Drupal

govi_mecanismos_contacto

drupal.org - Modules - Mon, 06/11/2018 - 18:26

This feature provides the configuration and content specific structure that allows publication of the Contact Mechanisms of the Public Entities of the Bogotá's District which corresponds to the Standard for the Publication and Divulgation of Public Information defined in the Law of Transparency and Public Information Access of Colombian State.

Categories: Drupal

Drupal + Local SEO + Schema = How do I do this?

Drupal - Open Source Content Platform - Mon, 06/11/2018 - 14:11

A buddy of mine got a developer to make him a site and it was on Drupal. He asked me to help him out, but to be honest, I only make WordPress sites so I have no clue how to implement Schema for his local business. I usually have plugins to help me on WP but I cannot find a guide on Drupal online. Any help would be appreciated. Thank you.

submitted by /u/everythingred
[link] [comments]

Jacob Rockowitz: Project Management + Estimation + Mentorship = Sustainability

drupal.org aggregator - Mon, 06/11/2018 - 13:55

These are some of the ingredients that can make open source sustainable

The title of this blog post, "Project Management + Estimation + Mentorship = Sustainability" does not represent an exact formula for solving the challenges of open source sustainability. It establishes what I feel are the ingredients to a recipe that could significantly improve the sustainability of open source projects. To discover the right recipe for sustainability, it is key to define sustainability.

Defining open source sustainability

The above description could sound like a standard cooperative or partnership agreement except that the General Public License (GPL), attached to most open source projects, makes the product of this arrangement entirely free for anyone to use and alter. This is the challenge of open source sustainability: the result of our labor, aka the product, is absolutely free. There is no doubt that people and organizations have found incredible value in open source software. But what is the value of the labor?

Personally, I am passionate about maintaining my project the Webform module for Drupal 8, because it is my baby. The reality is that our kids grow up and we need to make sure they are independent and healthy. We put in the time and effort because we consider it worthwhile and because we care. This parent/child analogy helps clarify the simple but key notion that everyone who contributes and is involved in open source cares about their project and community. People and organizations contribute a considerable amount of time to build and maintain their open source projects. It’s time and energy that could equate to money.

Time = Value = Money

Let's accept the reality that when a developer contributes to open source, they are typically taking time away for their paying jobs (and family) to...Read More

Categories: Drupal

OPTASY: What Does It Take to Develop a Mobile-First Content Strategy for Your Drupal Website?

drupal.org aggregator - Mon, 06/11/2018 - 10:47
What Does It Take to Develop a Mobile-First Content Strategy for Your Drupal Website? adriana.cacoveanu Mon, 06/11/2018 - 14:47

There's definitely no way around it, not anymore: with Google's index now mobile-first, adopting a mobile-first approach when building a new Drupal site (or redesigning a legacy one) is… a must! It no longer depends on a specific project's needs or on the used technology. The need to develop a mobile-first content strategy has gone from particular to universal.

And facing the challenge of:
 

  1. (re)creating
  2. optimizing
  3. structuring
     

… content on your Drupal website means conforming to those specific patterns that mobile users have developed for reading content on their smartphones.

Categories: Drupal

Custom elements

drupal.org - Modules - Mon, 06/11/2018 - 10:38

WIP - stay tuned

Categories: Drupal

Weekly Drupal beginner questions thread

Drupal - Open Source Content Platform - Mon, 06/11/2018 - 10:08

Ask your newbie questions here! No judgement!

(Check out the weekly post schedule in the sidebar)

submitted by /u/AutoModerator
[link] [comments]

ComputerMinds.co.uk: Rebranding ComputerMinds - Part 6: Migration

drupal.org aggregator - Mon, 06/11/2018 - 09:03

I volunteered to carry out the migration for the new ComputerMinds site as migration was one of the very few areas of Drupal that I hadn’t delved into thus far. With Drupal 8 becoming more and more popular, now was a great opportunity to learn the migration ropes. Luckily, Drupal 8’s migration has greatly improved since Drupal 7 so my life was made somewhat a little “easier”!

This article will be aimed at some of my finds and processes, rather than a “How to do a D8 migration”.

Since our new site was very different to our old one in terms of content, we had to be quite choosey in exactly what was needed. We decided that we only really needed the articles; pretty much everything else was a fresh start. We would be manually carrying over users; as that would be too little work to warrant writing a migration for.

