Code Karate: Drupal 8 Editor File Upload Module

Episode Number: 
217
Drupal 8 Editor File Upload Module - Daily Dose of Drupal episode 217

The Drupal 8 Editor File Upload Module is a great module for allowing your content editors to upload files directly in your website content. If you have ever needed to upload a file, and then include a link to that file, then the Editor File Upload module will be useful. Rather than having to upload the file manually using FTP or through another module, then having to go back to create a link in your content to that file, this module lets you do it all in one step.

Code Karate: Drupal 8 Contact Storage Export Module

Episode Number: 
215
Drupal 8 Contact Storage Export Module - Daily Dose of Drupal Episode 215

In this episode, we cover the Drupal 8 Contact Storage Export Module. This episode covers a module that adds additional functionality to the Contact Storage Module (which we covered in episode 213). This module allows you to export your contact form submissions to a CSV file. It’s a simple module that serves a very specific purpose. If you need to export your contact form submissions, this is how you do it!

Drupal blog: The end of PHP 5

This blog has been re-posted and edited with permission from Dries Buytaert’s blog. Please leave your comments on the original post.

If you are still using PHP 5, now is the time to upgrade to a newer version of PHP.

PHP, the Open Source scripting language, is used by nearly 80 percent of the world’s websites.

According to W3Techs, around 61 percent of all websites on the internet still use PHP 5, a version of PHP that was first released fourteen years ago.

Now is the time to give PHP 5 some attention. In less than two months, on December 31st, security support for PHP 5 will officially cease. (Note: Some Linux distributions, such as Debian Long Term Support distributions, will still try to backport security fixes.)

If you haven’t already, now is the time to make sure your site is running an updated and supported version of PHP.

Beyond security considerations, sites that are running on older versions of PHP are missing out on the significant performance improvements that come with the newer versions.

Drupal and PHP 5

Drupal 8

Drupal 8 will drop support for PHP 5 on March 6, 2019. We recommend updating to at least PHP 7.1 if possible, and ideally PHP 7.2, which is supported as of Drupal 8.5 (which was released March, 2018). Drupal 8.7 (to be released in May, 2019) will support PHP 7.3, and we may backport PHP 7.3 support to Drupal 8.6 in the coming months as well.

Drupal 7

Drupal 7 will drop support for older versions of PHP 5 on December 31st, but will continue to support PHP 5.6 as long there are one or more third-party organizations providing reliable, extended security support for PHP 5.

Earlier today, we released Drupal 7.61 which now supports PHP 7.2. This should make upgrades from PHP 5 easier. Drupal 7’s support for PHP 7.3 is being worked on but we don’t know yet when it will be available.

Thank you!

It’s a credit to the PHP community that they have maintained PHP 5 for fourteen years. But that can’t go on forever. It’s time to move on from PHP 5 and upgrade to a newer version so that we can all innovate faster.

I’d also like to thank the Drupal community — both those contributing to Drupal 7 and Drupal 8 — for keeping Drupal compatible with the newest versions of PHP. That certainly helps make PHP upgrades easier.

ComputerMinds.co.uk: Beware File::getFileUri()!

I’ll keep this short and sweet, but we thought this would be a useful tip to share with the world as a potential security issue with the combined use of File::getFileUri() and FileSystem::realpath().

Consider the following code excerpt :

$file = File::load($some_file_uri);

if ($file) {
  $uri = $file->getFileUri();
  $file_realpath = Drupal::service('file_system')->realpath($uri);
}

Seems pretty harmless right? Load up the file from $some_file_uri , If we have a valid file then get the URI and then grab the real path.

Wrong (potentially, depending on what you do with $file_realpath).

If $file is a valid file, but for whatever reason the file is no longer physically located on disk, then $file->getFileUri() will return a blank string.

It turns out that passing this blank string $uri into Drupal::service(‘file_system’)->realpath($uri) will return the full webroot of your site!

Depending on what you were doing with said $file_realpath, it could then be a security issue.

We were handling a user webform submission and then sending the submission over to a CRM system… because $file_realpath was now the webroot of the site, then code that followed to archive the user submitted file ended up archiving the entire webroot and sending this over to the client’s CRM system. 

