing on few issues:

 

TL;DR: a security update for Drupal 7 and Drupal 6 was just released. All sites are affected and sites that are not updated immediately may experience Denial of Service (DoS) attacks leading to unexpected downtime.

Update: This vulnerability was covered on Mashable and one of the reporters published a detailed full disclosure of the vulnerability.

Recently, a very mysterious problem has cost us quite a lot of time and some headache too. Before I explain, what happened, I want to mention, that it happened on a Drupal 7 Site on a MS SQL Server database. According to an issue on drupal.org, that I will mention later, it may also occur with PostegreSQL, but most likely not with MySQL. But I also have a general advice regarding pathauto patterns and best practices.

Drupal 7.31 and Drupal 6.33, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.31 and Drupal 6.33 release notes for further information.

Download Drupal 7.31
Download Drupal 6.33

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.31 is a security release only. For more details, see the 7.31 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.33 is a security release only. For more details, see the 6.33 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.31 and 6.33 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

• SA-CORE-2014-004

To fix the security problem, please upgrade to either Drupal 7.31 or Drupal 6.33.

Update notes

See the 7.31 and 6.33 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Here’s an interesting bug…

It is a pretty common practice to hide from view text that is meant for visually impaired users to read via a screen reader. In Drupal, required fields will get a value that is hidden in this way via CSS in the field’s label elements. By default, this text reads “This field is required” however the text is translated, so it may vary depending on the language of the page. Visually, this text is hidden; sighted users will still see a red star character next to these fields, but it is only meant as a cue for users utilizing screen readers.

A common method of hiding these ‘Cur’ elements is to set the element’s width and height to 1px and use the the clip property. This method can be seen in this blog post and is briefly hit upon in this WebAIM article.

.element-invisible {

position: absolute !important;

height: 1px;

width: 1px;

overflow: hidden;

clip: rect(1px 1px 1px 1px); /* IE6, IE7 */

clip: rect(1px, 1px, 1px, 1px);

}

The Problem

I’ve come across an issue that can hamper accessibility. Users employing the NVDA Screen Reader with Firefox and using the screen reader viewer will see elements styled like this with the spaces removed, e.g., “Thisfieldisrequired.” This does not appear to be an issue in Chrome, and I have not tested in other browsers. The screen reader view renders as:

The Solution

It seems that this spacing is caused by how Firefox is interpreting the width property. Using a larger width here seems to resolve the issue, and a good threshold for this seems to be 9px. I tried it with 8, but oddly, that width leaves some words still missing spaces while correcting others. This may cause some layout issues, however. (I spend more of my time in back-end development, so I am not a CSS expert by any means.) Here is the result of changing the element’s width to 9px:

 

 

Thus, it seems changing the pixel size of these invisible elements could be one small step towards improving accessibility of this screen reader in Firefox.

 

Drupal 8 theming layer co-maintainers Joël Pittet and Scott Reeves sat down with me at NYC Camp 2014 at United Nations Headquarters in New York City to talk about how Twig and the new theming layer in Drupal 8 empowers front- and back-end developers, convergence and contribution in PHP, and more.

How to write Sass within Chromes DevTools using Workspaces and Auto-reload

There is this feature in Chromes’ DevTools that allows you to directly edit your local Sass files without ever leaving your beloved browser. Even better, it will refresh your CSS files as soon as Compass has compiled them for you (kinda like Guard!). And to go even further, it will show you where the CSS definitions really come from (the original Sass files), instead of that generated gibberish.

Intro

So to start, you'll obviously have to be working with Sass/Compass for this to work (pardon the pun!). I won’t go into detail on how to install these lovely things as this could take up an entire post itself. So if you know how to install Sass/Compass on your machine or have a handy co-worker you can annoy (preferably a sys-monkey admin) you’re good to go.

With Sass and Compass there are as always issues if you're not working with certain specific versions. The most reliable combination that worked for me was this one:

• Susy 1.0.9
• Ruby 1.9.3
• Sass 3.3.0.alpha.134 (i suppose Sass 3.3.x will work fine too)
• Compass 0.12.4.sourcemaps

The thing about source maps

For Compass you need an entirely different version from the one that you probably have, its called “compass-sourcemap”.