In order for us to get our articles over from the old site, we would need to migrate the current taxonomy terms, URL aliases (this would come back to bite me hard!), files and last but not least, the article nodes themselves. Migrating just a node seemed simple enough, but you quickly forget that it is more than just a node. All the stuff attached to the node has to be carried over.

Modules like Migrate plus and Migrate tools are great additions to the migration family and I can highly recommend them; they make life so much easier! Migrate plus “basically” writes the migration for you :)

With Migrate plus doing the bulk of the work for me, the only PHP code I needed to write was to map our old User ID’s to the new ones, so original authors would be retained. Otherwise I could take all the credit for every single article ComputerMinds has ever written in the past (mwahah!). This can be easily achieved using a simple process plugin.

/** * This plugin will tie a piece of content with an existing user. * * @migrateProcessPlugin( * id = "user_id_mapper" * ) */ class UserIdMapper extends ProcessPluginBase { /** * {@inheritdoc} */ public function transform($value, MigrateExecutableInterface $migrate_executable, Row $row, $destination_property) { $mapping = [ 'oldID' => 'newID', ]; if (!empty($value)) { $value = $mapping[$value]; } return $value; } }

We had some term reference fields, and like Drupal 7, Drupal 8 will reduce your potential workload - it creates taxonomy terms for you if those terms are missing from your new site. Nice and easy.

The biggest remaining hitch was extracting the three components from a body field. These are value, summary and format. Summary and format were fairly straight forward, but attaining the value component was a real pain (the code below will show you otherwise). Straight away you’ll notice inconsistencies with the “keys”. I would have expected the format to have been body/value, body/summary and body/format, but alas this was not the case.

body: body body/summary: source: teaser body/0/format: plugin: static_map source: body/0/format map: markdown: markdown full_html: basic_html filtered_html: restricted_html

This took a few painful hours to debug and figure out, to this day I still do not know why! At least this being documented here can save others some pain and time.

With all migration finished and the site ready to be shipped out, what came apparent is that (as mentioned very briefly earlier) I had not accounted for some URL aliases (I had used a process plugin to pinch only the aliases we needed). I’d assumed, yes assumed (naughty developer), that ALL articles had the SAME URL path auto pattern. Big, big boo boo. What I didn’t know was that some articles on our old side had been migrated from an even older site and these article URLs came in all shapes and sizes; shapes and sizes that do not match our current path auto pattern. I’ve been fixing redirects and 404’s since :)

Lesson of the day

Do not ASSUME everything is the same. Do go check everything is how you expect it to be before migrating content.

Categories: Drupal

split

drupal.org - Modules - Mon, 06/11/2018 - 08:57

This module is used to split the amount between the users of system. This module provides the split form where user can split amount between users. Users can also see the logs at statistics link.

Categories: Drupal

John Svensson: How to dynamically create image styles derivatives - Part 1

drupal.org aggregator - Mon, 06/11/2018 - 08:45

Three months ago I wrote an article on how to Create Image Styles and Effects programmatically and today we're following up on that article but introducing on how we can do that dynamically.

So, essentially what we would like to do is that we display an image, where we can adjust the way the image is outputted, given a height, width or aspect ratio etc.

Please bear in mind that all code provided in this article are experimental and does not yet cover things like access control, etc in this part.

Let's take a look at the service Unsplash.com. Its basically a free image bank with high quality images submitted by awesome freelancers and professionals that you can use for free.

Image by Eric Ward

The URL for the image above is the following:

https://images.unsplash.com/photo-1499365094259-713ae26508c5?ixlib=rb-0.3.5&ixid=eyJhcHBfaWQiOjEyMDd9&s=26d4766855746c603e3d42aaec633144&auto=format&fit=crop&w=500&q=60

The parts we're actually interested in are: &auto=format&fit=crop&w=500&q=60 we can adjust them as we like and the image is displayed differently, i.e. changing the width of the earlier image to a smaller one:

Alright, that's what we would like to do in Drupal 8. This article will be very iteratively, we'll rewrite the same code over and over until we get what we want. We'll notice issues and problems that we will deal with through out the article.

Prepare an environment to work in

We'll use a fresh Drupal 8.6.x installation.

To quickly scaffold some boilerplate code I'm going to use Drupal Console.

First let's create a custom module where we can put our code and logic in:

$ vendor/bin/drupal generate:module

I'll name the module dynamic_image_viewer

dynamic_image_viewer.info.yml

name: 'Dynamic Image Viewer' type: module description: 'View an image dynamically' core: 8.x package: 'Custom'

Next we need some images to work with, we'll use the core Media module for that. So let's enable that module:

vendor/bin/drupal module:install media

Now we can add some images. Go to Content >> Media >> Add media.

