myDropWizard.com: Drupal 6 security update for Webform module

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules – but the Drupal 6 LTS vendors are and we’re one of them!

Today, there is a Critical security release for the Webform module to fix a Cross Site Scripting (XSS) vulnerability.

The Webform module is for making forms and surveys in Drupal. 

It doesn’t sufficiently sanitize token values taken from query strings. If a query string token is used as the value of a markup component, an attacker can inject JavaScript into a page.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Webform module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. 🙂

If you’d like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they’re released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you’ll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won’t necessarily have a release on Drupal.org).

Specbee: Have you leveraged Drupal’s Computed Field Module yet? – Get started now with this quick guide

Have you leveraged Drupal’s Computed Field Module yet? – Get started now with this quick guide
Sahana N
10 Dec, 2019

Computed Field Module is extremely beneficial to a Drupal developer at various events. There are times when you have tons of Fields, a few of which can be consolidated into one field. Sometimes, you might need a field that is a computation of two or more fields, which does not need user inputs. Or you might just want to store the current user’s data directly into the database. 
  
When you want to populate content automatically without user inputs in Drupal, we can leverage the Computed Field Module for Drupal 8. This module is a very powerful field module that allows us to insert custom calculated/computed fields via PHP code. These values can be either stored directly in the database or can be calculated while using node views. 

This module comes with a security warning as the custom code entered in the field is going to be saved in the database. Adding PHP code in the text area (“Insert your working code here”) without the use of Hooks in custom modules, is a huge threat to the security of your website. This module is recommended to be used by developers with good skills and knowledge in PHP and Drupal APIs. It is also recommended that you first test your PHP code in the Body field of a Drupal page.

Installing the Drupal 8 Computed Field Module:

Initially, you will need to download the Drupal Computed Field module from this link – https://www.drupal.org/project/computed_field/releases/8.x-2.0 or you can  Install with the Composer :  composer require ‘drupal/computed_field:^2.0’

Once you have installed the module, navigate to extent and enable the Computed field module. 

Enable computed field module
               Figure 1- Enable the Computed Field Module

Using Computed Field to automatically populate content

Step1 – Once you have enabled the module, navigate to Structure -> content- type -> select your content type. For now, I have selected the Article content type.

Step 2 – Go to Manage fields, add field of type Computed field. There are 5 types of computed fields – 

  • Computed (decimal): This field automatically populates as decimal value based on the php code.
  • Computed (float): This field automatically populates a floating value based on the php code.
  • Computed(integer): This field automatically populates an integer valued based on the php code. 
  • Computed (text): This field automatically populates a string values based on the php code.
  • Computed (text, long): This field is the same as Computed text but takes more text.
select field type
         
           Figure 2 – Select the Field Type

Time to Try it out! Let us now automatically calculate and populate the age of a person based on their Date of Birth that the user has entered.

Step 3 –  First, we will have to add the Computed Field. In our case I am going to calculate the Age of a person so I will add the field by navigating to 
Configuration -> Account settings -> Manage fields. Lets’ select the Computed (integer) field to populate the Age automatically.

computed field
         
             Figure 3 – Add the Computed (integer) Field

When we add the Computed (integer) field and give a Label (name of the calculated field), click on Save. We will then see this window as shown in the image below.

Setting up the Drupal Computed Field
            Figure 4 – Setting up the Drupal Computed Field

 

Step 4 –  In the settings window, you can add an optional Help text that instructs the user on what the calculated field value is about. The most important part, however, is the text-area called “Code (PHP) to compute the integer value”. Here is where we write the custom code to calculate the Age (in this case). Below the text area you will see some security warnings and some suggestions/recommendations. Also mentioned are a few example variables that can be used in the PHP code. In our case, I am going to write the PHP custom code to calculate Age in the PHP code text area. To automatically populate the Age.
 

Calculating the Age within the PHP Code text area
            
           Figure 5 – Calculating the Age within the PHP Code text area

Inside the PHP code text area, we can also use “if” conditions to populate the content automatically.

Step 5 – After writing the custom code for the Compute Field, hit the save button. Next, lets’ test this by entering the Date of Birth.

Entering the Date of Birth
           
           Figure 6- Entering the Date of Birth

 

Step 6 – After saving the content the Age will be populated automatically (as shown in the image below)

Figure 7 - Calculated Age presented to the user
             
           Figure 7 – Calculated Age presented to the user

This is a very simple example of using the Drupal 8 Computed Field Module but similarly you can populate values with various types of computations and custom code. 
 

Shefali ShettyApr 05, 2017

 

Zivtech: Why You Should Upgrade to Drupal 8 (Even With Drupal 9 On the Way)

With Drupal 9 set to be released later next year, upgrading to Drupal 8 may seem like a lost cause. However, beyond the fact that Drupal 8 is superior to its predecessors, it will also make the inevitable upgrade to Drupal 9, and future releases, much easier. 

Acquia puts it best in this eBook, where they cover common hangups that may prevent migration to Drupal 8 and the numerous reasons to push past them.

The Benefits of Drupal 8

To put it plainly, Drupal 8 is better. Upon its release, the upgrade shifted the way Drupal operates and has only improved through subsequent patches and iterations, most recently with the release of Drupal 8.8.0

Some new features of Drupal 8 that surpass those of Drupal 7 include improved page building tools and content authoring, multilingual support, and the inclusion of JSON:API as part of Drupal core. We discussed some of these additions in a previous blog post

Remaining on Drupal 7 means hanging on to a less capable CMS. Drupal 8 is simply more secure with better features.

What Does Any of This Have to Do With Drupal 9?

With an anticipated release date of June 3, 2020, Drupal 9 will see the CMS pivot to an iterative release model, moving away from the incremental releases that have made upgrading necessary in the past. That means that migrating to Drupal 8 is the last major migration Drupal sites will have to undertake. As Acquia points out, one might think “Why can’t I just wait to upgrade to Drupal 9?” 

Agiledrop.com Blog: Our blog posts from November 2019

The year has come to a close – and what a year it has been! For Agiledrop as well as for Drupal, this has been a truly amazing and successful year – and yet, we feel it is only a prelude to all that’s coming in 2020. To properly end the year, here’s a recap of all our posts from last month – enjoy!

READ MORE

Mediacurrent: Open Waters Podcast Ep 8: Streamlined Design With Rain

This episode, we welcome UX pros Cheryl Little and Becky Cierpich to talk about the Mediacurrent Rain installation profile. Hear how Rain, the recent winner of Acquia’s “Open Source Giants” award, can streamline your design project.


Audio Download Link

Project Pick:  

Becky: nocoffee vision simulator

Cheryl: Notion.so

Interview:

  • What is Rain?
  • How did Mediacurrent designers help build Rain?
  • What’s included in the Rain component library?
  • Are you glad that you did/ how does this benefit your team?
  • How do digital strategists interact with Rain?
  • Do developers like Rain?
  • How about clients? What has their reaction been?
  • OK, how about project managers? Do they get anything out of Rain besides a more efficient project?
  • Thinking about the editorial experience, how does Rain look to a site builder?
  • Is there any reason a project shouldn’t start with Rain?
  • What’s next for the future of Rain?

Resources

Sooper Drupal Themes: Drupal 8.8 is here! What changes does it bring?

Drupal 8.8 is paving the way to the future

Drupal 9 is approaching fast. However, until Drupal 9 arrives, there is another major update that is coming soon. Drupal 8.8 was launched on the 4th of December. In this blog post, I am going to tell you what are the changes and quality of life improvements that you can expect from the next major Drupal update.

Drupal WYSIWYG will include will allow media embedding

This is a feature that was long awaited for Drupal. Media has been poorly handled by Drupal for a while now. Because of that, this feature was awaited for a decade already. However, with Drupal 8.8, this wish becomes a reality. The good news is that this feature will come with complete media management capabilities that make it easier to embed the media for content creators and site builders alike. Thanks to this new development we will also be able to integrate media embedding in a future release of our Glazed Builder visual page builder.

Claro, a new administration theme integrated into Drupal core

On top of these updates, Claro, a new administration theme will be integrated in the Drupal core. This theme will bring a new refreshed design to Drupal. This UI refreshment has been long requested by the Drupal community. However, in drupal 8.8, these requests are finally coming to fruition. Below, you will see a comparison between the old and the new improved UI of Drupal with screenshots taken from both of them.

