Feed aggregator

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

Drupal News - June 21, 2017 - 2:44pm

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Download Drupal 8.3.4 Download Drupal 7.56

Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

  • Advisory ID: DRUPAL-SA-CORE-2017-003
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2017-June-21
  • Multiple vulnerabilities
Description PECL YAML parser unsafe object handling - Critical - Drupal 8 - CVE-2017-6920

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.

File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921

The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922

Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.

Versions affected
  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4
Solution

Install the latest version:

Also see the Drupal core project page.

Reported by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Fixed by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: Drupal 7.xDrupal 8.x
Categories: News

Flocon de toile | Freelance Drupal: Do I have to wait for Drupal 9 for my web project?

Drupal Planet - June 21, 2017 - 7:00am

In a previous post, we saw the Drupal 8's new policies for versioning, support and maintenance for its minor and major versions. This policy has evolved somewhat since the last DrupalCon Baltimore conference in April 2017. And this evolution of Drupal's strategy deserves a little attention because it can bring new light to those who hesitate to migrate their site on Drupal 8. Or those who are wondering about the relevance of launching their web project on Drupal 8.

Categories: Blogs

Dropsolid: Drupal 8 and React Native

Drupal Planet - June 21, 2017 - 6:57am
21 Jun Drupal 8 and React Native Niels A Drupal 8 Tech Drupal

One day you might wake up with the next big idea that will shake the world in the most ungentle way. You decide to build an app, because you’ll have full access to all features of the device that you want your solution to work on. But then it dawns on you: you will actually need to build multiple apps in completely different languages while finding a way for them to serve the same content...

Then you start to realise that you won’t be able to step into the shoes of the greats, because web technology is holding you back. Fortunately, Drupal 8 and React Native are here to save your day - and your dream!

In this blog post you'll read how you can leverage Drupal 8 to serve as the back-end for your React Native app. 

First, however, a quick definition of what these technologies are:

  • Drupal is an open source content management system based on PHP.
  • React Native is a framework to build native apps using JavaScript and React.

If you want to read more about Drupal 8 or React Native, you're invited to check the sources at the bottom of this article.
 

Why React Native?

There are a myriad of front-end technologies available to you these days. The most popular ones are Angular and React. Both technologies allow you to build apps, but there is a big difference in how the apps will be built.

The advantage of employing React Native is that it lets you build an app using JavaScript, while converting the JavaScript into native code. In contrast, Angular or Ionic allow you to create a hybrid app, which basically is a website that gets embedded in a web view. Although the benefit here is that you're able to access the native features of a device.

In this case, we prefer React Native, because we want to build iOS and Android applications that run natively.
 

Headless Drupal

One of the big buzzwords that's been doing the rounds in the Drupal community lately is 'Headless'. A headless Drupal is actually a Drupal application where the front-end is not served by Drupal, but by a different technology.

You still get the benefits of a top notch and extremely flexible content management system, but you also get the benefits of your chosen front-end technology.

In this example, you'll discover how to set up a native iOS and Android application that gets its data from a Drupal website. To access the information, users will have to log in to the app, which allows the app to serve content tailored to the preferences of the user. Crucial in the current individualized digital world.

 

So this already brings us to our first hurdle. Because we are using a native application, authenticating users through cookies or sessions is not possible. So we are going to show you how to prepare your React Native application and your Drupal site to accept authenticated requests.
 

The architecture

The architecture consists of a vanilla Drupal 8 version and a React Native project with Redux.

The implemented flow is as following:

  1. A user gets the login screen presented on the app.
  2. The user fills in his credentials in the form
  3. The app posts the credentials to the endpoint in Drupal
  4. Drupal validates the credentials and logs the user in
  5. Drupal responds with a token based on the current user
  6. The app stores the token for future use
  7. The app now uses the token for all other requests the app makes to the Drupal REST API.
     
Creating an endpoint in Drupal

First we had to choose our authentication method. In this example, we opted to authenticate using a JWT or JSON web token, because there already is a great contributed module available for it on Drupal.org (https://www.drupal.org/project/jwt).

This module provides an authentication service that you can use with the REST module that is now in Drupal 8 core. This authentication service will read the token that is passed in the headers of the request and will determine the current user from it. All subsequent functionality in Drupal will then use that user to determine if it has permission to access the requested resources. This authentication service works for all subsequent requests, but not for the original request to get the JWT.