In order to get that juicy source map action you'll have to open up your shell and type in the following:

sudo gem install compass-sourcemaps --pre

This will install a compass version with source map, in the future source map will (hopefully) be included in the regular compass versions.

So what is compass-sourcemap exactly you ask? Well first of it’s super fantastic, even if you don't want to have all the workspace/auto-reload mayhem you should take a look at it.

For example, on a casual day while you’re working with that sassy generated CSS, the inspector can’t really tell you where the real definitions are coming from. It only shows you the line within the generated CSS file. This is where source maps comes in, it generates an additional .map file for every .css file and tells your browser where the CSS definition is coming from. There are 4 things you'll have to do after you've installed all the necessary tools:

1. Enable “CSS source maps” in the General Chrome DevTools Settings under “Sources”
   • 
2. Enable it in your config.rb file, just add the following line (make sure its not already there)
   • sass_options = {:sourcemap => true}
3. In the shell, run your compass just like you always have
   • compass watch
4. Enjoy it!
   • 

Prepare your Drupal

Disable the “Aggregate and Compress CSS files.” option in your Drupal 7 Installation in “YOURSITE/admin/config/development/performance”.

Next up: download and enable this small module: https://github.com/AmazeeLabs/cache_buster

This will remove that pesky query behind your .css files, normally this would be a bad thing and you should never use this on a production site. However, for Chrome to properly track your local files it needs to have a permanent link to them, in other words a path that doesn't change. I got the code from an issue queue (i think…) on drupal.org but i can’t remember which one, I simply put it inside a module for easy handling. So credits go to the unknown contributor, thank you very much (and sorry)!

Before:

After:

Prepare your Chrome

Go back to your general DevTools settings and enable “Auto-reload generated CSS”, its right below the source maps option:

After that open up your local project with Chrome and navigate to “Sources” in DevTools. You should see something that looks a little like this:

What you’re gonna do next is adding your local site as a workspace inside Chrome, this will remain in there until you manually remove it. I like to take the entire theme folder; you could also add the entire site, that’s all up to you. If you've picked the folder you want, right click and pick “Add folder to workspace”. Navigate to the exact same folder on your local machine and select it.

At this point Chrome will ask you for writing permissions, just oblige and never think of it again. I mean it’s Google; what could possibly go wrong, amiright?

You should now see a new folder at the bottom of the sources tab inside your DevTools, it’s named after the folder you've just picked. Navigate to where the main .css file is (or any other .scss file), right click and select “Map to Network Resource”

Chrome will now bring up a selection of files from your site, match it to your local file.

And finally Chrome will ask you if it’s okay to reload DevTools; you are totally fine with that so pick “ok” - and you're done!

You can open any .scss files from your workspace or use the inspector to directly open a file and make all the changes you want. You can save using your standard cmd+s and even open files using cmd+o. Everything will be saved just as if it was done within a proper IDE, except its Chrome!

But there’s one more thing

If you right-click on any of your .scss files you can select “Local Modifications”; this will bring up a general “History” of all your changes and you can even revert them!

 

We all love image fields' defaults: it's so easy to have a hero image for a product or a colleague's profile even when the editor does not provide one, with all the niceties such as displaying it with various image styles in a list, in the teaser or on the actual page. We all love Features module as it allows us to export Drupal 7 content types with all its settings.

Published: Wed, 08/06/14Download this episodePHPStorm

• I’ve recently started using Sublime Text, how would you compare PHPStorm to other text editors?
• What is an “IDE”?
• What are some of stand out features of PHPStorm?
• Where can people find out more about how to use the features of PHPStorm?
• What is the pricing structure?

PHPStorm and Drupal
* What integrations does PHPStorm have with Drupal 7, right now?
* What will PhpStorm do for Drupal 8?

Questions from Twitter

• Marc Drummond
  Really enjoy using @phpstorm. Always interested in learning how to get more out of my use of it.

Episode Links: Maarten on TwitterMaarten on GitHubMaarten’s blogPHPStorm WebsitePHPStorm TutorialsPhpStorm hands-onTags: DevelopmentEditorsplanet-drupal

One of the things that sets the Drupal community apart from other open source projects is our big, amazing, and very diverse community. The Association board is structured to help represent our community with two community elected seats. After a an update to our bylaws this May, we now elect one board member per year to a two-year term. These seats are open to all community members, and we need you to fill them! Our next election will be held in early 2015, and we need your help finding great candidates.

