Drupal Planet

Subscribe to Drupal Planet feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 2 hours 28 min ago

Lullabot: Modernizing JavaScript in Drupal 8

May 18, 2017 - 7:00pm
Mike and Matt host two of Drupal's JavaScript maintainers, Théodore Biadala and Matthew Grill, as well as Lullabot's resident JavaScript expert Sally Young, and talk about the history of JavaScript in Drupal, and attempts to modernize it.
Categories: Blogs

Third & Grove: Using the Batch API and hook_update_N in Drupal 8

May 18, 2017 - 6:07pm
Using the Batch API and hook_update_N in Drupal 8 ed Thu, 05/18/2017 - 17:07
Categories: Blogs

agoradesign: How Drupal Commerce 2.x improved my skills

May 18, 2017 - 5:59pm
Being one of the first early adopters of Drupal Commerce 2.x by starting our first project in early 2016 (on alpha2 version) and soon after a second one, I originally planned to write a blog post soon after beta1 gets published. Unfortunately I was too busy at that time....
Categories: Blogs

Blair Wadman: End of life of Mollom. What can you use instead?

May 18, 2017 - 12:57pm

Acquia has announced that they will be ending the life of Mollom. As of April 2018, they will no longer support the product.

You have over a year to find a replacement. I am currently using Mollom and planning on changing mine now. Chances are, if I don't, I'll forget to change it closer to the time!

Categories: Blogs

Promet Source: Supporting Global Accessibility Awareness Day

May 18, 2017 - 9:43am
Thursday, May 18 2017 marks the sixth annual Global Accessibility Awareness Day (GAAD). The purpose of GAAD is to get everyone talking, thinking and learning about digital (web, software, mobile, etc.) access/inclusion and people with different disabilities. Promet Source is proud to support GAAD as we help our clients achieve equal access for all across their digital properties.
Categories: Blogs

Agiledrop.com Blog: AGILEDROP: DrupalCon sessions about Project Management

May 18, 2017 - 5:04am
Last time, we gathered together DrupalCon Baltimore sessions about Case Studies. We promised that we will also look in some other areas. Therefore, we will this time explore the sessions from Project Management. Project Managers ARE the new Content Strategists by Lynn Winter from August Ash The session is about Project Managers being a content strategist. They become so because nobody has money to pay for a content strategist. Therefore, a session walks you through the discovery, design, and build phases of a website redesign sharing tips, tools, and examples of steps you can take to… READ MORE
Categories: Blogs

Kalamuna Blog: Lessons from Our Drupal 8 Blog Migration

May 17, 2017 - 6:29pm
Lessons from Our Drupal 8 Blog Migration Shannon O'Malley Wed, 05/17/2017 - 14:29

Late last year, we upgraded our blog from Drupal 7 to Drupal 8. Our main objective was to invest in our skills within Kalamuna so we could, in turn, better serve our clients. We have a lot of Drupal 8 migrations lined up over the course of the next year or so, and we foresee many more coming down the pipeline. This gave us a chance to learn the ins and outs of Drupal 8, with the added value of sprucing up our very own blog. This post is a summary of takeaways from our experience that I hope will help you on your own Drupal 8 adventures.

Categories Articles Drupal Git Guidance Information Architecture Responsive Design
Categories: Blogs

myDropWizard.com: Drupal 6 security update for Legal

May 17, 2017 - 11:29am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for an Access Bypass vulnerability the Legal module.

The Legal module displays your Terms & Conditions to users who want to register, and requires that they accept the T&C before their registration is accepted.

It had a bug where a specially crafted URL could allow anyone to login to a user account that hadn't yet accepted the terms and conditions. This is mitigated by the fact that an attacker must have a way to obtain the URL, possibly by snooping on web traffic that isn't protected via HTTPS or a man-in-the-middle attack.

(A note about the timing of this release: per our agreement with the Drupal Security Team, we were unable to release this patch until the same vulnerability was fixed for the Drupal 7 Legal module, or two weeks went by after that module was unsupported, if it appeared it wasn't going to be fixed. The fix for Drupal 7 was released today.)

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the Legal module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Categories: Blogs

Code Positive: Easy & effective testing for Drupal 8 sites with Behat 3

May 17, 2017 - 8:13am

The easiest way to effectively test your Drupal 8 site - Behat 3 with the Behat Drupal extension is an incredible tool for keeping your project out of trouble.



Categories: Blogs

Valuebound: Guide to Drupal distribution Thunder for Media & Publishing companies

May 17, 2017 - 8:04am

While, a drupal developer is working on a project, adding custom codes or functionalities is one of the unavoidable things to do. Otherwise known as extensions or modules in drupal. Drupal modules do not come packed with the core built of drupal and often has to be navigated and found on drupal.org. But is does not end there, you have to know the exact task or functionality the drupal module will add.

The solution to extensive module search may end with drupal distributions. Making a big fat functional website with the perfect drupal modules would be so much easier if someone would do that for us and we could download it whole as a package, well that is what distributions are for.

A drupal distribution…

Categories: Blogs

Websolutions Agency: Creating a custom checkout pane for Drupal Commerce in Drupal 8

May 17, 2017 - 6:46am

In this article, I'll show how you can create a custom checkout pane for Drupal Commerce in Drupal 8. For this purpose, we'll create a checkout pane with a configuration form and ability for users to add coupons to their order.

Drupal Planet, Drupal 8, Drupal modules
Categories: Blogs

Comic Relief Technology Blog: Drupal 8 and Composer can be friends

May 17, 2017 - 5:41am
Introduction 10 years ago (at the end of 2006), Drush appeared to make it easy for Drupal developers to do… Read More
Categories: Blogs

Freelock : Is your website safe from a cyber attack?

May 17, 2017 - 12:38am

As I write, we're in the midst of a big Ransomware attack. Millions of computers have been infected, with their data encrypted, held ransom pending an extortion payment or deleted. Supposedly.

There's a very simple way to avoid the catastrophe of losing everything due to an attack like this. And it's nothing new, it's something we've known to do all along: make good backups of everything, all the time.

Securityhacked siteransomwareDrupalWord PressDrupal Planet
Categories: Blogs

Colorfield: React and Drupal 8 with JSON API 1/3

May 16, 2017 - 5:30pm
React and Drupal 8 with JSON API 1/3 christophe Tue, 16/05/2017 - 22:30 The goal of this serie of posts is to achieve quickly a simple museum Audioguide web app based on a React isomorphic boilerplate with a Drupal 8 backend that uses the latest standards. The web app will be fully decoupled by being hosted on another domain than the Drupal one. As a real world case, we want it to be fully multilingual. This is the first post of a serie of 3. This first one focuses on having a Drupal and React setup that meets our requirements. The second one will define a MVP that will just fetch the audioguides list and a detail view (GET operation), the last one will then add extra features like getting user feedback (POST operation).
Categories: Blogs

Drupal Association blog: Want to host DrupalCon North America in Your City? We Have the RFP for You.

May 16, 2017 - 5:23pm

We are excited to open our RFP process for DrupalCon North America. We are currently looking at locations for 2019 and at locations for 2020. We are running the RFP process concurrently for both years.

If you've attended DrupalCon in the past, you know that it is a pretty unique event. It brings together 3,200 people from across the globe to build Drupal, outline the future of the project, learn skills, teach others, and propel the project forward.

If you are eager for your city to host a DrupalCon we recommend you send this link to your city's Convention Center or Tourism Bureau. We have begun outreach to cities that our DrupalCon team, and the community, have identified as a good fit. That said, we are always welcome to suggestions.

All of the RFP needs are outlined in any of the documents in this folder. Note - the documents are different file formats, however the contents are identical. All proposals must be submitted by May 30, 2017, 5pm PST

If you are a convention center or tourism bureau and have any questions, feel free to reach out directly to us.