The original endpoint the JWT module provides, already expects the user to be logged in before it can serve the token. You could use the ready available basic authentication service, but we preferred to build our own as an example.
 

Authentication with JSON post

Instead of passing along the username and password in the headers of the request like the basic authentication service expects, we will send the username and password in the body of our request formatted as JSON.

Our authentication class implements the AuthenticationProviderInterface and is announced in json_web_token.services.yml as follows:

services: authentication.json_web_token: class: Drupal\json_web_token\Authentication\Provider\JsonAuthenticationProvider arguments: ['@config.factory', '@user.auth', '@flood', '@entity.manager'] tags: - { name: authentication_provider, provider_id: 'json_authentication_provider', priority: 100 }

The interface states that we have to implement two methods, applies and authenticate:

public function applies(Request $request) { $content = json_decode($request->getContent()); return isset($content->username, $content->password) && !empty($content->username) && !empty($content->password); }

Here we define when the authenticator should be applied. So our requirement is that the JSON that is posted contains a username and password. In all other cases this authenticator can be skipped. Every authenticator service you define will always be called by Drupal. Therefore, it is very important that you define your conditions for applying the authentication service.

public function authenticate(Request $request) { $flood_config = $this->configFactory->get('user.flood'); $content = json_decode($request->getContent()); $username = $content->username; $password = $content->password; // Flood protection: this is very similar to the user login form code. // @see \Drupal\user\Form\UserLoginForm::validateAuthentication() // Do not allow any login from the current user's IP if the limit has been // reached. Default is 50 failed attempts allowed in one hour. This is // independent of the per-user limit to catch attempts from one IP to log // in to many different user accounts. We have a reasonably high limit // since there may be only one apparent IP for all users at an institution. if ($this->flood->isAllowed(json_authentication_provider.failed_login_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) { $accounts = $this->entityManager->getStorage('user') ->loadByProperties(array('name' => $username, 'status' => 1)); $account = reset($accounts); if ($account) { if ($flood_config->get('uid_only')) { // Register flood events based on the uid only, so they apply for any // IP address. This is the most secure option. $identifier = $account->id(); } else { // The default identifier is a combination of uid and IP address. This // is less secure but more resistant to denial-of-service attacks that // could lock out all users with public user names. $identifier = $account->id() . '-' . $request->getClientIP(); } // Don't allow login if the limit for this user has been reached. // Default is to allow 5 failed attempts every 6 hours. if ($this->flood->isAllowed('json_authentication_provider.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) { $uid = $this->userAuth->authenticate($username, $password); if ($uid) { $this->flood->clear('json_authentication_provider.failed_login_user', $identifier); return $this->entityManager->getStorage('user')->load($uid); } else { // Register a per-user failed login event. $this->flood->register('json_authentication_provider.failed_login_user', $flood_config->get('user_window'), $identifier); } } } } // Always register an IP-based failed login event. $this->flood->register('json_authentication_provider.failed_login_ip', $flood_config->get('ip_window')); return []; }

Here we mostly reimplemented the authentication functionality of the basic authorization service, with the difference that we read the data from a JSON format. This code logs the user into the Drupal application. All the extra code is flood protection.

Getting the JWT token

To get the JWT token we leveraged the REST module, and created a new rest resource plugin. We could have used the endpoint the module already provides, but we prefer to create all our endpoints with a version in it. We defined the plugin with the following annotation:

/** * Provides a resource to get a JWT token. * * @RestResource( * id = "token_rest_resource", * label = @Translation("Token rest resource"), * uri_paths = { * "canonical" = "/api/v1/token", * "https://www.drupal.org/link-relations/create" = "/api/v1/token" * } * ) */

The uri_paths are the most important part of this annotation. By setting both the canonical and the weird looking Drupal.org keys, we are able to set a fully custom path for our endpoint. That allows us to set the version of our API in the URI like this: /api/v1/token. This way we can easily roll out new versions of our API and clearly communicate about deprecating older versions.

