Debug Academy: Would you rather: Early or late adopter of Drupal?

Would you rather: Early or late adopter of Drupal?

What are the pros & cons of being an early adopter of a framework?

This can be a loaded question due to misaligned incentives. Projects need early adoption to be successful.

But what is best for your career and/or project? Let’s discuss it honestly.

When is “early”?

In the context of software, “early adoption” has multiple meanings.

For the sake of this conversation, “early” specifically means at least one of the following is true:

  1. The software is not yet widely used (not many case studies)
  2. Best practices have not yet been established
  3. The software has not stabilized (alpha, beta, sometimes 1.0)

It’s not always clear whether using software is early.

Let me give a few examples, one of which may be counter-intuitive:

ashrafabed
Mon, 09/20/2021


Go to Source
Author:

Drupal Association blog: Meet one of our 2021 Discover Drupal Students, Abokar Botan

The Discover Drupal 2021 recently began the next phase of their journey. This year we have eight students. After completing their prerequisite course in July, they have all started the course for their chosen pathway.  Each month we introduce a student, and this month, we welcome Abokar Botan!

Abokar was referred to the program by Genesys Works and is entirely new to Drupal. He currently resides in Minnesota.

Tell us a little about you. What are your hobbies and interests? My name is Abokar. I am majoring in computer science. One of my hobbies is coding. My interest is to become a Software Engineer.

What is your ultimate goal in learning Drupal? My ultimate goal is to learn front-end development.

What are you most excited about regarding this program? My most exciting thing in this program is having a mentor who listens to all your ideas and gives you great advice.

If you see Abokar online in Drupal Slack or at any upcoming Drupal events, please give him a warm welcome. His Slack user name is Abokar Botan.

Thank you to our Partners and Sponsors

We want to thank our founding partner, Kanopi Studios and especially Allison Manley for her hard work and dedication to the program. We also want to thank our platinum sponsors: Lullabot and Elevated Third for the financial support that has been instrumental in launching this program. Finally thank you to our excellent training partners, Drupal Easy, Evolving Web, Mediacurrent, and Drupalize.me.

If you’d like more information about the program or would like to become a supporting donor, please reach out to us a drupaltalent@association.drupal.org


Go to Source
Author:

Specbee: An Easy Step-by-Step Guide to Writing Your Own Custom Drush 9 (and 10) Commands

An Easy Step-by-Step Guide to Writing Your Own Custom Drush 9 (and 10) Commands
Santhosh Kumar
16 Sep, 2021

If you’re a Drupal professional, Drush needs no introduction. But if you’re just starting out as a Drupal developer or keen on learning about Drupal, you should know that Drush is something you just CANNOT ignore. Short for “Drupal + Shell”, Drush is a Command Line Interface (CLI) tool made exclusively for Drupal. With Drush, you can set up new Drupal websites quickly and easily work with the Drupal installations. It helps you streamline your development and administrative tasks thus improving your productivity.

Drush 9 and Drush 10 core comes shipped with tons of helpful commands that helps you interact with themes, modules, profiles, etc. Some useful commands include – SQL commands, exporting or importing configurations, updates, migrations, cron or clear cache, and much more. It is also extremely extensible, in that you can create your own custom commands. In this article, you will find more information about how to create custom Drush 9 and 10 commands in an easy step-by-step process. 

Note: Drupal 8.4 and higher support Drush 9, while Drupal 8.8 and above support Drush 10.
Custom Drush Command

Drush and Drupal Console

Although Drush and Drupal Console are both super useful CLI tools that make developers’ work easier, they are often used in different scenarios. With Drupal Console being the most recent addition to the Drupal world, it is a very useful tool for new developers to cope up with Drupal’s infamous learning curve. However, our take would be to use both Drush and Drupal Console as when put together they can do so much more in speeding up development and boosting productivity. 

While Drupal Console lets you create custom modules, services, entities, boilerplate content, debugging and more, Drush lets you perform more basic but foundational tasks. These tasks include installing Drupal, interacting with the installation, exporting and importing configurations, download and update contributed modules, Caching, update the database, run cron jobs and much more. For more details on each of their features, please refer to this guide.

When would we need to Create Custom Drush commands?

