Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

Posted by Security advisories - 3 hours 7 min ago
Project:?Drupal coreDate:?2019-March-20Security risk:?Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability:?Cross Site ScriptingDescription:?

Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Solution:?

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Read more

Useful modules to fix duplicate content in Drupal

Posted by Drudesk - 3 hours 52 min ago
Modules to fix duplicate content in Drupal

From a quarter to almost one-third of content in the World Wide Web repeats itself. According to Google's head of search spam, Matt Cutts, around 25-30% of web content is duplicate. Your website is also likely to have duplicate content, even if it follows web content writing rules. In this post, we will touch upon the reasons and risks of duplication, as well as review useful modules that fix duplicate content in Drupal.

Axelerant People Report: February 2019

Posted by Axelerant Blog - 8 hours 59 min ago
Peoples-Report-Feb-19 The highlight of the month: our annual retreat.

Between February 21-24, Team Axelerant traveled to beautiful Goa, India from their homes all over the world to attend our annual retreat. We had almost 60 of us there on the beach.

What to expect in Drupal 8.7: looking at its fresh alpha release

Posted by wishdesk.com - 19 Mar 2019 at 13:46 UTC

Drupal 8.6 became one of the most interesting releases in Drupal 8’s history. It brought us the oEmbed feature, the Media Library, the Workspaces module, and more. But it’s time to move forward, and in May 2019 we expect Drupal 8.7. Its “alpha” version has just been released. Although an alpha version is not a final one, we will gladly take a look at it and discuss what to expect in Drupal 8.7.

Drupal 8.7: the alpha version

Drupal 8.7.0-alpha1 has come out on March 14, 2019. Alpha versions are far from being ready for production sites. They are just preliminary releases that allow developers to do a good testing, receive feedback, make final preparations, and fix bugs.

The Story of Agiledrop: A Company Culture That Benefits Both Employees and Clients

Posted by Agiledrop.com Blog - 19 Mar 2019 at 09:56 UTC
Thumbnail

We've started a series of blog posts that tell the story of what makes our developers successful when working with other Drupal teams. The fourth and final chapter ties things together by presenting our company culture which strikes the perfect balance between the needs and wants of both our employees and our clients.

READ MORE

The Axelerant Retreat 2019 in Pictures

Posted by Axelerant Blog - 19 Mar 2019 at 08:50 UTC
Retreat-2019-Featured
Team Axelerant went to beautiful Goa, India for a few days this February for our annual company retreat. It was a fantastic gathering, full of warmth, energy and incredible vibes.

“More Like a Drupal Community Celebration than a Tech Industry Trade Show”

Posted by Promet Source - 18 Mar 2019 at 22:24 UTC
In preparation for his fourth DrupalCon, Chris O’Donnell, Digital Strategist, for Promet Source shared his views on the vibe of this annual conference, as well as Drupal’s current standing within the ecosystem of enterprise-level CMS platforms. ? ? What are you looking forward to at Drupalcon this year?

Webform module now supports importing submissions

Posted by Jacob Rockowitz - 18 Mar 2019 at 17:18 UTC

Problem

The answer is Drupal's Migrate API, which is incredibly powerful but can feel overwhelming. When I migrated MSKCC.org from Drupal 6 to Drupal 8, the Migrate API was just being introduced into Drupal 8 core, and I felt more comfortable writing a custom migration script instead of using code that was still under development. Migrate API is now stable and if you are an experienced Drupal developer, you should use it.

The level of expertise required to build and maintain a Drupal 8 website has changed from Drupal 7, mainly because we are creating more ambitious digital experiences. The Drupal community struggles to simplify our flexible and sometimes complex product. My approach is to make the Webform module as flexible and robust as possible, while not forgetting that people need a simple way to start building a form. This is exactly why I include an introduction video on the Webform module's main page. Besides making the Webform module an awesome tool for experienced Drupal site builders, the Webform module needs to be welcoming to new users and make it easy for them to move their existing forms to Drupal.

Either an organization is starting from scratch and building a new Drupal site, or more commonly an organization has decided they need to provide a more ambitious digital experience and they have chosen to switch to Drupal. In both situations, we need to make it easy for someone to switch from other form builders to Webform.

The problem that needs to be addressed is…

Read more

Migration FranceTVSport.fr to Drupal 8 and Symfony 4

Posted by Frederic Marand - 18 Mar 2019 at 13:03 UTC
Migration FranceTVSport.fr to Drupal 8 and Symfony 4 Submitted by Frederic Marand on Mon, 2019-03-18 14:03

The opening talk as DrupalCamp Paris 2019 was a presentation given by Thomas Jolliet (FranceTV) and yours truly about how we rebuilt FranceTV Sport to a Symfony 4 / headless Drupal 8 combo.

The most salient points of the talk are probably the "defense in depth" mechanisms we built for scalability and fault tolerance, and the business results, like -85% full page load time or +50 iOS users.

AEM vs. Drupal (AEM Wins in Only 3 Cases)

Posted by Third & Grove - 18 Mar 2019 at 10:00 UTC
AEM vs. Drupal (AEM Wins in Only 3 Cases) justin Mon, 03/18/2019 - 06:00

DrupalEasy Podcast 216 - Ryan Price

Posted by DrupalEasy - 17 Mar 2019 at 02:34 UTC

Direct .mp3 file download.

Ryan Price, Principal Engineer, Drupal and Web with Autodesk joins Mike Anello to discuss the hurdles involved with implementing a continuous integration system, OpenDevShop, improving hook_help(), a Drupal 8 Feeds-like module, and DrupalCon Seattle!

Read more

Controlling multiple sites with Drush 9

Posted by Joachim's blog - 16 Mar 2019 at 20:44 UTC

Drush 9 has removed dynamic site aliases. Site aliases are hardcoded in YAML files rather than declared in PHP. Sadly, that means that many tricks you could do with the declaration of the site aliases are no longer available.

The only grouping possible is based on the YAML filename. So for example, with the Acquia Cloud Site Factory site aliases generated by the 'blt recipes:aliases:init:acquia' command, you can run a command on the same site across different environments.

But what you can't do is run a command on all the sites in one environment.

One use case for this is checking whether a module is enabled on any sites, so you know that it's safe to remove it from the codebase.

Currently, this is quite a laborious process, as 'drush pm-list' needs to be run for each site.

With environment aliases, this would be a one liner:

drush @hypothetical-env-alias pm-list | ag some_module

('ag' is the very useful silver searcher unix command, which is almost the same as the also excellent 'ack' but faster, and both are much better than grep.)

While site aliases are fixed, they can be altered with Drush hooks. I considered that these might allow something to dynamically declare aliases, or a command option. There's an example of altering aliases with a hook in the Drush code.

In the meantime, a much simpler solution is to use xargs, which I have recently found is extremely useful in all sorts of situations. Because this allows you to run one command multiple times with a set of parameters, all you need to do is pass it a list of site aliases. Fortunately, the 'drush sa' command has lots of formatting options, and one of them gives us just what we need, a list of aliases with one on each line:

Read more

How to Build a Social Network with Drupal: The 5 Essential Modules You Will Need

Posted by OPTASY - 16 Mar 2019 at 09:24 UTC
How to Build a Social Network with Drupal: The 5 Essential Modules You Will Need  The 5 Essential Modules You'll Need radu.simileanu Sat, 03/16/2019 - 09:24

Planning to build a social network with Drupal? A business community maybe? A team or department collaborating on an intranet or portal? Or a network grouping multiple registered users that should be able to create and edit their own content and share their knowledge? What are those key Drupal 8 modules that would help you get started?

That would help you lay the groundwork...

And there are lots of social networking apps in Drupal core and powerful third-party modules that you could leverage, but first?you need to set up your essential kit.

To give you a hand with that, we've selected:

How Open Source Licensing Works

Posted by Palantir - 15 Mar 2019 at 19:58 UTC
How Open Source Licensing Works brandt Fri, 03/15/2019 - 14:58 Nelson Harris Mar 18, 2019

Some of the most common questions our clients ask about procuring open source software.

The business world is competitive by nature. An organization’s intellectual property and the custom software that costs valuable time and money to develop is an incredibly prized possession - one that’s important to protect. That’s why the idea of procuring an open source solution (free software that can be used by anyone) can be such a foreign and challenging concept for many in the business world.

In this article, we’ll walk through some of the most common questions that clients have about procuring open source software, so that you’ll understand how this software is licensed, what you can and can't do with it, and hopefully help you make an informed decision about procuring and extending open source software services.

How does open source licensing work, exactly?

Open source software turns the traditional software licensing model on its head by allowing users to modify and freely redistribute software. Open source is defined by criteria intended to promote and protect software freedom, and support the communities which contribute to the success of open source projects.

Read more

DrupalCorn Camp 2018

Posted by Palantir - 15 Mar 2019 at 19:23 UTC
DrupalCorn Camp 2018 September 27 - 30, 2018 brandt Fri, 03/15/2019 - 14:23 Center for Higher Education, Des Moines, Iowa DrupalCorn Camp (official site) Keynote: Learning @ Work

Join Palantir's CEO, Tiffany Farriss, for the keynote at this year's DrupalCorn Camp.?With tech still struggling to achieve its diversity and inclusion goals and average job tenure down to less than 3 years, we need to transform how we think about our organizational cultures.

How do we create environments that succeed because of the teams, but where that success is not dependent on any one person? How do we align the company and individual interests so that everyone benefits from however much time that they work together? This presentation explores the role that culture and learning have for organizations and individuals as they work to answering those questions.

  • Date: Friday, September 28, 2018
  • Time: 9:00am
  • Location: Gym - lecture room 2nd floor

Update: Recording of this session is now available on Drupal.tv

Sat, 09/15/2018 - 12:00

Florida DrupalCamp 2019

Posted by Palantir - 15 Mar 2019 at 19:10 UTC
Florida DrupalCamp 2019 February 15 - 17, 2019 brandt Fri, 03/15/2019 - 14:10 Florida Technical College, Orlando, Florida Florida DrupalCamp (official site) Federated Search with Drupal, Solr, and React

With the announcement that the Google Search Appliance was End of Life, many universities started looking around for replacement options. At Palantir, we wanted to provide an open source option that could solve the following needs:

  • A simple way to store, retrieve, and parse content.
  • A cross-platform search application.
  • A speedy, usable, responsive front-end.
  • A flexible, extensible, reusable model.
  • A drop-in replacement for deprecated Google Products

Working with the University of Michigan, we architected and developed a solution. Join Ken Rickard to learn more about Federated Search and to see a live demo.

  • Date: Saturday, February 16
  • Time: 11:00am to 11:45am
  • Location: Room 179?

Update: Video of this session is now available on Drupal.tv

Sun, 02/10/2019 - 12:00

Migration Memory Management with Batching and Limits

Posted by Chromatic - 15 Mar 2019 at 17:47 UTC

Migrations are fraught with unexpected discoveries and issues. Fighting memory issues with particularly long or processing heavy migrations should not be another obstacle to overcome.

Good Form: 6 Tips for a Smooth Sign-up Process

Posted by Mediacurrent - 15 Mar 2019 at 17:41 UTC

A lot of effort goes into engaging your visitors to ‘Sign-up’ or ‘Contact’ you. You send them a warm and fuzzy invitation to complete the form, tell them all the great reasons why they should complete the form… but who likes to complete a form? ?Guarantee a smooth sign-up process and increase the completion rate of your webforms with these six tips.?

#1 Make it Flow

Before you begin designing that web form, it is always good to create a User Flowchart. Working to establish the form completion process from start to finish, a flowchart will help you:?

  • Determine what information is needed (and when)
  • Decide what actions and interactions are appropriate
  • Determine the order of actions
  • Make considerations for new patterns to aid the completion process
    ?

A User Flowchart can begin with a simple Flow Outline, which can then be placed in a flowchart diagram and later illustrated using low fidelity paper prototypes to find the most natural set of actions. When creating the outline consider the following:

The Business Objective

  • What is the main objective of the website for achieving successful completion of the form? (ie, we want to gather as many email addresses as possible.)
  • What is the required information needed from the person completing the form? (ie, we need their name and email, and since our site is only for adults we also need their birth date.)

The User Persona

  • Take advantage of the information gained from the User Personas to focus on the user’s various needs and considerations. What problem do they want to solve and how can this form help them?

Read more

Tips on How to Unravel an Unhealthy Client Relationship Knot

Posted by OpenSense Labs - 15 Mar 2019 at 11:59 UTC
Tips on How to Unravel an Unhealthy Client Relationship Knot Vasundhra Fri, 03/15/2019 - 17:29

Adam stood in the middle of the garden, enveloped in exquisite beauty. The world was there to delight him, succulent fruit, dignified trees, green meadows, sprinkling pool and species of all kinds. Yet he stood contemplating the nature, he felt certain loneliness and thus the Lord said?

It is not good that man is alone. I shall make him a compatible helper.

With the creation of other species, both male and female sprang up the same time. If the beginning of the entire universe was chosen to be this way, how can business be any good without clients and a strong relationship with them, Right??

 Image of two hands where the upper one is offering an apple to the lower one


The productivity and enduring relationship not only provides value to clients that are consistent but also constructs a healthy connection in every business venture.?

Though there are times when you get stuck in a rut with clients and the relationship starts to rot.?

So, how do you change it??

Read more

In Search of Elephants

Posted by Drupal Association blog - 15 Mar 2019 at 10:28 UTC

As Community Liaison, I find it important to liaise face-to-face whenever I can, and an opportunity presented itself to visit a community I have not been able to spend time with until now; that in India.

This was going to not only be the first time I’ve worked with the community in India but also my first time in India. I couldn’t help but wonder, “Will I see any elephants?”

Think Indian!

I found myself sat on a motorbike at the side of a road in Goa, India and about to plunge into the traffic for the first time. At home, I’m an experienced motorcyclist but here, everything is different. I have to learn fast…

Waiting for a gap in the stream of vehicles that will never come, I shout at myself, “Come on Rachel, think Indian!” I just need to adjust how I think and accept that the traffic conditions here are not better or worse, just different, and to “go with the flow”. I take the plunge and catch up with Surabhi Gokte and Manjit Singh (the extremely generous community member who loaned me his beautiful Royal Enfield, pictured here) on their scooter and we disappear into the night.

Manjit's beautiful Royal Enfield Classic 350
Manjit's beautiful Royal Enfield Classic 350 - quite a change from my own BMW...

I learned a lot about India riding Manjit’s motorbike over the next couple of days (yes, sorry Manjit - I may have added another 250Km to the clock!) and at the marvellous Drupal Camp Goa that I had flown out to join.

Read more

Pages

Subscribe with RSS Subscribe to Drupal.org aggregator - Planet Drupal