Implementing a Controller to display the image

The first step is to create a controller that will render the Media image to the browser. Again we'll use Drupal Console for a controller scaffold: vendor/bin/drupal generate:controller

We'll create a route on /image/{media} where Media will accept an media ID that due to Drupals parameter upcasting will give us a media instance in the controller method arguments. Doing this, if a invalid media ID is passed in the URL a 404 page is shown for us. Neat!

So we'll modify the generated controller slightly to this:

src/Controller/ImageController.php

<?php namespace Drupal\dynamic_image_viewer\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\media\MediaInterface; /** * Class ImageController. */ class ImageController extends ControllerBase { /** * Show an image. * * @param MediaInterface $media * * @return array */ public function show(MediaInterface $media) { return [ '#type' => 'markup', '#markup' => $media->id(), ]; } }

And the routing file looks like this: dynamic_image_viewer.routing.yml

dynamic_image_viewer.image_controller_show: path: '/image/{media}' defaults: _controller: '\Drupal\dynamic_image_viewer\Controller\ImageController::show' _title: 'show' requirements: _permission: 'access content'

If we install the module, vendor/bin/drupal module:install dynamic_image_viewer and hit the URL /image/1 we should see a page with the ID being outputted.

Render the original image

Ok. Currently nothing is rendered, so what we'll do is that we render the uploaded original image first.

To serve the file we'll use BinaryFileResponse. So let's update the ImageController::show method.

We'll also import the class in the top of the file:

use Symfony\Component\HttpFoundation\BinaryFileResponse;

/** * Show an image. * * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(MediaInterface $media) { $file = $media->field_media_image->entity; $uri = $file->getFileUri(); $headers = file_get_content_headers($file); $response = new BinaryFileResponse($uri, 200, $headers); return $response; }

So what we do here is that we grab the File entity from the field_media_image field on the Media image bundle. We get the URI and, using the file_get_content_headers we get the proper headers. Finally we serve the file back with the proper headers to the viewer.

And if we hit the URL again:

Before we continue, we should note some things that we'll get back to later:

  • What if the media ID is not a Media image?
  • The user can still access the media even if its unpublished.
  • What about cache?
Let's make a hard-coded image derivative

To modify the image, we'll create a new instance of ImageStyle and add an image effect.

Let's update the ImageController::show method again:

/** * Show an image. * * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(MediaInterface $media) { $file = $media->field_media_image->entity; $image_uri = $file->getFileUri(); $image_style = ImageStyle::create([ 'name' => uniqid(), // @TODO This will create a new image derivative on each request. ]); $image_style->addImageEffect([ 'id' => 'image_scale_and_crop', 'weight' => 0, 'data' => [ 'width' => 600, 'height' => 500, ], ]); $derivative_uri = $image_style->buildUri($image_uri); $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri); $response = new BinaryFileResponse($derivative_uri, 200); return $response; }

So what we do here is that we create a new ImageStyle entity, but we don't save it. We give it a unique name (but we'll change that soon) and then add we add an image effect that scale and crops the image to a width of 600 and height 500.
And then we build the derivate uri and if the file exists already, we'll serve it and if not we'll create a derivative of it.

There is one big problem here. Since we use a unique id as name of the image style we'll generate a new derivative on each request which means that the same image will be re-generated over and over. To solve it for now, we could just change the

$image_style = ImageStyle::create([ 'name' => uniqid(), // @TODO This will create a new image derivative on each request.

to a constant value, but I left it for that reason intentionally. The reason is that I want to explicitily tell us that we need to do something about that and here is how:

If we look back at the URI from Unsplash earlier &auto=format&fit=crop&w=500&q=60, these different keys are telling the code to derive the image in a certain way.

We'll use the provided keys and combine them some how in to a fitting name for the image style. For instance, we could just take the values and join them with a underscore.

Like so:

format_crop_500_60 and we'll have a unique string. If the user enters the same URL with the same parameters we'll be able to find the already existing derivative or if its another image, we'll create a derivative for it.

You'll also notice that I removed the $headers = file_get_content_headers($file); it is because those headers are not the correct ones for ur derivatives, we'll add them back soon.