As we shared in the 2013 election wrap up presentation at the DrupalCon Prague public board meeting, we have a couple of challenges when it comes to public elections. The first is fielding a diverse candidate pool. We had some great candidates, but very few women, people of color, or candidates from outside the US. In our next election, we'd like to see more diversity in the candidate pool. Secondly, we have very low turn out for the elections. Anyone with a Drupal.org user account created before nominations open and with at least one login in the last year can vote. Yet, we had just 668 votes in the last election - not even a full percent! 

So now we're on a mission to make sure that the community understands the role of the board in the Drupal Project, the work that the board undertakes, and what it takes to serve on the board yourself. On Tuesday, 5 August, we held a webcast that outlines what the board does, how the elections work, and how to run. You can watch the whole thing here, and check out some of the key points, below.

  What does the Board Do?

Association board members, like all board members for US-based organizations, have three legal obligations: duty of care, duty of loyalty, and duty of obedience. In addition to these legal obligations, there is a lot of practical work that the board undertakes. These generally fall under the fiduciary responsibilities of the board and include:

• Overseeing Financial Performance
• Setting Strategy
• Setingt and Reviewing Legal Policies
• Fundraisng
• Managing the Executive Director

To accomplish all this, the board meets each month for two hours, and comes together for the two-day retreats, usually scheduled to coincide with the North American and European Cons as well as one January or early February meeting. As a board member, you can expect to spend a minimum of five hours a month.

How do Nominations and Elections Work?

The first elections were held in 2012 after a lengthy community discussion was held to determine the specifics of who should be able to run, how voting would work, and who would be eligible to vote (among other details). The planning discussion that surfaced most of these issues is a great background read. The result is a nomination and voting process that is still in use today. 

Nominations are only accepted as self-nominations in our elections. You may not nominate another person. We accept those nominations during a short (two to three week) window, and after much outreach into the community. To nominate yourself, you need only complete a short form that asks for information such as your bio, your interest in running, what makes you a good candidate, as well as a photo and contact information.

For voting, we use the Instant Run Off method. The method of voting ensures that whoever wins is supported by a majority of voters. Voters rank candidates according to their preferences, and do not have to rank every candidate to complete their votes. Voting will be open for a week to two weeks, and any individual with a Drupal.org account before nominations open and who has logged in at least once in the prior year may vote.

Oh, and in case you're wondering, we use the Election Module to make this all happen.

Who Can Run? How do I Run? What do I do?

Anyone can run for the board, and we welcome all candidates. However, we do want to point out that serving on the board is very different than many of the other opportunities to contribute to the Drupal community. The board works at a strategic level, not a tactical one, and is often thinking one to three years out at a time. We want new board members to find ways to contribute and have a voice as quickly as possible, so we recommend that you have (or that you find) experience with any of the following types of areas:

• Other board experience
• Reading financial documents
• Drupal community committee experience
• Strategic planning
• Policy development

However, I want to stress that NONE of these are REQUIRED to run for or serve on the board. There are many great and free resources at BoardSource and the Bridgespan Group about board service and board skills. And because elections are not for six months, you have plenty of time to get some reading under your belt!

All completed candidate self-nomination forms are published at the end of the nomination period. We call this phase "Meet the Candidates" and community members will be able to ask questions of you on your candidate profile page. Additionally, we will set up several webcasts for candidates to address community questions live, in a variety of time zones. 

When are the next elections?

In prior years, we held elections in the fall. This was difficult because it meant that most of the recruitment and meet the candidate work was done in August, when many humans in the northern hemisphere are on vacation. We've switched to a beginning of the year format which allows us to elect and ratify a candidate with plenty of time to get the onboarded and prepped to attend the DrupalCon North America retreat. Here is the schedule for the next election:

• Community Discussion (August/September 2014)
• Technical Setup (December/Jan)
• Nominations (February 1-20)
• Meet the Candidates (Feb 21 - March 6)
• Voting (March 9 - 20)
• Ratification & Communication (March 25)

Have more questions? Never fear! We are always happy to answer them. Leave them in the comments or send me an email.