Luckily in this instance, the archive was only ever available temporarily server side and then went directly to the clients own CRM system, but in another circumstance this could have easily been a very serious security issue.

Fortunately the fix is quite simple, ensure the the $uri returned from ->getFileUri() is valid by some method, before passing through realpath(). Here, I now validate the uri matches what I know it should be for the current webform submission.

if ($file) {
  $uri = $file->getFileUri();
  $webform_id = $webform->get('id');
  $submission_id = $webform_submission->get('sid')->getValue()[0]['value'];
  $valid_file_scheme = strpos($uri, 'private://webform/' . $webform_id . '/' . $submission_id . '/') !== FALSE;

  if ($valid_file_scheme) { 
    // Proceed with the rest of the code..
  }
}

 

Dries Buytaert: The end of PHP 5

It’s easy to take PHP for granted. The Open Source scripting language is used by nearly 80% of the world’s websites.

According to W3Techs, around 61 percent of websites on the internet still use PHP 5. PHP 5 was first released fourteen years ago. Fourteen years is a long time, and makes it easy to take it for granted.

Now is the time to give PHP 5 some attention. In less than two months, on December 31st, security support for PHP 5 will officially cease. (Note: Some Linux distributions, such as Debian Long Term Support distributions, will still try to backport security fixes.)

If you haven’t already, now is the time to make sure your site is running an updated and supported version of PHP.

Beyond security considerations, sites that are running on older versions of PHP are missing out on the significant performance improvements that come with the newer versions.

Drupal and PHP 5

Drupal 8

Drupal 8 will drop support for PHP 5 on March 6, 2019. We recommend updating to at least PHP 7.1 if possible, and ideally PHP 7.2, which is supported as of Drupal 8.5 (which was released March, 2018). Drupal 8.7 (to be released in May, 2019) will support PHP 7.3, and we may backport PHP 7.3 support to Drupal 8.6 in the coming months as well.

Drupal 7

Drupal 7 will drop support for older versions of PHP 5 on December 31st, but will continue to support PHP 5.6 as long there are one or more third-party organizations providing reliable, extended security support for PHP 5.

Earlier today, we released Drupal 7.61 which now supports PHP 7.2. This should make upgrades from PHP 5 easier. Drupal 7’s support for PHP 7.3 is being worked on but we don’t know yet when it will be available.

Thank you!

It’s a credit to the PHP community that they’ve made it easy for all of us to take this programming language for granted. But that can’t go on forever. It’s time to move on from PHP 5 and upgrade to a newer version so that we can all innovate faster.

I’d also like to thank the Drupal community — both those contributing to Drupal 7 and Drupal 8 — for keeping Drupal compatible with the newest versions of PHP. That certainly helps make PHP upgrades easier.

Hook 42: BADCamp 2018 Retrospective: A GatsbyJS Primer

BADCamp 2018 and Gatsby logos

Now that I’ve settled back down in Alaska after a fun trip to Berkeley for BADCamp, I’m finally digesting all of the info I gathered throughout the week. As always, it was cool to look over the schedule and see what topics were getting a lot of attention; and, without a doubt, it seemed like GatsbyJS was the hot-ticket item this year. So here’s a primer on what GatsbyJS is and why the Drupal community seems so head-over-heels for this up and coming site generator.

Kanopi Studios: BADCamp + Accessibility = Education, Inspiration and Opportunity

Now that the excitement of BADCamp has worn off, I have a moment to reflect on my experience as a first-time attendee of this amazing, free event. Knowing full well how deeply involved Kanopi Studios is in both the organization and thought leadership at BADCamp, I crafted my schedule for an opportunity to hear my colleagues while also attending as many sessions on Accessibility and User Experience (UX) as possible.

Kanopi’s sessions included the following:

The rest of my schedule revolved around a series of sessions and trainings tailored toward contributing to the Drupal community, Accessibility and User Experience.

For the sake of this post, I want to cover a topic that everyone who builds websites can learn from. Without further ado, let’s dive a bit deeper into the accessibility portion of the camp.  

Who is affected by web accessibility?

According to the CDC, 53 million adults in the US live with some kind of disability; which adds up to 26% of adults in the US. Issues range from temporary difficulties (like a broken wrist) to permanent aspects of daily life that affect our vision, hearing, mental processing and mobility. Creating an accessible website allows you to communicate with 1 in 4 adults you might otherwise have excluded.

What is web accessibility?

Accessibility is a detailed set of requirements for content writers, web designers and web developers. By ensuring that a website is accessible, we are taking an inclusive attitude towards our products and businesses. The Web Content Accessibility Guidelines (WCAG) are a globally acknowledged set of standards that help us publish content that fits within the established success criteria. These guidelines are organized into the following four categories.

WCAG Categories:

  • Is your website perceivable? This applies to non-text content, time-based media (audio and video), color contrast, text size, etc.
  • Is your website operable? This ensures that content is easy to navigate using a keyboard, that animations and interactions meet real-user requirements, buttons are large enough to click, etc.
  • Is your website understandable? This means that text content is easy to read for someone at a ninth grade reading level, that interactions follow design patterns in a predictable manner, that form errors are easy to recover from, etc.
  • Is your website robust? This means that content should be easy to interpret for assistive technologies, such as screen readers.

The World Wide Web Consortium (W3C) is an international community whose mission is to lead the Web to its full potential. They have also published a checklist to aid our efforts in meeting WCAG success criteria.

How can we be successful in making the web accessible?

Industries have varied requirements when it comes to web accessibility. WCAG has three levels of compliance, ranging from A to AA to AAA. A conformity has the lowest set of requirements and AAA has the strictest set of requirements; so strict, in fact, it may be impossible to achieve across an entire site.

Efforts to meet these standards fall on every individual involved in the process of creating a website. Although there are many tools that aid in our journey, we reach accessibility through a combination of programmatic and manual means.

The most important thing to keep in mind is the fact that achieving success in the world of accessibility is a journey. Any efforts along the way will get you one step closer towards a more inclusive website and a broader audience base.

Please Remember: Once Kanopi helps you launch an accessible site, it’s your job to maintain it. Any content you add moving forward must be properly tagged; images should have proper alt text and videos should have captions. Users come to your site because they love your content, after all! The more you can make your content accessible, the more you will delight your users.

Interested in making your site more accessible? Check out some of the resources I linked to above to join in learning from my peers at BADCamp. If you need more help getting there, let’s chat!

The post BADCamp + Accessibility = Education, Inspiration and Opportunity appeared first on Kanopi Studios.

MidCamp – Midwest Drupal Camp: MidCamp is Coming

MidCamp is Coming

MidCamp is returning for its sixth year next March 20-23, 2019. We’ll be back at DePaul University for four days of presentations, professional training, contribution sprints, and socials. Designers, developers, and users will be able to brush shoulders with Drupal service providers, hosting vendors, and other members of the broader web development community.

Agenda Overview

This year we have some changes to our general agenda. We’ll be adding summits for the first time! We’ve also moved our sessions to Thursday and Friday so that attendees get some of their weekends back. A high-level agenda is as follows:

  • Wednesday, Mar 20 – Summits, Training, and Contribution Sprints

  • Thursday and Friday, Mar 21-22 – Sessions

  • Saturday, Mar 23 – Contribution Sprints

Stay Tuned for these Upcoming Dates

Stay tuned into the website and our newsletter for some upcoming dates.

  • NOW! – Ticket sales are open on Eventbrite. Spread the word and get your tickets early: https://midcamp2019.eventbrite.com/

  • Nov 14, 2018 – Our website will be fully up and running. It will be ready to open our call for papers.

  • Dec 12, 2018 – Call for papers will close and travel information will be available on the website.

  • Jan 9, 2019 – We will open the registration for training and summits.

  • Jan 16, 2019 – Announce Featured speakers on the website.

  • Jan 23, 2019 – We will post the Final schedule for the website.

Help us Make MidCamp!

It’s not too late to get involved with MidCamp 2019. We’re on MidCamp Slack. You can also contribute by telling us what topics you’re interested in seeing in the 2019 program.

 

Join the conversation