Although there are many Drush 9 commands that are ready to use for various functionalities, there are always times when they’re not adequate. We create custom Drush commands for many database related processes like entity field value updates, DB updates, importing or exporting data to and from Drupal, and other bulk processes. Also, when we have secure methods to be called, we can opt for Drush command implementation. 

How to Create a Custom Drush Command

The previous versions of Drush the implementation of Drush custom code followed different models. It was based on the hook_drush_command() and made use of .inc files.

In Drush 9, we will no longer use the .inc files or the hook_drush_command(). Drush commands will now be based on Annotated command format. This changed the fundamental structure of custom Drush commands.

Step 1: Create a module

Create a .info.yml file
Custom Drush

 

Step 2: Create a service using services.yml

Create a .services.yml file
Services YML

 

Step 3: Create a Drush service class

Now let’s extend the DrushCommands base class.
Use Drush 

Path to the class file should be: 

/src/Commands/BatchCommands.php

Batch Command 

Under this class, each method can be a command function if it is properly annotated.

Step 4: Create annotated methods

Print Info 

Here are a few of the common annotated commands:

@option 
@usage 
@command 
@param 
@process
@aliases 
@status
@extract

Step 5: Clear cache

Now let’s clear the cache to flush all caches with this command:

drush cr

Start using the new custom command you just created:

drush custom-message 

Custom Message 

Note: Multiple options added, as options is an array value.

Shefali ShettyApr 05, 2017

 


Go to Source
Author:

Security advisories: Drupal core – Moderately critical – Access Bypass – SA-CORE-2021-010

Project: 
Date: 
2021-September-15
Vulnerability: 
Access Bypass
CVE IDs: 
CVE-2020-13677
Description: 
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.

Sites that do not have the JSON:API module enabled are not affected.

This advisory is not covered by Drupal Steward.

Solution: 
Install the latest version:

Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage.

Drupal 7 core does not include the JSON:API module and therefore is not affected.

Reported By: 
Fixed By: 


Go to Source
Author:

Security advisories: Drupal core – Moderately critical – Access bypass – SA-CORE-2021-009

Project: 
Date: 
2021-September-15
Vulnerability: 
Access bypass
CVE IDs: 
CVE-2020-13676
Description: 
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.

Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

This advisory is not covered by Drupal Steward.

Solution: 
Install the latest version:

Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage.

Drupal 7 core does not include the QuickEdit module and therefore is not affected.

Uninstalling the QuickEdit module will also mitigate the vulnerability. Site owners may wish to consider this option as the QuickEdit module will be removed from core in Drupal 10.

Reported By: 
Fixed By: 


Go to Source
Author:

Security advisories: Drupal core – Moderately critical – Access bypass – SA-CORE-2021-008

Project: 
Date: 
2021-September-15
Vulnerability: 
Access bypass
CVE IDs: 
CVE-2020-13675
Description: 
Drupal’s JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

This vulnerability is mitigated by three factors:

  1. The JSON:API or REST File upload modules must be enabled on the site.
  2. An attacker must have access to a file upload via JSON:API or REST.
  3. The site must employ a file validation module.

This advisory is not covered by Drupal Steward.

Also see GraphQL – Moderately critical – Access bypass – SA-CONTRIB-2021-029 which addresses a similar vulnerability for that module.

Solution: 
Install the latest version:

Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage.

Drupal 7 core is not affected.

Reported By: 
Fixed By: 


Go to Source
Author:

Security advisories: Drupal core – Moderately critical – Cross Site Request Forgery – SA-CORE-2021-007

Project: 
Date: 
2021-September-15
Vulnerability: 
Cross Site Request Forgery
CVE IDs: 
CVE-2020-13674
Description: 
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.

Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the “access in-place editing” permission from untrusted users will not fully mitigate the vulnerability.

This advisory is not covered by Drupal Steward.

Solution: 
Install the latest version:

Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage.

Drupal 7 core does not include the QuickEdit module and therefore is not affected.

Uninstalling the QuickEdit module will also mitigate the vulnerability. Site owners may wish to consider this option as the QuickEdit module will be removed from core in Drupal 10.

Reported By: 
Fixed By: 


Go to Source
Author: