In part one of this post, I went over how Drupal Security Advisories, SSL/TLS certificates, and thorough user account security help lay the foundation for keeping your Drupal site secure. In part two, we’ll take a look at user roles and permissions, input filters and text formats, and third party libraries.User Roles and Permissions
To keep your site secure, always make sure that your user roles and permissions are configured properly. Depending on the modules installed and third party integrations, there could be additional permissions and/or roles to configure to ensure the site is still secure after installing a particular module. It’s important to read the full module README and/or module documentation to verify that all configuration options and permissions have been set up securely. In many cases, modules with very important security related permissions will either set them to a sane default configuration, or put up a notice on the modules page within the admin UI. Some will do both. Some will do neither, so that’s why you need to be aware.
For each module you enable, there can be optional or required permissions that need to be configured. This is one of the easiest things to overlook as a Drupal beginner, so keep an eye on which modules you’re enabling, and if you have permissions set for all your roles before launching the site.Read more
The ADCI Solutions team is ready to set off to DrupalCon Nashville. Meet us there! This time we bring up the topics of leadership and marketing of Drupal. We'd love to see you at the session and BoF! Let’s gather and chat!
Recently I read Why is Drupal now the second most-hated platform behind SharePoint? followed by the predictable Reddit discussion trashing Drupal. Every time I read someone's negative, yet reasonable, criticism of Drupal, I can't help but rephrase Winston Churchill's famous quote about democracy in the context of Drupal and Open Source.
Churchill's defense of democracy came at a time when the notion of democracy was under a direct threat. Drupal and Open Source are not imperil in the same way, but the lesson Drupal and Open Source can learn from history is that it is essential to recognize, respond, and adapt to potential threats. Ignoring problems is the worst thing anyone can do.
Introspection and discussion is a significant part of our process to improve and affect change within Drupal. I am looking forward to Owen Lansbury's DrupalCon Nashville presentation called Have We Reached Peak Drupal?. I have seen a preview of his presentation and it puts Drupal’s current state into perspective while also looking at its future. If you want to learn more about the discussion around "peak drupal" you should also check out Dave Hall's blog post, "Drupal, We Need To Talk."
While building and maintaining the Webform module for Drupal 8, I have thought a lot about the future of Drupal and the Webform module.
How do we increase Drupal's adoption?
I no longer feel adoption is a Drupal 8 specific issue but rather it’s a...Read More
The development of Drupal Commerce 2 has come a long ways. We've had an official release for a while now and many of the sub-modules and add-on modules are coming along nicely. However, with all of the focus being on development, it can be hard to find good documentation for Drupal developers and Technical Managers who want to know more about the underlying systems and design.Look no further!
A while ago we contact Steve Oliver and asked him to help us out. Steve has been developing Drupal for a long time (at the time of writing, his Drupal.org profile is 12 years, 3 months old). He's contributed to all aspects of Drupal, including Commerce, and is quite active in IRC and Slack, providing support. We asked him if he would be interested in providing us with one document that contained everything you might want to know about Drupal Commerce from a technical perspective. We're talking about the systems, design patterns, concepts, core modules, contrib modules, and more. Steve blew us away, coming back to us with a 22 page document that has it all. We've taken all of that wonderful information and put it on our site for everyone to enjoy. It's a great starting point or general refresher.
So without further delay, take a look for yourself. I bet you'll be happy that you did!
- Video: Introducing the Drupal Commerce Kickstart 2.x Installer
- Video: UH+ Axe: Enhanced Commerce Product Page, A Technical Walkthrough
- Blog: Quickbooks Enterprise Integration in Drupal Commerce 2
- Learn more about Acro Media
The Starter Kit includes three separate applications to demonstrate various Headless Drupal design patterns: a React application, a GraphQL application, and a Headless Lightning Drupal website. Each application was created to work in tandem with each other, but also as a collection of boilerplate tools for your personal applications.Tags: acquia drupal planet
Symphony is an open source PHP based web application framework. Symphony uses a set of reusable PHP components to build web applications from scratch. Symphony follows MVC architecture. A kernel is the heart of symphony (Its just a class) and symphony extends this class to in its built applications.
Sooper Drupal Themes: SooperThemes Drupal 8 Release Candidate 3. Patch update for Glazed and Glazed Builder Drupal 7.