We appreciate your interest in DrupalCon and can't wait to tell you where the next Con will be!

Categories: Blogs

Phase2: 5 Emerging Online Community Platform Trends

May 16, 2017 - 2:44pm

Building an online community is not a new topic, but the market is refocused on its growing importance because these online communities can increase customer retention, decrease customer support expenses, and increase profits.

Categories: Blogs

Acquia Developer Center Blog: The Tools You Get with Cog: The New Drupal 8 Base Theme

May 16, 2017 - 2:00pm

Cog, introduced in a previous post, was built as a toolset for satisfying the needs of enterprise clients by Acquia's Professional Service Front-end Team. It's used as a basic starting point for a new project and includes tools for reinforcing front-end best practices. In this blog post we will introduce you to some of the tools included in Cog.

Tags: acquia drupal planet
Categories: Blogs

Jacob Rockowitz: Wrangling the Webform Issue Queue

May 16, 2017 - 12:27pm

I’m afraid of the Webform module's issue queue. I see the Webform 8,x-5.x module's usage stats growing and with it, duplicate bug reports are increasing. The webform_update_8025() update hook is going to haunt me for months. Now I’m afraid to write any update hook that touches an existing field definition. I’ve realized that it is time to push back on the Webform module's issue queue before it’s too late.

Hear me out: I’m not looking for a fight - just a solution to a very simple problem. People don't know how to write proper bug reports and feature requests, and they don't like to read the issue queue handbook. The solution could be equally simple, which would be to require them write good tickets.

Plenty of documentation and videos about writing good issues exist. My goal is to make it easier for people to write complete and useful tickets so I can better assist them.

Help us Help you

For now, I have three goals for improving the Webform issue queue process:

  • Provide easy-to-use bug and features templates.
  • Encourage users to employ these bug and feature templates.
  • Show users how to create a good issue.

Provide bug and feature templates

GitHub allows a maintainer to create an issue template and pull request for their repository. I have decided to do the same thing for the Webform module. Drupal.org does not really support issue templates, however I can recommend that people use them by prepopulating the issues' body field

Prepopulate the "Create...Read More

Categories: Blogs

Phase2: How Columbia is Leading Universities in the Digital World

May 16, 2017 - 11:44am

Columbia University is taking proactive steps to ensure its predominantly Drupal-based digital properties are offering the best possible experience to site visitors. Using Acquia’s Lightning distribution as a base, the CUIT team has begun to roll out a new platform on Drupal 8.

Columbia University Information Technology (CUIT) provides Columbia students, faculty, and staff with central computing and communications services. I caught up with Ian Mieville, Director of Web Services at Columbia University, to talk about how Columbia uses Drupal to support the university’s web services -- and how Drupal 8 is improving those services.


How does CUIT support Columbia University?

CUIT is the centralized IT department for Columbia University. We’re in charge of the university’s security and asset management, technology infrastructure, enterprise systems, as well as custom development and application work. We develop, support, and host about 300+ websites and web applications, which are all almost exclusively on the Drupal framework.


What were your goals for Columbia University’s new Drupal 8 platform?

The first goal was to synchronize the user experience of most CU sites. We discovered a real inconsistency of experience site-to-site -- not only with regards to design, but also usability. Users had to constantly reorient themselves every time they went to a new CU site, even if it was related to the one they just left.

So we aimed to create a standard UX where key components (search, events, news, people directories, course directories, etc.) were consistent with a single usable pattern and design. This would allow site maintainers to focus on what’s really important to them (content and information), without worrying about the technical details of digital property management. As an incentive to adopt the new standard model, we’d make this service available for free to our CU clients.

On the back-end, we found it highly inefficient to keep recreating the wheel every time we launched a new site. So our second goal was to standardize things like content types and integration patterns, and provision a single code base. This would mean our time at CUIT could be better spent doing more complex work.


What was your strategy to accomplish these goals?

In conjunction with our partners, we decided to develop three models of a distribution, to serve as blueprints for standardization.