Dynamic width and height values

On our second iteration of the code we'll now add the width and height parameters, and we'll also change the name of the image style to be dynamic.

Again, we'll update ImageController::show

We'll also import a class by adding use Symfony\Component\HttpFoundation\Request; in the top of the file.

/** * Show an image. * * @param Request $request * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(Request $request, MediaInterface $media) { $query = $request->query; $width = (int) $query->get('width', 500); $height = (int) $query->get('height', 500); // We'll create the image style name from the provided values. $image_style_id = sprintf('%d_%d', $width, $height); $file = $media->field_media_image->entity; $image_uri = $file->getFileUri(); $image_style = ImageStyle::create([ 'name' => $image_style_id, ]); $image_style->addImageEffect([ 'id' => 'image_scale_and_crop', 'weight' => 0, 'data' => [ 'width' => $width, 'height' => $height, ], ]); // ... Rest of code

First we updated the method signature and injected the current request. Next, we'll get the width and height parameters if they exist and if not we fallback to something. We'll build an image style name of these dynamic values. With this we updated the name of the ImageStyle instance we create which makes sure that we can load the same derivative if the user hits the same URL. Finally we updated the width and height in the image effect.

Let's add the proper headers back

Here is the updated ImageController::show and current file:

src/Controller/ImageController.php

<?php namespace Drupal\dynamic_image_viewer\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\media\MediaInterface; use Symfony\Component\HttpFoundation\BinaryFileResponse; use Drupal\image\Entity\ImageStyle; use Symfony\Component\HttpFoundation\Request; use Drupal\Core\Image\ImageFactory; use Symfony\Component\DependencyInjection\ContainerInterface; /** * Class ImageController. */ class ImageController extends ControllerBase { /** * The image factory. * * @var \Drupal\Core\Image\ImageFactory */ protected $imageFactory; /** * Constructs a ImageController object. * * @param \Drupal\Core\Image\ImageFactory $image_factory * The image factory. */ public function __construct(ImageFactory $image_factory) { $this->imageFactory = $image_factory; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container) { return new static( $container->get('image.factory') ); } /** * Show an image. * * @param Request $request * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(Request $request, MediaInterface $media) { $query = $request->query; $width = (int) $query->get('width', 500); $height = (int) $query->get('height', 500); $image_style_id = sprintf('%d_%d', $width, $height); $file = $media->field_media_image->entity; $image_uri = $file->getFileUri(); $image_style = ImageStyle::create([ 'name' => $image_style_id, ]); $image_style->addImageEffect([ 'id' => 'image_scale_and_crop', 'weight' => 0, 'data' => [ 'width' => $width, 'height' => $height, ], ]); $derivative_uri = $image_style->buildUri($image_uri); $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri); $headers = []; $image = $this->imageFactory->get($derivative_uri); $uri = $image->getSource(); $headers += [ 'Content-Type' => $image->getMimeType(), 'Content-Length' => $image->getFileSize(), ]; $response = new BinaryFileResponse($uri, 200, $headers); return $response; } }

First we added a new dependency to our controller \Drupal\Core\Image\ImageFactory which allows us to construct an Image instance, where we can get meta data from the image, but also gives us a unified interface to apply things to our image. For instance, we could desaturate the image by doing $image->desaturate(); and then resave the file. Fow now we're only using it to retrieve the meta data. We'll take advantage of that in the next part, when we refactor some of the written code and add more flexibility to what we can dynamically output.

If we hit the url and add both the width and height parameters we'll get something like this:

In the up coming article we'll take a better look at what we have, what we miss (access control, what if a user hits the same URL at the same time), adding more effects, and exploring the use of the Image and toolkit APIs more in depth.

We'll most likely remove adding image effects through ImageStyles and only use the image style for creating derivates that we can we can later apply changes with the toolkit API.

If you want to continue on your own, take a look at ImageStyleDownloadController.php file in core which contains a lot of code that we can re-use.

Categories: Drupal

Commerce eGHL

drupal.org - Modules - Mon, 06/11/2018 - 08:29

This module is a payment gateway for Drupal Commerce. It provides an off-site
redirect payment method to eGHL: http://e-ghl.com/v2/ . The payment transaction
workflow was inspired by https://github.com/dilab/omnipay-eghl .

Requirements

* PHP 5.6 or higher
* Drupal Commerce https://www.drupal.org/project/commerce

Categories: Drupal

Drupal in Docker: Accessing the app from both the fpm-container and the nginx-container

Drupal - Open Source Content Platform - Mon, 06/11/2018 - 08:03

Hi.