Our latest update for Drupal 8 and 7 fixes a bug with Chrome browser's latest release and the 3rd level "dropdown" menus in mobile navigation and side-header navigation. If your websites does not use 3rd level dropdown menus these updates are probably not important for you. We also use the opportunity to get our Drupal 8 products up to date with Drupal 8.5 and we made sure everything is tested to work with the recent highly critical security updates.Drupal 8 RC3
Fixing an issue with Font Awesome 5 Pro icons and some other minor issues, our RC3 release is ready to quickly transition into a stable release. We're now focused on updating our product pages, documentation, and other sooperthemes.com infrastructure to make sure downloading, using, and updating our Drupal 8 projects will be a smooth experience. We expect to be ready for the official Drupal 8 launch of all our products in about 2 weeks, but this release candidate is a perfectly fine starting point if you're already looking to start a Drupal 8 project with Glazed Theme, Glazed Builder, or our SooperThemes Portfolio module.Glazed 7.x-2.6.9 and Glazed Builder 7.x-1.1.8
We release patch updates for Drupal 7 Glazed Theme and Glazed Builder, making minor improvements to both products and of course we've done extensive testing to make sure everything works after the recent Drupal core security updates that touched some very "core" parts of Drupal. See the Glazed CHANGELOG and Glazed Builder CHANGELOG for an overview of changes. No changes related to the security update were made.SooperThemes Updates Coming Soon
The Drupal 8 stable release has been a long time coming, and now the product is ready. We're just holding off the official launch until our website and documentation are also brought up to date to support Drupal 8. If you're interested in our progress just keep an eye on the website. Sooperthemes.com will be undergoing changes in both content and design. For a sneak preview check out our "work in progress" Glazed Builder product page, which now features tons more information than before. You'll also find that I'm experimenting with a video format that I'd like to use for both documentation and marketing communications.
When we are finally completely stable with all our Drupal 8 products we will develop new product features and Glazed Theme demo designs. All product updates will be available to both Drupal 7 and 8 product versions. The specifics of development we'll be focussing on will be determined in the near future by asking you guys what you want and need.Open Source Contributions Scheduled After Stable Drupal 8 Release
I regret that while working so hard on our Drupal 8 product updates for premium products, our open source projects have been neglected. This was an inevitable result of our Drupal 8 work overrunning budget and timelines by huge margins. I'm looking forward to start investing again in the free version of Glazed Theme we host on drupal.org, and of course publish a stable Drupal 8 version of the free theme and Glazed CMS distribution on drupal.org. We'll make sure Drupal 8 gets the free theme it deserves, with more flexibility and customizability than any other free Drupal theme.
If you are getting ready to attend your first DrupalCon, here are a few ideas to help you prepare for an intense week of open source software community from @horncologne. Watch the interview video for more tips and inspiration from my Drupal friends.
In prep for DrupalCon Nashville, I was working on our Drupal Commerce demo sites that we'll be showing off. They have been running in silent mode for some time and recently received an overhaul so they use our demo and out of the box theme for Drupal Commerce, Belgrade.
Creating a duplicate of an entity is easily done via the entity API method Entity::createDuplicate(). This is a convenient method if the goal is to clone an entity into a new entity, as all identifiers of the previous entity get unset when using this method.
The Maestro module and it's use-case can be challenging to understand and we recognized there was a need to provide a better explanation and examples.
It's fair to say that every company and organization from small to large has business processes involving the movement of forms and or documents with varying degrees of complexity and number of participating internal and external users. Maestro was developed to help automate these processes with it's workflow editor and workflow engine.
If it can be flow-charted, then it can be automated with Maestro.
This is not a just a clever saying. It's true. With Maestro, the method to automate your process starts with our visual workflow editor with which you drag, drop and connect your workflow steps together. The maestro workflow editor can be used by business users to map out their business process.
I've collected a bunch of articles for you, where Drupal agencies describe their processes, workflows and experience with the Drupal update release PSA-2018-001.
Hard facts: The update was announced one week earlier and released on March 28th between 18:00 and 19:30 UTC. Due to the flood of site views and very motivated F5 finger exercises, Drupal.org was down for around an hour. Fortunately, the Drupal Community worldwide was prepared with snacks, pizza, and more pizza, remote hangman, and a lot of memes.
For detailed information, the Drupal Security Team provided this FAQ about SA-CORE-2018-002.Drupal Drupal Planet Business Update Automation
On Wednesday 21 March, the Drupal security team announced a that there would be an extremely important security release of Drupal (SA CORE 2018 002) which would fix a vulnerability in the core code. This vulnerability affected every single Drupal site, whether on 8, 7, 6 or even 5.
This is not a new phenomenon, and is testament to the efficiency and professionalism of the Drupal Security Team that these vulnerabilities are found, fixed, and the releases managed appropriately.
We have a bunch of sessions lined up on a variety of subjects... from DevOps to decoupled Drupal, technical TLAs to development tips, and even a case study about a Stanford project. We’ve got something for everyone, so we hope to see you there!
No, you should not. You should let us worry about them, and go back to your business.
Seriously, we're getting questions from all kinds of people about whether this matters. I'm a bit surprised that there is any question about that. Would you be concerned if your top salesperson was selling for somebody else? If your cashiers were jotting down credit card numbers when they charged a card? If your office became a well-known spot for illicit drug or gun dealers? If your office had a bunch of scammers squatting and running a pyramid scheme? If your confidential client information could be revealed as easily as using a bic pen on an old Kryptonite lock?Bic Pen vs Kryptonite Lock
We've seen some variation of every single one of those scenarios. And all of them are possible with a remote code execution flaw in a web application, like yesterday's Drupal security vulnerability.
And yet people stillDrupal Drupal Planet Security WordPress