The first was the Research Model, designed for use by Columbia’s labs and research institutes. The blueprint design focused on research projects, peer-reviewed journal publications, and the people running and working in the labs. It’s meant to give faculty members a platform for publishing their research, in addition to marketing to post-doc applicants.

Second, the Administrative Model will support departments like HR, Finance, and the International Student and Scholars Group. As an administrative unit, these departments exist to offer some service to Columbia’s community, so the model for their sites will give them a way to forefront popular services and organize them by personas, so as to better serve the target audience.

Finally, the Academic Model allows academic departments to showcase their course selection, faculty members, research initiatives, etc. It is formatted to be both a recruiting and informational tool for prospective and current students. This model is still being developed at the moment.


You designed these models on Drupal 8, using Acquia’s Lightning distribution as a base. Why Lightning?

We chose Lightning because it fit into what we were thinking already. As a distribution, it is well-suited for site maintainers and people who manage content. From the back-end, it had the tools to support that use case. And because it’s supported by Acquia, we knew we’d get timely updates. Most importantly, it was a recommendation from Phase2 Software Architect Mike Potter, who worked on this project with us early on.


What do other universities stand to gain from using Drupal 8/Lightning?

There’s a lot to gain from Lightning specifically and Drupal 8 in general. Drupal 8 makes it easier for us to control functionality and integration points, and support Columbia digital properties as a product and a platform.

That being said, we had a very good understanding of what Drupal 8 was offering and what we could do within those parameters. So do your research. There are a lot of contributed modules that still aren’t over to Drupal 8 yet. Choosing Drupal 8 should depend on what you want to do, and your development team’s ability to support customizations and write custom modules.


Any other advice for universities investing in digital transformation?

Your digital strategy depends on how centralized the university is. Columbia is very decentralized digitally, but other universities may have a central CMS where every department hangs off that main site -- I can’t speak to that.

Having said that, you should partner with those people on the other side of the IT site, ie your public affairs group. In doing that, we were able to present a more uniform front. It also makes it easier to convince departments to adopt the standard, as it’s a direct recommendation for the central administration.

With Drupal 8, there’s a little bit of a learning curve. Here at CU, we separate our front-end and back-end developers, so each of those teams learned those functions in Drupal for us. My recommendation is, if at all possible, to dedicate team members to different pieces of the Drupal ecosystem to ensure a high level of expertise in both front-end and back-end.


Why did you select Phase2 as a technology partner?

I previously worked with Phase2 (several times!) when I was at the College Board. When we started initiating this project at Columbia, we needed a certain level of expertise in Drupal, which I knew from experience Phase2 had. We also had other ongoing IT work, so having support from Phase2 allowed our team not to be overrun with the platform design.

It was all very seemless; we were happy to work with Chauncey, Daniel, and Mike on the project. They were really great developers and added a lot of value to the overall project.

Thanks for taking the time to chat, Ian!

Categories: Blogs

Phase2: Redis Sessions for NBA.com and Service Decorators in Drupal 8

May 16, 2017 - 11:44am
Goal: Getting PHP Sessions into Redis

One of several performance-related goals for NBA.com was to get the production database to a read-only state. This included moving cache, the Dependency Injection container, and the key-value database table to Redis.  99% of all sessions were for logged-in users, which use a separate, internal instance of Drupal; but there are edge cases where anonymous users can still trigger a PHP session that gets saved to the database.

For all it’s cool integrations with Symfony and its attempts at making everything pluggable or extendable, PHP session handling in Drupal 8 is still somewhat lacking. Drupal 8 core extends Symfony’s session handling in a way that makes a lot of assumptions, including one that developers won’t want to use any other native session handler, such as the file system or a key/value store like Redis or Memcached.

Session Handlers in Symfony and Drupal

PHP has some native session handling that’s baked in, and for basic PHP applications in simple environments, this is fine. Generally speaking, it works by storing session data in files in a temporary location on the host machine and setting a cookie header so that subsequent HTTP requests can reference the same session. However, since the default behavior doesn’t scale for everyone or meet every project’s needs, PHP offers the ability to easily swap out native session handlers. One can even create a user-defined session handler, thanks to PHP 5’s SessionHandler class.