I'm planning on running PHP-FPM (i.e. Drupal) and Nginx in separate containers. This is the current content of my application folder:

drupal@server ~/ % tree -L 1 ./app ./app ├── composer.json ├── composer.lock ├── config ├── drush ├── LICENSE ├── load.environment.php ├── phpunit.xml.dist ├── README.md ├── scripts ├── vendor └── web

They both need access to the code repo: PHP-FPM (Drupal) need access to ./app, and Nginx need access to ./app/web.

As both containers need access to the same data, I can't simply copy the data into the image when I build them, and are stuck with mounting the data as volumes. On the other hand, I'd like not to checkout the Git repo on the production server, but rather deploy containers (that ships with the code they need).

An alternative would be during build to copy ./app/web into the nginx image, and the rest of the folders into the PHP-FPM image. but this feels kind of like a hack.

How have others handles this type of issue?

submitted by /u/kenneho
[link] [comments]

OpenSense Labs: Best Drupal 8 Security Practices to Follow

drupal.org aggregator - Mon, 06/11/2018 - 07:38
Best Drupal 8 Security Practices to Follow Akshita Mon, 06/11/2018 - 17:08

Even though security remains one of the major concerns for an organization, the implication of new technologies has at the same time broadened and complicated the understanding of the term. 

Security is no more about working in isolation. 

Recent events such as Drupalgeddon 2 in March and other subsequent security releases in April – marked critical – have once again brought the question ‘Is Drupal Secure?’ to the center-table. Drupal is among those few open source projects popular for their security with a dedicated team working on to improve it. However, there are still sometimes when the security of your Drupal website is under the impression of threat. 

Security is a vast area of expertise and it is quickly changing with time. No more is it about one person working in isolation or an expert who can understand all the aspects. 

While the list of do’s and don'ts is extensive and exhaustive to keep up with the threats, vulnerabilities and mitigation strategies, here are the top seven Drupal security practices to follow in order to keep up the health of your website. 

And Aristotle once said...

The aim of the wise is not to secure pleasure but, to avoid pain. Seven Drupal 8 Security Practices Securing the Server-side Hosting Environment

Before starting off with the general security hacks and tips, you need to secure your server-side hosting environment. Here are some points to keep in mind before moving to securing your core. 

  1. Protect the server: Only a limited number of users must be allowed to access your server. One of the key points is to add a basic layer by restricting the access to server login details. Once the authentication is set up, it is easier to monitor server access and restricting file access usage. This can help you detect unusual activities.
     
  2. Hide the server signature: Server Signature needs to be hidden as it reveals an important piece of information about the server and operating system. It can let a hacker know if you are using Apache or Linux - information which can be utilized as a vulnerability used to hack the server. In order to keep the server secure from possible vulnerabilities, you need to hide the server signature. 
     
  3. Enable port wise security - Since the applications use the port numbers, it is important to keep certain port numbers hidden from general access. 
Securing the Drupal Core
  • Keep your Core Updated
    A key practice, keeping the core updated will always be the first when listing healthy security practices. And this was the first lesson we learned from the Drupalgeddon2. Always look out for core updates (include the minor releases as well) unless security is not on your agenda. In all of its advisories, the Drupal Security Team asks for updating the core version of the system. 

    If you fall a long ways behind the latest update, you are opening yourself to vulnerabilities. Since history tells us that hackers target the older versions.

    Look out for core updates. Follow the Drupal security team @drupalsecurity on Twitter. Get quick updates and announcements from the team through the emails and security newsletter. You can also follow Security Group in order to contribute and stay part of the security discussions. 

    Another important point to note here is when updating the core - ALWAYS keep a backup of your site's database and codebase. We will discuss this security practice later in the article. 
     
  • Security by Design
    As a matter of fact, every stakeholder wants security to be a simple concept, sadly it isn’t. One of the biggest misconceptions here would be that investing a hefty sum post development would ensure a secure system. However, it is never the case. 

    The best practice to follow is at the architectural level when the website is being designed. 

    Security by Design ensures that designing the software up by the ground to be secured in order to minimize the impact of a vulnerability when discovered. Pacing up your security from the foundation - is the key. It implies following the best security practices at the architectural level instead after building the website. 

    When the foundation of the design remains secure regardless of a reasonable approach adopted later, you can tackle the issues easily. A uniform methodology needs to be adopted to protect the assets from the threats. 

    Once the requirements have been collected, the architecture can be laid out and other elements can be discussed later like trusted execution environment, secure boot, secure software update among others.
"The key to security is eternal vigilance"
  • Use Additional Security Module
    When covering security, there is nothing as better than equipping yourself with more and more. To keep the walls up high, you can use the additional security modules like security kit, captcha, and paranoia. Drupal Security Review can be used as a checklist to test and check for many of the easy-to-make mistakes making your site vulnerable.  

    You can also look out for a List of Must Have Security Modules to prevent you from becoming the next victim of a potential cyber attack. 
     
    • Security kit
      SecKit provides Drupal with various security-hardening options. This lets you mitigate the risks of exploitation of different web application vulnerabilities such as cross-site scripting (XSS), Cross-site request forgery, SSL, Clickjacking and other. 
       
    • Captcha
      A CAPTCHA is a reaction test put in the web structures to eliminate entry by robots. It helps in protecting your website’s contact and sign up forms asking you to prove your credibility as a human with a bizarre sequence of characters, symbols, numbers and sometimes images.

      Often they thwart you from accessing the content. Quite the irony, their purpose is contrary to what we reckon about them.

    • Paranoia 
      Paranoia helps you identify all the vulnerable issues/ places from where a potential leak is possible. It alerts the admin when an attacker tries to evaluate the PHP script via the website interface. 

      It helps in blocking the permission for the user to grant PHP visibility and creation of input formats that use PHP filter.

      It also prevents the website to grant risky permission, mostly the ones that involve leaking the script information.  

    • But Use only Security Team Approved Modules 
      Your site probably uses a number of contributed modules, although that’s not an issue. Using the stable and approved modules is where the key lies. This is especially worth noting for contrib modules which are more susceptible to vulnerability. 

      Always look out for the green batch when downloading a contrib module. Rest, as the advisory reads, Use it at your own risk! An example of security team approved module with a green batch An example of a vulnerable module
    Backing Up - In Case of a Mishappening
    • Keep Up your Backup
      Catastrophes never come invited. While all seems perfect, you might wake up to find out that your website has been taken down by some psychotic hacker. Although it is an unforeseen event, you can definitely arm up yourself.

      As an administrator, you have to be prepared for all of such uninvited events. They can be controlled and the damage minimized by strengthening security, frequent backups, installing updates in a timely manner.  

      We cannot stop disasters but we can arm ourselves with better security and backups. Hosting by Acquia cloud or Pantheon provide automated daily backups of your site’s database, files, and code plus single-click restoration if something goes wrong. 

      You can also use the Backup and Migrate Module or Demo Module because unlike life your Drupal website has the option to go back for some changes. 
    User-Side Security
    • Follow a Standard Practice with a Strong Password Policy
      Passwords are used at both admin and user level, therefore strong and secure passwords are important for your website. When I say strong password should be used I have nothing against short and easy passwords. Easy should never imply less efficient

       A string like Mypassword123 will prove acceptable but is obviously weak and can easily be brute-forced.

      The best practice? Your password should provide realistic strength in terms of measurement and complexity. A password must only be allowed as long as it proves to be of high enough entropy with a combination of characters, alphabets - uppercase and lowercase, symbols, and numbers.

      Start checking passwords on explicit rules and amount of varying character types to be used (symbols, numbers, uppercase letters, etc). 

      Password Strength - a Drupal module - classifies the expected brute-force time for the summed entropy of common underlying patterns in the password. Patterns that can be detected in passwords include words that are found in a dictionary of common words, common first and last names or common passwords. 
    Your password can make the difference between a vulnerable and a hard-to-hack Drupal site.

    While there will always be some new thing to add to the list, you can be sure that this list comprises of the core practices which need to follow. The protocol for communication needs to be clear and well documented. Properly documented procedures are important, as third-party services can often be manipulated.

    In need of a security update or services? Drop a mail at hello@opensenselabs.com and let us help you out. 

    Site builders and developers need to keep an eye open for the possible when security releases are announced and apply them quickly, to ensure the site is not compromised. It is good to be consistent and have your reasoning documented so that it is clearly understood.

    blog banner blog image Blog Type Articles Is it a good read ? On
    Categories: Drupal

    OH

    drupal.org - Modules - Mon, 06/11/2018 - 06:52

    OH is an alternative office hours / opening hours solution.

    Categories: Drupal

    Valuebound: How to highlight search results in Search API Solr View in Drupal 8

    drupal.org aggregator - Mon, 06/11/2018 - 05:15

    In Search API, there is a field for a search excerpt that you can use on field views to highlight search results. In this article, I’m going to show you how to enable excerpt and set it using views. Here I’m assuming that you have already set the Search API module and has a Search API Solr view.

    Follow the steps:

    Go to Manage -> Configuration -> Search and Metadata -> Search API.

    In your search API index ‘processors’ tab, enable Highlight Processor as shown below.

    Categories: Drupal

    What to do if you were hit by drupalgeddon 2 and don't have a backup?

    Drupal - Open Source Content Platform - Sun, 06/10/2018 - 23:28

    A non-profit that I used to volunteer for emailed me frantically asking if I can help them, saying they were hacked. I am not a drupal guy, but through some online scanners and looking up the problem, I am pretty sure they got hit with drupalgeddon 2, since they hadn't updated Drupal in two years and were still on 7.5. However, googling this problem, the main solution just seems to be to delete everything and to restore a clean backup.

    But they weren't getting regular backups. The only one on the grid-server they have is from last week, when they were already hacked. I haven't worked with them in 3 years, so it wasn't me.

    The site is still up, but no one can login. I tried creating a test user in sql for myself and giving it an md5/salt pass, and I still can't log in with it.

    They have IT support but they are pretty much useless (clearly, given the fact they didn't feel the need to be sure that their client had clean backups of their site or any security patches).

    They gave me FTP and phpmyadmin access, so I can do anything for them to help them restore this site/get rid of the crypto garbage or whatever else is on here?

    The site is just an informational site, so it's not like credit cards are at risk, but it would be a ton of work for them to start from scratch.

    Any help appreciated- I don't work with drupal much so this is new to me.

    submitted by /u/MegatonPupper
    [link] [comments]

    How ready is Drupal 7 core for PHP 7?

    Drupal - Open Source Content Platform - Sun, 06/10/2018 - 17:57

    I just transferred a Drupal 7 installation to Debian 9 and when I try to connect to the site I get the error PHP Fatal error: Cannot use "self" when no class scope is active in vars.module on line 39.

    There is a Drupal issue on it Upgrade to PHP7: Cannot use "self" when no class scope is active [#2668622] | Drupal.org, but it doesn't seem to be fully resolved and I am not sure which PHP7 version it works on.

    The verison of PHP on Debian 9 is PHP Version 7.0.27-0+deb9u1

    The point is I am running a Drupal 7 on Ubuntu 16.04 whose PHP version is PHP Version 7.0.30-0ubuntu0.16.04.1 and it runs without that error.

    Are there versions of PHP 7 running on Debian 9 which work with unpatched Drupal 7, perhaps later ones like PHP 7.1 or PHP 7.2?

    Maybe the bug only manifests in early versions of PHP 7.

    submitted by /u/vfclists
    [link] [comments]

    Roy Scholten: Implementing IndieWeb on your personal Drupal site, part 1

    drupal.org aggregator - Sun, 06/10/2018 - 17:53
    Sub title

    Laying the foundations for POSSE

    /sites/default/files/styles/large/public/20180610-indieweb.png?itok=KzjgwAsG

    This is my version of the steps you need to take to make your site part of the indie web community. Swentel helped me getting it all setup on this here Drupal site using his indieweb module. It’s all a bit complicated still, so this is mostly me trying to retroactively understand what’s going on.

    As it says on the site, the IndieWeb is a people-focused alternative to the corporate web. Its main tenets:

    1. Ownership – your content is yours, it should not belong to a corporation.
    2. Connection – starting from your own site you can share your content to all other services.
    3. Control – post what you want, in the format you prefer, using your own URLs that you keep permanent.

    While 1 and 3 are essential and relatively easy to achieve (use your own domain and post your content there), it’s number 2 that is the most alluring.

    Owning your stuff and being able to share it across multiple platforms combines ownershop with reach. This is what “POSSE” is all about: Publish (on your) Own Site, Syndicate Elsewhere. Drupal lead Dries Buytaert has written several posts outlining his POSSE plan.

    Getting started

    This “Connection” part of indieweb publishing is also the most complicated. There are quite a few moving parts to getting it all up and running.