Drupal 8.8 old

In the first screenshot you can see the new page creation tab from the old Drupal UI.

.

Drupal 8.8 new

In this screenshot, you can see the same page as in the screenshot above, however, with the new UI added on top of it. As you can see, now it has a white background with blue highlights. The fields appear to be  bigger than previously, further improving the clarity and the text readability. The blue highlight seems to use a darker blue than the one in the previous version of the UI. All in all, the changes are so drastic, however, the better color pallette choice and the boxy look bring out a more clean and modern look for Drupal 8.8.

JSON:API should become significantly faster

First, let’s start with what JSON:API is.JSON:API or JavaScript Object Notation is an encoding scheme that is designed to eliminate the need for an ad-hoc code in order for that code to be able to communicate with the servers that communicate in a defined way.

In the Drupal 8.8 update, JSON:API is thought to be able to create the work even faster than before. This was possible because of a couple of issues that were resolved:

  • The include paths are resolved for every resource in a resource collection, instead of once per unique resource type. 
  • ResourceTypeRepository computes ResourceType value objects on “every request”
  • Resource “entity” should use partial caching

These changes will make Drupal 8 a better platform for phone apps and other “headless” applications.

jQuery UI is going to be deprecated from Drupal core

jQuery UI will be deprecated in Drupal 8.8. This front-end library is used to render user experience components like dragging and dropping, sliders, selecting and sorting, etc. It was first added in 2009 to the Drupal core. However, it became unmaintained since 2017 and as a  consequence was listed as an Emeritus project, which means that the people who were maintaining the projects are reaching or are at the end-of-life of the project. Even though jQuery UI will become deprecated in Drupal 8.8, it will be completely removed from Drupal with the release of Drupal 9. On top of that, because of the end of life, jQuery Ui will not work with future jQuery versions. With this in mind, it seems that Drupal core is in the middle of the process of switching to JavaScript solutions. Also, it seems that Modules and themes that are depending on jQuery UI will have to have it as a dependency and also to manage their libraries.

Path aliases are going to be converted to revisionable entities

Custom URL aliases will now be provided by a new revisionable content entity type in Drupal 8.8. However, the path.alias_storage has been kept for backward compatibility purposes, although its hook has been deprecated. You can check out the next link in order to be fully prepared to upgrade your code for Drupal 9.

Configuration Management improvements

Drupal Configuration Initiative 2.0 started being implemented from the release of Drupal 8.6. However, it started being implemented more and more with new releases of Drupal. Now, with the release of the new Drupal 8.8, the configuration management will see new improvements. One of the changes is that the Sync directory is defined in $settings[‘config_sync_directory’] in settings.php.
On top of that, the ability to support multiple configuration directions is $config_directories is not deprecated. Furthermore, if you happen to have a custom or contributed code that relies on this ability you either need to move your setting either to $settings or another storage. To read more about this see the change record.

Full support of Composer to build Drupal projects

Composer has helped Drupal development become more in line with the PHP standards. The relationship between Composer and PHP had started to develop more with the release of Drupal 8. Now, Drupal 8.8 will come packed with more Composer plugins.

  • Drupal/core-composer-scaffold: This plugin will be replacing the drupal-composer/drupal-scaffold plugin. The new plugin will be in charge of automating the scaffolding of the Drupal core Composer in the right place. On top of that, this plugin will provide a couple of options for the setup approaches.
  • Drupal/core-vendor-hardening: The task of this plugin is to remove some of the unnecessary folders that are present in vendor directories such as tests or documentation, this process being important when the vendor folder is included in the docroot.
  • Drupal/recommended-project: This composer template will have a role in the generation of a Drupal project structure which follows the recommendations presented in Drupal 8.8, which states that the vendor folder should be outside of docroot.
  • Drupal/legacy-project: This Composer template will generate a Drupal project that will follow the old structure. However, using this will not be recommended for Drupal 8.8.0 and further.

These Composer related parts can be found in the new /composer folder from Drupal source core.

Drupal, better than ever!

Drupal 8.8 seems to bring out a new cluster of features and quality of life improvements that will surely make the life of the site builders and content creators easier. This release will is one important release that paves the way for the arrival of Drupal 9. With that being said, congratulations to all the people that have contributed to the release of Drupal 8.8. Keep up the good work!