Our class extends the ResourceBase class provided by the REST module. We only implemented a post method in our class, as we only want this endpoint to handle posts.

public function post() { if($this->currentUser->isAnonymous()){ $data['message'] = $this->t("Login failed. If you don't have an account register. If you forgot your credentials please reset your password."); }else{ $data['message'] = $this->t('Login succeeded'); $data['token'] = $this->generateToken(); } return new ResourceResponse($data); } /** * Generates a new JWT. */ protected function generateToken() { $token = new JsonWebToken(); $event = new JwtAuthIssuerEvent($token); $this->eventDispatcher->dispatch(JwtAuthIssuerEvents::GENERATE, $event); $jwt = $event->getToken(); return $this->transcoder->encode($jwt, array()); }

The generateToken method is a custom method where we leverage the JWT module to get us a token that we can return. 
 
We do not return a JSON object directly. We return a response in the form of an array. This is a very handy feature of the REST module, because you can choose the formats of your endpoint using the interface in Drupal. So you could easily return any other supported format like xml, JSON or hal_json. For this example, we chose hal_json. 

Drupal has some built-in security measures for non-safe methods. The only safe methods are HEAD, GET, OPTIONS and TRACE. We are implementing a non-safe method, so we have to take into account the following things:

  • When the app does a post it also needs to send a X-CSRF-Token in the header to avoid cross site request forgery. This token can be gotten from /session/token endpoint.
  • In case of a POST we also need to set the Content-type request header to “application/hal+json” on top of the query parameter “_format=hal_json”.
Putting things together

The only thing left is to enable our endpoint through the interface that the rest modules provides on /admin/config/services/rest.

As you can see, we’ve configured our token endpoint with our custom json_authentication_provider service and it is available in hal_json and json formats.

Calling the endpoint in our React Native application The login component

Our login component contain two input fields and a button.

this.setState({username})} placeholderTextColor="#FFF" style={styles.input} /> this.setState({password})} style={styles.input} /> this.login({ username: this.state.username, password: this.state.password })} > Get Started

When we click the login button we trigger the login action that is defined in our bindActions function.

function bindActions(dispatch) { return { login: (username, password) => dispatch(login(username, password)), }; }

The login action is defined in our auth.js:

import type { Action } from './types'; import axios from 'react-native-axios'; export const LOGIN = 'LOGIN'; export function login(username, password):Action { var jwt = ''; var endpoint = "https://example.com/api/v1/token?_format=hal_json"; return { type: LOGIN, payload: axios({ method: 'post', url: endpoint, data: { username: username, password: password, jwt: jwt, }, headers: { 'Content-Type':'application/hal+json', 'X-CSRF-Token':'V5GBdzli7IvPCuRjMqvlEC4CeSeXgufl4Jx3hngZYRw' } }) } }

In this example, we set the X-CSRF-token fixed to keep it simple. Normally you would get this first. We’ve also used the react-native-axios package to handle our post. This action will return a promise. If you use the promise and thunk middleware in your Redux Store you can set up your reducer in the following way.

import type { Action } from '../actions/types'; import { LOGIN_PENDING, LOGOUT} from '../actions/auth'; import { REHYDRATE } from 'redux-persist/constants'; export type State = { fetching: boolean, isLoggedIn: boolean, username:string, password:string, jwt: string, error: boolean, } const initialState = { fetching: false, username: '', password: '', error: null, } export default function (state:State = initialState, action:Action): State { switch (action.type) { case "LOGIN_PENDING": return {...state, fetching: true} case "LOGIN_REJECTED": return {...state, fetching: false, error: action.payload} case "LOGIN_FULFILLED": return {...state, fetching: false, isLoggedIn: true, jwt:action.payload.data.token} case "REHYDRATE": var incoming = action.payload.myReducer if (incoming) return {...state, ...incoming, specialKey: processSpecial(incoming.specialKey)} return state default: return state; } }

The reducer will be able to act on the different action types of the promise:

  • LOGIN_PENDING: Allows you to change the state of your component so you could implement a loader while it is trying to get the token.
  • LOGIN_REJECTED: When the attempt fails you could give a notification why it failed.
  • LOGIN_FULFILLED: When the attempt succeeds you have the token and set the state to logged in.

So once we had implemented all of this, we had an iOS and Android app that actually used a Drupal 8 site as it main content store.

Following this example, you should be all set up to deliver tailored content to your users on whichever platform they may be.

The purpose of this article was to demonstrate how effective Drupal 8 can be as a source for your upcoming iOS or Android application.
 

Useful resources:

 

More articles by our Dropsolid Technical Leads, strategist and marketeers? Check them out here.

Categories: Blogs

Elevated Third: Recorded Webinar: A Decoupled Drupal Story

Drupal Planet - June 20, 2017 - 4:30pm
Recorded Webinar: A Decoupled Drupal Story Recorded Webinar: A Decoupled Drupal Story Tue, 06/20/2017 - 13:30

We teamed up with Acquia to present “A Decoupled Drupal Story: Powdr Gives Developers Ultimate Flexibility To Build Best CX Possible.” The webinar aired in June but you can view the recording here anytime.

As the internet and web-connected devices continue to evolve, so do the needs to develop and render content. Given today’s rate of change, organizations are using decoupled architecture to build applications - giving them flexibility to accommodate any device or experience.

In this session, we’ll cover Powdr, a ski resort holding company. To give its developers the freedom to use the right front-end tools needed for any given use case, Powdr built its 17 ski resort websites on one decoupled Drupal platform. Join Elevated Third, Hoorooh Digital and Acquia to learn:

  • How a custom Drupal 8 solution cut implementation time in half vs Drupal 7

  • The ease in which Drupal 8’s internal REST API can be extended to fit a client's needs

  • The details of handling non-Drupal application routing on Acquia's servers

 

If you are considering a decoupled Drupal implementation, let’s talk.

Categories: Blogs

David Lohmeyer's Blog: Clean up database pollution from the migrate Drupal module

Drupal Planet - June 20, 2017 - 4:29pm

I'm working on a large, complex migration from Drupal 7 to Drupal 8 right now. One thing I noticed is that the migrate modules pollute the database with an unreal number of tables which allow migrations to be re-run, etc. Well if you don't need that, here's how to remove these tables. Currently the migrate modules don't clean up after themselves. Put this in a custom module or PHP script that has bootstrapped Drupal. Note this code only works in Drupal 8. Shown is a .install file for a custom module. If you uninstall the custom module, it will run the cleanup:

Categories: Blogs

Elevated Third: Elevated Third Ranks No. 1 Among Denver’s Best Places to Work

Drupal Planet - June 20, 2017 - 1:20pm
Elevated Third Ranks No. 1 Among Denver’s Best Places to Work Elevated Third Ranks No. 1 Among Denver’s Best Places to Work Nate Gengler Tue, 06/20/2017 - 10:20

The Denver Business Journal’s annual “Best Places to Work” awards wrapped up with Elevated Third landing the top spot in the “Workplace Wellness” category for small companies. The category recognizes Denver employers with an outstanding commitment to employee well-being.

 As a business practice, committing to employee wellness means that everyone is operating at their highest capacity. When our minds are fresh to focus on the task at hand, we can crank out the best work possible.

 Striking the ideal work-life balance is central to our culture. Where some agencies expect employees to work nights and weekends at the drop of a hat, we are committed to respecting employees’ time beyond the office and staying true to a 40 hour work week.

 We believe that when employees feel valued beyond the output of their work, the workplace is a more positive and productive environment.

Outside of the office, the Elevated Third team is covered with 3 weeks of Paid Time Off, a subsidized gym membership, a $1,500 Health Reimbursement Account (HRA), and an RTD ecopass. 

In the office, we are surrounded by a work environment that stimulates creativity and keeps spirits high. Office dogs can be found roaming the hallways, the kitchen is stocked with goodies of a (mostly) healthy variety, and our location on the top floor of the Denver Masonic Building provides plenty of sunlight and the occasional summer breeze.

We are incredibly proud to be recognized among Denver’s best places to work. Joining our fellow recipients, we believe this commitment to workplace wellness makes Denver a better place to live, work, and do business.

 

Interested in joining the team? Have a look at our open positions

Categories: Blogs

Valuebound: How to hide Order ID from commerce checkout process in Drupal 8

Drupal Planet - June 20, 2017 - 12:51pm

In Drupal, many a time we come across a situation where we want to hide certain URL part from end users.

To achieve this we often use Drupal modules like Pathauto to hide node IDs, taxonomy IDs from URL and replacing them with some patterns (eg. Titles).