    For Drupal sites, the setup for the community/sharing/syndication parts of indieweb publishing has gotten much more accessible with the release of the IndieWeb module created by swentel. It doesn’t necessarily reduce the number of things to set up, but it provides a centralized UI for all of them: Webmentions, Microformats, Feeds, Micropub, IndieAuth and Microsub.

    Before going over the details of configuring the indieweb module itself, we have to take care of some basics first.

    Introduce yourself (right on)

    To own your content on the web, you have to establish that you are in fact, you. That’s why IndieWeb starts with having your own domain and posting some initial content there. Important part of this initial content is a specific bit of HTML that establishes you as the author and owner of things published on this particular domain:

    Roy Scholten

    The specific part here is that “h-card” class added to the anchor tag. This “h-card” is one of a collection of so-called microformats. With microformats you give more structure and semantics to information presented in HTML. In this case, h-card is the microformat to use for publishing information about people or organisations. We’ll need to add other microformats to (blog) posts you publish on the site, but that’s for later.

    To do in Drupal

    The indieweb module does not (yet?) handle adding this information to your site. Add your version of the HTML snippet above to a (new or existing) Drupal block. Place that block to be visible on your homepage. The site footer or maybe a sidebar are obvious places you can put it. Mine’s in the footer below.

    You can check if all is fine with https://indiewebify.me/validate-h-card/. Enter your domain name there and it will report back with what it found and suggest additional elements you could add to enhance your h-card.

    Even without posting any other content to your own site, you now have your own space on the indie web and setup your identity in a way that you own and control.

    Next: add links to your existing social media accounts

    You’ve seen those signup forms that let you create an account by using your existing Google, Facebook or Twitter account details. In this step, you configure your own domain to be your IndieAuth identity. This lets you use your own domain to sign in to other sites and services.

    There are not many sites outside the indieweb circles itself that offer this, I think. It’s still useful to do this though. You’ll likely want to use some of these indieweb services, especially to automatically share (links to) your content on other platforms like Twitter or Facebook.

    To do in Drupal

    Detailed instructions are here. In short:

    Add links to your other profiles and add the rel="me" attribute. Might as well add this to that h-card block you created in the first step. For example:

    @royscholten on Twitter

    If you have a Github account, that’s also a good one to add.

    To do on the external sites you link to

    Link back to your homepage from your profile page on these services. The indieweb wiki has direct links to edit your Twitter and Github profile.

    Then, try logging in to indieweb.org to see if it all works.

    So far, so good,

    So what? By establishing your identity on your own domain you stake out your own spot on the internet that you control. With this set up, you have created an environment for publishing on your own site and syndicating elsewhere.

    Next time: configuring the indieweb module to start sending and receiving webmentions, the indieweb catch-all term for comments, likes, reposts and the like.

    Tags indieweb posse drupalplanet
    Categories: Drupal

    The currency conversion script on my Drupal 7 site no longer seems to be working since update?

    Drupal - Open Source Content Platform - Sun, 06/10/2018 - 15:59

    Hey, I'm not great with Drupal at all but have been brought in to help with the Web Dev for a local company and am in the process of building them a new site.

    In the meantime, since we updated the Drupal Core security package, one of the scripts on the website is no longer working. Because we showcase imported items from Italy, we usually enter the EURO price when adding new content, and then a script converts this to GBP price when viewing the content as a user. This is not a commerce site either, it is more-so an 'online showroom' of sorts so I can't seem to access the Commerce features I've seen other people solve this question with.

    I can't for the life of me work out where this script is even located on the site and where/how it is being called as there seems to be no installed modules/widgets (whatever they're called in Drupal) that provides this feature at all.

    Cheers

    submitted by /u/FunkyRaccoon117
    [link] [comments]

    JSON API Include

    drupal.org - Modules - Sun, 06/10/2018 - 06:58

    Add include data to relationship of JSON API output.

    Categories: Drupal

    Looking for a 5 star rating module where I can use average rating and rating count as tokens

    Drupal - Open Source Content Platform - Sun, 06/10/2018 - 06:40

    I am looking for a five star rating module with which I can set up rating for nodes as a field for my content type.

    The most important thing is, that I then can use average rating and rating count as tokes. Example:

    • [node:field_rating:average_rating] would give a number for average rating e. g. 3.
    • [node:field_rating:rating_count] would give the number of votes e. g. 231.

    I have tried to do this with Fivestar Rating module but tokens are giving back blank values.

    Any ideas what module would be fitting my needs?

    Thanks in advance

    submitted by /u/Joetunn
    [link] [comments]

    Pages