We had been always using FAQ module to create Frequently Asked Questions for any of our projects. But on our latest theme, BizReview, we switch to a new module, FAQ Field.

FAQ is a classic module, it is there since Drupal 6. So when we have to build a FAQ section, using this module is a no brainer. This is the FAQ module in action on our Velocity theme.

 

read more

Everybody knows that Wisconsin is home of America's largest water park, the world’s largest barber pole, the world’s largest penny, and the world’s largest talking cow. Another thing to know is that Wisconsin is also home to a very active Drupal community and July's excellent DrupalCamp!

It’s been a few years since my last Drupal conference, so DrupalCamp was a great opportunity to catch up on new best practices and get a little reassurance that Drupal 8 isn’t something I should fear as a developer.

Here are the highlights from a few sessions I attended:

Using Drupal for Government and Open Data Projects

Government sites pose unique challenges, and Sheldon Rampton explained how Drupal can be leveraged to accommodate for these issues if you plan well. Sheldon focused on hosting, architecture, standards, process and project management, and I definitely appreciated him referring to developers as “the talent” instead of “the resources.”

You can see his slides here.

In a related talk, Janette Day gave us an overview of DKAN, a Drupal platform for handling open data. Using Drupal for open data projects makes sense - open data should be open source, and Drupal allows non-technical users to manage content. Drupal can also help an organization modernize antiquated systems and escape from expensive software licenses.

You can check out my notes here.

Other Cool Projects

David Snopek gave us a run-down of Drupal distributions with a focus on Panopoly, which adheres to UX principles that really streamline the content-creating experience. I haven’t used Panopoly on a project myself, but I’d absolutely give it (or some of its components) a spin next time I’m tasked with hooking up a WYSIWYG or making in-place editing more client-friendly.

Here are the slides.

And if you’ve ever run into trouble on your site with managing dependencies among your modules, go check out Jim Rath 's module dependency grapher. Using a custom Drush command, the dependency analyzer will inspect your modules and generate a chart which illustrates the dependencies between them.

You can check out everything else from DrupalCamp that I bookmarked up at https://pinboard.in/search/u:hey_germano?query=drupalcampWI2014

Last week, our team participated in the first Capital Camp and Gov Days, graciously hosted at the National Institutes of Health in Bethesda, Maryland. It was a great event and we would like to thank the organizers and volunteers for making it such a success!

On the second day of the conference, William Hurley and I presented a session on Routing in Drupal 8, reviewing what changes are being made in Drupal 8 and why these changes were necessary. One of the major variations in the new system compared to Drupal 7 is the alteration of the routing process. In Drupal, a route is a mapping between URL paths, their corresponding pages and access callbacks. In Drupal 7, these routes are defined by the hook menu, using a 1:1 path to route. Drupal 8 has done away with hook menus altogether, and we now have the ability to map one path to multiple routes.

A visual diagram of a basic routing setup.

When a request is made through your browser or mobile device, the routing is used to determine the active controller, and then you receive the appropriate response.

So why the change in Drupal 8? The hook menu was far too complex to fully comprehend what it was doing at any given point, and it was extremely challenging to perform advanced tasks using it.

Without delving into code specifics, in Drupal 8 we’re able to have a function inside a method, inside a class, rather than in one file (because everything in Drupal 8 exists in classes and methods). This means simpler routing while still maintaining functionality.

In Drupal 7, a hook menu would like something like this:

With Drupal 8, we have cleaner code and a simpler system with routing:

For those who were unable to attend, check out our slides below for more on the topic.

In addition to presenting, I also had the chance to work on some Drupal 8 issues in Forum One’s Coder Lounge. It was a valuable opportunity to mentor local developers, meet other Drupal enthusiasts, and even reconnect with some friends I’d met at last month’s Jersey Shore code sprint who made the trek to CapitalCamp to take part in our Drupal core sprints. As Drupal 8 inches closer to beta release, I’m proud to be part of a team that is actively contributing to the Drupal community.