The above scenario can not be achieved for Drupal commerce checkout flow(URLs) as the Drupal modules like PathAuto do not support this. To achieve this in Drupal 7 we often used one of the following ways mentioned below:

  • Commerce Checkout Paths Module.

  • Combination of…

Categories: Blogs

I Fix Drupal: After Reverting a Feature Module Profile2 Field Values Are Deleted

Drupal Planet - June 20, 2017 - 12:12pm
I recently gave an outline of this problem over in the Drupal community here:https://www.drupal.org/node/1316874#comment-12136170 But I thought it would be interesting to make a more technical post on the subject, so here it is.
Categories: Blogs

DataSmith: Setting up BLT with Reservoir

Drupal Planet - June 20, 2017 - 12:09pm
Setting up BLT with Reservoir

Yesterday, Acquia open sourced Reservoir, a new distribution designed for building headless Drupal instances.  The Reservoir team provided a composer project command for setting up a Reservoir instance easily, but it doesn't bundle a VM.  Fortunately, making BLT work with Reservoir isn't difficult.  There are, though, a few steps to be aware of.

To get started, run the composer project to build a new BLT instance.

composer create-project --no-interaction acquia/blt-project MY_PROJECT

Once that completes, you need to add reservoir and (optionally) remove the lightning distro

composer require acquia/reservoir

composer remove acquia/lightning

Next, update the blt/project.yml file.  The key changes you'll want to make here (beyond setting a new project prefix, etc) are a) changing the distro from ligthning to reservoir and b) removing views_ui from the modules:enable list for local environments.*  An excerpt of my git diff for this file looks like...

profile:
-    name: lightning
+    name: reservoir
local:
-    enable: [dblog, devel, seckit, views_ui]
+    enable: [dblog, devel, seckit]

Once that's done, continue with the BLT setup process from Step 4 (assuming you want to use Drupal VM. Step 5 otherwise).

 

* If you don't remove views_ui, the world won't explode or anything, but when you run blt setup you'll get errors reported like the ones below:

blt > setup:toggle-modules:
    [drush] dblog is already enabled.                                                   [ok]
    [drush] The following extensions will be enabled: devel, seckit, views_ui, views
    [drush] Do you really want to continue? (y/n): y
    [drush] Argument 1 passed to                                                     [error]
    [drush] Drupal\Core\Config\Entity\ConfigEntityBase::calculatePluginDependencies()
    [drush] must implement interface
    [drush] Drupal\Component\Plugin\PluginInspectionInterface, null given, called
    [drush] in /var/www/mrpink/docroot/core/modules/views/src/Entity/View.php on
    [drush] line 281 and defined PluginDependencyTrait.php:29
    [drush] E_RECOVERABLE_ERROR encountered; aborting. To ignore recoverable         [error]
    [drush] errors, run again with --no-halt-on-error
    [drush] Drush command terminated abnormally due to an unrecoverable error.       [error]
[phingcall] /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:370:8: /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:374:12: /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:377:69: Drush exited with code 255
[phingcall] /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:350:45: Execution of the target buildfile failed. Aborting.

BUILD FAILED/Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/local-sync.xml:12:30: Execution of the target buildfile failed. Aborting.
; 2 minutes  37.24 seconds

 

Barrett Tue, 06/20/2017 - 10:09 Tags Add new comment
Categories: Blogs

Growing community in Moldova

Drupal News - June 20, 2017 - 12:03pm

This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.

Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.

Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.

Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:

  • to gather the community around Drupal and Open Source technologies;

  • to train students and professionals who want to learn and work with Drupal;

  • to organise events to keep the community engaged and motivated to improve, learn, and share experience;

  • to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;

  • to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;  

  • to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.

Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).

Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:

  • Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1):  Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;

  • Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;

  • Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.

  • Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.

  • Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and  soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;

  • Moldova Open Source Conference: March 2018. It is a regional conference for over 200 participants that aims to gather all the Open Source Communities (Wordpress, Laravel, Ruby on Rails, JavaScript, etc.) under one roof, where they will attend sessions that enhance the expertise of existing experts in various Open Source technologies and allow them to mix their technologies into new ideas.

The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.

We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.

We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at info@drupalmoldova.org.

Categories: News

Drupal Association blog: Growing community in Moldova

Drupal Planet - June 20, 2017 - 12:03pm

This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.

Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.

Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.

Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:

  • to gather the community around Drupal and Open Source technologies;

  • to train students and professionals who want to learn and work with Drupal;

  • to organise events to keep the community engaged and motivated to improve, learn, and share experience;

  • to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;

  • to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;  

  • to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.

Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).

Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:

  • Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1):  Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;

  • Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;

  • Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.

  • Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.

  • Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and  soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;

  • Moldova Open Source Conference: March 2018. It is a regional conference for over 200 participants that aims to gather all the Open Source Communities (Wordpress, Laravel, Ruby on Rails, JavaScript, etc.) under one roof, where they will attend sessions that enhance the expertise of existing experts in various Open Source technologies and allow them to mix their technologies into new ideas.

The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.

We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.

We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at info@drupalmoldova.org.

Categories: Blogs

Acquia Developer Center Blog: Percona Live 2017 Blog Post: ProxySQL as a Failover Option for Drupal

Drupal Planet - June 20, 2017 - 11:41am

One of the more interesting products to hit the spotlight at this year's Percona Live Open Source Database conference was ProxySQL.

This open source MySQL proxy server has been around for a couple of years now and keeps adding more features. The current release (1.3.6) has the usual features that you would expect from a proxy server, like load balancing and failover support, but ProxySQL also has database specific features like a query cache and query routing.

Tags: acquia drupal planet
Categories: Blogs

Amazee Labs: Submit your Site Building Session to DrupalCon Vienna

Drupal Planet - June 20, 2017 - 9:19am
Submit your Site Building Session to DrupalCon Vienna

DrupalCon Vienna will be taking place end of September this year. The site building track is about letting Drupal do the hard work without needing to write code. By assembling the right modules and configurations we can create rich and complex features, without worrying about reinventing the wheel and write complex logic and code.

Josef Dabernig Tue, 06/20/2017 - 14:19

Sounds great, right? As excited as I am for helping to put together the program for the site building track, I would like to share a few session ideas, which might be worth submitting. If you have never submitted a session for DrupalCon, this might be a good opportunity to give it a try:  

Showcases will let others learn from how you built your last exciting Drupal 8 project. Talking points can include which approaches you took, lessons you learnt from working on the project, and what fellow site builders should know when tackling similar problems.

Module presentations are a great way to explain and highlight best practice solutions. How do you choose from the various competing site building tools available to address problems like layout management, workflows or content modelling? Are the same solutions from Drupal 7 still valid, or what are the latest experiences you've had whilst building Drupal 8 sites and how could this be further developed and enhanced in the future?

Process descriptions are welcome to help us figure out how site building can best fill the gap between end users, content editors, developers, UX designers and anyone else involved in Drupal web projects. How do you involve your customers and explain site building to them? What does a developer need from a site builder and where do those practices blend? 

Outside perspectives are also welcomed to learn how problems can be solved the site builder’s way in related web technologies.

Together with Hernâni Borges de Freitas and Dustin Boeger, we are looking forward to reviewing your exciting and interesting applications. If you aren’t sure what to present, feel free to get in touch via the contact form on my Drupal.org profile or Twitter.

Thanks for submitting your session by June 28, 23:59 CEST.

Categories: Blogs

ComputerMinds.co.uk: Help Drupal help your configuration

Drupal Planet - June 20, 2017 - 9:00am

Define a schema for any bespoke configuration, it's not too hard. It's needed to make it translatable, but Drupal 8 will also validate your config against it so it's still handy on non-translatable sites. As a schema ensures your configuration is valid, your code, or Drupal itself, can trip up without one. Set up a schema and you avoid those problems, and get robust validation for free. Hopefully my example YAML shows how it can be quite simple to do.

Categories: Blogs

Cheppers blog: On Being Human at DrupalCon Vienna - Call for Papers closes in a week

Drupal Planet - June 20, 2017 - 8:09am

Around two years ago, when the launch of Drupal 8 was just around the corner and the main topic of concern was the status of the issue queue, the Drupal community slowly started murmuring about a topic outside of technical solutions and patches. As a result, a brand new DrupalCon track was introduced - Being Human. Our COO, Zsófi is the Being Human local track chair at DrupalCon Vienna - this is her Call for Papers.

Categories: Blogs

Appnovation Technologies: PHP Speakers Wanted For DrupalCon Vienna 2017

Drupal Planet - June 20, 2017 - 7:43am
PHP Speakers Wanted For DrupalCon Vienna 2017 On 28th June (23:59 Vienna local time (GMT +2)) session submissions will close for DrupalCon Vienna 2017 and we're looking for more great speakers. After volunteering on the Core Conversation track team last year, I am now helping the PHP track team find and select sessions for this year's European conference. As PHP the foundation for...
Categories: Blogs

Agiledrop.com Blog: AGILEDROP: DrupalCon sessions about DevOps

Drupal Planet - June 20, 2017 - 5:55am
Last time, we gathered together DrupalCon Baltimore sessions about Front End. Before that, we explored the area of Site Building, Drupal Showcase, Coding and Development, Project Management and Case Studies. And that was not our last stop. This time, we looked at sessions that were presented in the area of DevOps. 100% Observability by Jason Yee from Datadog In this session, the author broke down the expansive monitoring landscape into 5 categories and provided a framework to help users ensure full coverage. He also touched why these categories are important to users business and shared the… READ MORE
Categories: Blogs

Commerce Guys: Drupal Commerce integration with Square payments released

Drupal Planet - June 19, 2017 - 4:41pm

Square's pitch is pretty straightforward: accept payments anywhere, no coding required. They nailed this first through their simple phone based card readers and their slick in-store tablet interface. They also made it easy to process all major credit cards, guaranteeing deposits as soon as the next business day.

They're now rolling out their same great support for merchants online with the steady release of open APIs for eCommerce applications. With our recently released Commerce Square module for Drupal 7 and Drupal 8, you can now pitch Drupal Commerce to existing Square customers in your area.

Thus far we integrate their payment APIs for full checkout and administrative support in Commerce 1.x and 2.x. We're working with Square to integrate new APIs as they become available in pursuit of our vision to enable the turnkey creation of online stores for Square merchants using Drupal Commerce.

Among the module's primary benefits, especially when used in conjunction with Square for retail sales, are:

  • You can sell online, and in person, with all of your sales in one place. Integrating your physical and online retail operations will ultimately simplify the management of your business.
  • Accept all major cards, (including Apple Pay and Android Pay in-store) and pay one simple rate per tap, dip, or swipe. (Note: Square also offers custom rates for qualifying stores processing over $250k annually.)
  • Integration is simple and seamless for Drupal Commerce on both Drupal 7 and Drupal 8. (Look for new features to come into the D8 branch first and be backported, as additional contributed modules may be required to make up for core features that were added in Commerce 2.x.)

Square’s eCommerce API is on the bleeding edge of integration technology, making PCI compliance easy; customer credit card information never touches your website, so you don’t need to worry or complete a single checklist. Each component of the payment method form is an embedded iframe hosted on Square's server and returns a payment token identifier used to capture payment. We actually designed the Commerce 2.x checkout form to treat these types of payment methods as first class citizens, so expect the integration to just work.

Sign up for Square and get free processing on your first $5,000 in sales.

As part of our module launch effort, Square has teamed up with us to offer free processing on your first $5,000 in sales. If you or one of your customers are interested in learning more, review the offer details here and hit us up in the issue queue if you run into any problems!

Categories: Blogs

Acquia Developer Center Blog: Introducing Reservoir, a Distribution for Decoupling Drupal

Drupal Planet - June 19, 2017 - 2:51pm

Reservoir is an experimental Drupal distribution that is an exceptional starting point for any decoupled Drupal implementation. It is also designed to on-board developers of all backgrounds: a decoupled Drupal distribution and optimal back end for every developer.

Tags: acquia drupal planet
Categories: Blogs

Drupal core announcements: Drupal core security release window on Wednesday, June 21, 2017

Drupal Planet - June 19, 2017 - 1:32am
Start:  2017-06-21 12:00 America/New_York Organizers:  xjm Event type:  Online meeting (eg. IRC meeting)

The monthly security release window for Drupal 8 and 7 core will take place on Wednesday, June 21.

This does not mean that a Drupal core security release will necessarily take place on that date for any of the Drupal 8 or 7 branches, only that you should watch for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix or stable feature release on this date. The next window for a Drupal core patch (bug fix) release for all branches is Wednesday, July 05. The next scheduled minor (feature) release for Drupal 8 will be on Wednesday, October 5.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Blogs

Pages