The SessionHandler class defines some basic methods to allow a developer to create, destroy, and write session data. This class can be extended, and then ini_set('session.save_handler', TYPE) (where “TYPE” can be any of the known save handers, such as “file” or “pdo”) and ini_set('session.save_handler', PATH) (where “PATH” can be any writeable file system path or stream) can be used to tell PHP to use this extended class for handling sessions. In essence, this is what Symfony does, by extending this into a collection of NativeSessionHandler classes. This allows Symfony developers to easily choose PDO, file, or even memcached session storage by defining session handler methods for each storage mechanism.

Symfony-based applications can normally just choose which PHP session handling is desired through simple configuration. This is well-documented at Symfony Session Management and Configuring Sessions and Save Handlers. It’s even possible to create custom session handlers by extending the NativeSessionHandler, and using ini_set() inside the class’ constructor. There is no default Redis session handler in Symfony, but there are plenty of examples out there on the Internet, such as http://athlan.pl/symfony2-redis-session-handler/

Drupal 8 extends this even further with its own SessionManager class. This SessionManager class is a custom NativeSessionHandler (PHP allows “user” as one of the session.save_handler types). As part of the SessionManager class, several optimizations have been carried over from Drupal 7, including session migration and a few other things to prevent anonymous users from saving an empty session to the database. Because of these optimizations, however, we don’t want to simply ignore this class; however, the NativeSessionHandler service has the database connection injected into it as a dependency. This means future attempts to simply extend Drupal’s NativeSessionHandler service class will result in vestigial dependency injection.


Now that we understand a little more about the underpinnings of session handling in PHP, Symfony, and Drupal 8, I needed to determine how to tell Drupal to use Redis for full session management. Several important goals included:

  • Keep all of Drupal 7 and 8’s optimizations made to session handling (which originated in Pressflow).

  • Don’t patch anything; leave Drupal core as intact as possible, but not rely on the core behavior of using the database for session storage.

  • Leverage the Redis module for connection configuration and API.

Just Override the Core Session Service?

One option that was considered was to simply override the Drupal core service. In core.services.yml the session_manager service is defined as using the Drupal\Core\Session\SessionManager class. In theory, a simple way to change Drupal’s database-oriented session handling would be to just replace the class. In this way, we would simply pretend the SessionManager class didn’t exist, and we would be able to use our CustomRedisSessionManager class, which we would write from scratch.

However, there are a few flaws in this plan:

  • We would have to reimplement all session handler methods, even if nothing differed from Drupal’s core class methods, such as session_destroy().

  • If Drupal core changed to include new or modified session handling, we would likely have to reimplement these changes in our custom code. Being off of the upgrade path or not being included in any future security fixes would be a Bad Thing™.

For more information about the proper way to override a code service in Drupal 8, see https://www.drupal.org/node/2306083

Enter: Service Decoration

For the purpose of this blog post, I will briefly introduce service decorators; but for a more general, in-depth look, a good resource to learn about Service Decorators is Mike Potter’s blog post, Using Symfony Service Decorators in Drupal 8. This is what I used as the basis for my decision to decorate the existing core session_handler service rather than overriding it or extending it.

What is a Service Decorator?

Service decoration is a common pattern in OOP that lets developers separate the modification of a service or class from the thing they’re modifying. In a simple way, we can think of a service decorator as a diff to an existing class. It’s a way to say, “hey, still use that other service, but filter my changes on top of it.”

Decorating the Session Manager Service

Symfony paves the way for services in Drupal 8, and carries with it several other design patterns, including service decorators. To decorate an existing service, you simply define a new service, and use the `decorates` key in your `MODULE.service.yml` file.

For the Redis Sessions module, here is `redis_sessions.service.yml`:

  1. services:
  2. # Decorate the core session_manager service to use our extended class.
  3. redis_sessions.session_manager:
  4. class: Drupal\redis_sessions\RedisSessionsSessionManager
  5. decorates: session_manager
  6. decoration_priority: -10
  7. arguments: ['@redis_sessions.session_manager.inner',
  8. '@request_stack', '@database', '@session_manager.metadata_bag',
  9. '@session_configuration', '@session_handler']

The `decorates` key tells Symfony and Drupal that we don’t want use this as a separate service; instead, continue to use the core session_manager service, and decorate it with our own class. The `decoration_priority` simply adds weight (or negative weight, in this case) to tell Drupal to use our service above other services that also might try and decorate or override the session_manager class.

The `arguments` key injects the same dependencies as well as the original session_manager service as a sort of top-level argument. In this way, we can still use the session_manager as the service that handles PHP sessions, and it will have all of its necessary dependencies injected into it directly by our service class. This will also inject that service into our class in case we need to reference any session_manager methods, and treat them as a _parent class method.

For the same module, here is the `RedisSessionsSessionManager.php` class constructor:

  1. public function __construct(SessionManager $session_manager,
  2. RequestStack $request_stack, Connection $connection, MetadataBag
  3. $metadata_bag, SessionConfigurationInterface $session_configuration,
  4. $handler = NULL) {
  5. $this->innerService = $session_manager;
  6. parent::__construct($request_stack, $connection, $metadata_bag,
  7. $session_configuration, $handler);
  9. $save_path = $this->getSavePath();
  10. if (ClientFactory::hasClient()) {
  11. if (!empty($save_path)) {
  12. ini_set('session.save_path', $save_path);
  13. ini_set('session.save_handler', 'redis');
  14. $this->redis = ClientFactory::getClient();
  15. }
  16. else {
  17. throw new \Exception("Redis Sessions has not been configured. See
  18. 'CONFIGURATION' in README.md in the redis_sessions module for instructions.");
  19. }
  20. }
  21. else {
  22. throw new \Exception("Redis client is not found. Is Redis module
  23. enabled and configured?");
  24. }
  25. }

In RedisSessionsSessionManager.php, we define the `RedisSessionsSessionManager` class, which will decoration Drupal core’s `SessionManager` class. Two things to note in our constructor is that:

  1. We set $this->innerService = $session_manager; to be able to reference the core session_manager service as an inner service.

  2. We check that the module has the necessary connection configuration to a Redis instance, and if so, we’ll use ini_set to tell PHP to use our Redis-based `session.save_path` and `session.save_handler` settings.

Everything Else is Simple

In our RedisSessionsSessionManager class, there’s just a few things we want to change from the core SessionManager class. Namely, these will be some Drupal-specific optimizations to keep anonymous users from creating PHP sessions that will be written to Redis (originally, the database), and session migration for users that have successfully logged in (and may have some valuable session data worth keeping).

We also have to some extra things to make using Redis as a session handler easier. There are a few new methods that Redis Sessions will use to make looking up session data easier. Since Redis is essentially just a memory-based key-value store, we can’t easily look up session data by a Drupal user’s ID. Well, we can, but it’s an expensive operation, and that would negate the performance benefits of storing session data in Redis instead of the database.

With these custom methods aside, everything else just relies on PHP’s native session handling. We’ve told PHP to use the base Redis PHP class as the handler, which is just part of having Redis support compiled in PHP. We’ve told PHP where to save the session data; in this case, a TCP stream to our redis instance configured for the Redis module.


As of the writing of this blog post, I’ve begun the process of releasing Redis Sessions as a submodule of the Redis module. This can help serve as both a practical example of creating a service decorator as well as helping high-traffic sites that also wish to serve content from a read-only database. For those that would like to help test the module, here is the patch to add Redis Sessions submodule to the Redis module.

Want to read more about Drupal 8 architecture solutions and how to evaluate each solution based on your business objectives? Download our whitepaper here


Categories: Blogs