In a previous article from over 5 years ago, we advocated the use of Apache MPM Worker Threaded Server with fcgid over Apache's mod_php. That was for serveral reasons, including faster handling of static files by Apache threaded server, and lower memory utilization since PHP is not embedded in every Apache process. However, there were some drawbacks, mainly that APC opcache cache is not shared, and each process has to have its own copy.

read more

In July, 2014, the Field Group module was updated from 7.x-1.1 to 7.x-1.1 on Stanford Sites. This update has the potential to cause issues with CSS, as certain types of markup were removed from the HTML output of the page.

Background

The Field Group module allows site builders to group fields together on the back-end edit form of entities (e.g., nodes, BEANs), and on the front-end display of those entities. The latter is what was affected.

Are you finding yourself searching for some new icons to use on your latest project? Drupalize.Me loves helping out the Drupal community, and people in general, so for this post I thought it would be fitting to provide you with a carefully designed free icon set.

Originally posted on Yellow Pencil's blog. Follow @kimbeaudin on Twitter

This post should give a quick example on how to write the code to create your own custom actions for Drupals' Rules module. Writing your own plugins for rules (events, conditions or actions) can give you enormous benefits later, when you start to reuse them throughout the site or even port them on other Drupal sites.

We will be creating an action, which will provide a hashed string. In order to create this string we need to pass some parameters to php's hash function like a source string, a list with possible algorithms to choose and an output length. These parameters will be configurable through Rules' backend. So let's dive in.

First you need to create a basic custom module in your Drupal installation. The one I have in my custom environment is called "my_module".

You don't need anything special in your "my_module.info" or "my_module.module" files, but there has to be a file called "my_module.rules.inc", which will hold the code for your rules' action. Create it and add following code to it:

<?php   /** * Implement hook_rules_action_info(). */ function my_module_rules_action_info() { return array( 'my_module_rules_action_create_hashed_string' => array( 'label' => t('Create hashed string'), 'group' => t('Custom'), 'parameter' => array( 'string' => array( 'type' => 'text', 'label' => t('String to be hashed'), 'description' => t('Enter a value for a string that will be hashed using the md5 hash-algorithm.'), ), 'length' => array( 'type' => 'integer', 'label' => t('The length of the returned string'), 'description' => t('Enter a number for the length of the hashed string that will be created.'), ), 'algorithm' => array( 'type' => 'text', 'label' => t('Algorithm'), 'description' => t('Select a hash algorithm.'), 'options list' => 'my_module_algorithm_options', 'restriction' => 'input', ), ), 'provides' => array( 'hashed_string' => array( 'type' => 'text', 'label' => t('Hashed string'), ), ), ), ); }   // A helper function to provide us with a list of algorithms function my_module_algorithm_options() { $bundles = array();   $bundles['md4'] = t('md4'); $bundles['md5'] = t('md5');   return $bundles; }   // This callback creates the hashed string by using the parameters provided through rules' UI function my_module_rules_action_create_hashed_string($string, $length, $algorithm) { if ($length <= 0) { // For anything below or equal zero lets return the default value. $string = hash('md5', $string); } else { $string = substr(hash($algorithm, $string), 0, $length); }   return array( 'hashed_string' => $string, ); }

Here we implement initially "hook_rules_action_info" and add our own action to it. Our action is an associative array keyed with the name of the callback that will return our value (in this case a hashed string). Inside it we give our action a label and put it in a group ("Custom"). The next part of this array is an associative array itself, keyed with "parameter". Inside it we describe our 3 parameters, which will be passed to the action callback. Note that the "algorithm" parameter has an entry with the key "options list" which points to a helper function ("my_module_algorithm_options") to keep the code more lean.

The last part of the array is another associative array keyed with "provides". This key tells Rules what the machine name of the provided variable is, among with giving it some additional data like type or label. You can use this provided variable in latter actions of your rule now!

The last part of the code is the action callback. Only thing to note here is that we return the whole string returned by the hash-function, when the value of $length is below or equal to 0.

Clear your cache in order for Drupal to register the code you added and the new action should appear now:

In order to see it's working I've added a "Show a message on the site"-action which shows the provided hashed string when we're looking at a node page:

That's it with this simple example! Please leave a comment if there is anything more that comes to mind. Thanks!

By dimitar on 05.08.2014

Share this: