atlas des actus
Planet Drupal
04  décembre     06h14
Samuel Mortenson: Meet Bookish, an install profile for static Drupal blogs
   For the last four years I’ve been working on a static site generator for Drupal called Tome. Unlike other generators Tome uses vanilla Drupal, which means that if you know how to build a Drupal site, you know how to build a Tome site One downside of this is that when comparing a default install...
Samuel Mortenson: Drupal security testing for everyone
   I’ve just published a new project for performing static application security testing SAST on Drupal sites, mortenson psalm plugin drupal. Using Psalm, custom plugins, funky scripts, and a lot of elbow grease, I think I have something that will help everyone write safer Drupal code.
Samuel Mortenson: Promoting jQuery JSON to JSONP to trigger XSS
   I’ve done quite a bit of security research for Drupal, and one area of exploitation that I often come back to is the AJAX API. Drupal’s AJAX API is built on top of jQuery, and lets developers easily add interactive behavior to the frontend.
Samuel Mortenson: Drupal Services SQL injection - don’t trust abstractions
   Drupal doesn’t have many SQL injection vulnerabilities anymore, at least not since the original Drupalgeddon was released into the wild. So what makes Drupal so safe Abstractions of course The database abstraction layer or DB layer is used throughout core and contrib to make all sorts of...
Samuel Mortenson: Drupal services private file access bypass via IDOR
   There’s a feature in Drupal that not a lot of people know about, but is a great target for security research private files. Private files allow you to upload files to a non public directory on your server, then serve them through Drupal instead of through your HTTP server. Drupal is then able to...
Samuel Mortenson: Making a multiplayer game with Go and gRPC
   Recently I’ve started to pick up a new programming language, Go, but have struggled to absorb lessons from presentations and tutorials into practical knowledge. My preferred learning method is always to work on a real project, even if it means the finished work has loads of flaws.
Samuel Mortenson: Building my site with Tome and Single File Components
   I’ve just finished re building my site using Tome and Single File Components SFC , two Drupal projects I maintain and wanted to test out on a real site. If you’re reading this post, you’re already on my new website Hope it’s working OK so far.
Samuel Mortenson: Simplifying Drupal frontend with Single File Components
   I’ve been thinking about ways to make Drupal frontend easier recently, and have been working on an experimental module called Single File Components SFC , which lets you put your CSS, JS, Twig, and PHP in one file. If you want to skip the blog you can just check out the project at https...
Samuel Mortenson: Static searches with Drupal and Lunr
   As a part of my ongoing work on Tome, a Drupal static site generator, I’ve become interested in providing a solution for static searches. If you have a static site there’s typically no backend to do any server side processing, which means that search has to be done on the client or through a third...
Samuel Mortenson: Creating Tome, a static site generator for Drupal 8
   Six months ago I started work on Tome, a static site generator for Drupal . After lots of rewrites and long nights, Tome has finally reached the beta phase of testing and development Up until now, I haven’t invested a lot of time in communicating what I’m doing, why I made Tome, or why static...
Samuel Mortenson: Hijacking Drupal admin accounts using REST
   Note: This exploit was fixed over a year ago as a part of SA CORE CVE , so unless your Drupal site is really, really out of date, you should not be affected. When I do security research on Drupal core, I tend to focus on one class of vulnerability and pursue that until I find...
Samuel Mortenson: How I work on Drupal
   I recently celebrated my five year anniversary on, and wanted to write about how I work on issues day to day and my general contribution vibe . My account was created the week I started working at Acquia as a part of their employee on boarding, and I only really used it to...
Samuel Mortenson: Introducing Twig Components
   Last week I published the Twig Components Drupal module the latest in a series of projects aiming to combine Twig, Web Components, and PHP. I wanted to write about why I’m doing this work, and why developers should care.
Samuel Mortenson: Getting creative with Drupal XSS
   In the world of web security, cross site scripting XSS vulnerabilities are extremely common, and will continue to be a problem as web applications become increasingly complex. According to a report by Bugcrowd, a popular bug bounty site, XSS vulnerabilities account for of valid...
Samuel Mortenson: Chained Drupal CSRF to disable all blocks
   Note: The exploit discussed in this post was never included in a stable core release, so don’t freak out The Drupal security team quickly fixed this while . .x was still in development. One method I commonly use when auditing Drupal code is to find routes that are accessible to anonymous users,...
03  décembre     07h00
LostCarPark Drupal Blog: Drupal Advent Calendar day 3 - Markdown Easy
   Drupal Advent Calendar day Markdown Easy james Sun, : Welcome back to day of the Drupal Advent Calendar. Behind today’s door Mike Anello ultimike introduces us to the Markdown Easy module.I’m Mike Anello from DrupalEasy and I’m the...
02  décembre     07h00
LostCarPark Drupal Blog: Drupal Advent Calendar day 2 - Subpathauto and Friends
   Drupal Advent Calendar day Subpathauto and Friends james Sat, : Welcome to the second day of the Drupal Advent Calendar. Behind today’s door, Josh Mitchell joshuami tells us about the Subpathauto module, and some neat tricks when using...
Michael J. Ross: Proprietary vs. Open Source CMSs
   Proprietary vs. Open Source CMSs Michael J. Ross If and when your organization needs a new website, in most cases the best approach is to build it upon a content management system CMS , which is like a framework that allows the website owner to easily add...
01  décembre     17h39
The Drop Times: Costa Rica 2023: A Glimpse into Success at Drupal Camp
   Check out what went down at Drupal Camp in Costa Rica Get insights into sessions and stories from tech folks. It’s a peek into Costa Rica’s tech world something you don’t wanna miss
The Drop Times: Calendar View Module Offering Simplified Drupal Calendars
   Introducing Calendar View Module: a lightweight tool by Matthieu Scarset, that streamlines the complex process of calendar creation in Drupal. With a focus on simplicity, this module offers a user friendly approach, allowing even those with limited technical expertise to effortlessly build...
LostCarPark Drupal Blog: Drupal Advent Calendar day 1 - Gin Admin Theme
   Drupal Advent Calendar day Gin Admin Theme james Fri, : Welcome to the Drupal Advent Calendar. Behind today’s door, we find the Gin Admin Theme, with a fantastic write up by Ludovic Favre Grumpy .Since Drupal , Claro has been the...
30  novembre     21h55
Promet Source: How to Keep Data Secure During CMS Migration
   Takeaway: Securing data is a continuous process, not just a one time action. When we talk about CMS migration, especially for sites with sensitive information, the focus should be as much on keeping data safe during the move as on ensuring its ongoing security afterward. As someone deeply involved...
Salsa Digital: Salsa at DrupalCon Europe 2023
   Suchi’s Rules as Code presentation Suchi’s presentation provides information about two Rules as Code implementations, both using OpenFisca and Drupal, including an OpenFisca Drupal module that integrates OpenFisca with a Drupal webform. Akhil’s CivicTheme presentation Akhil’s presentation looks at...
29  novembre     23h18
Drupal Core News: Coding standards proposals for final discussion on 20 December
   The Technical Working Group TWG is announcing two coding standards changes for final discussion. Feedback will be reviewed at the meeting scheduled for Wednesday December UTC. Issues for discussion New coding standard: Code style for declare strict types ; Argument lists for function...
    21h49 Access Apache Solr admin over HTTPS in DDEV
   I have seen some chatter lately about folks asking how to access the Solr admin interface over HTTPS instead of HTTP connection in DDEV. Enabling this is a simple change to the docker compose.solr.yaml file in the .ddev directory.In the file, make the following changes under the environment section:
LN Webworks: Google Tag Manager With Drupal : All You Need to Know
   Maximizing website engagement and interactivity is a major goal of all marketers. However, the management of multitudinous third party integrations and tracking tools is a laborious task. Gladly, Google created Google Tag Manager to simplify the complicated lives of marketing teams worldwide. It...
28  novembre     14h00
Tag1 Consulting: A Guide to Estimating Migrations - How Much Will My Drupal Migration Cost? Part 2 3
   This podcast series focuses on the strategies involved in upgrading and migrating Drupal websites and applications. Read more michaelemeyers Tue, :
Specbee: Handling Custom Drupal Migrations Using SqlBase
   There’s so much going on in the world of Drupal migrations. Drupal reached its End Of Life EOL on November, . Drupal will reach EOL by January final extension . Drupal was released back in December and its current version, . . was released on November, . More than...
    07h01 Blog: Interview with John Faber of Chapter Three: Next-Drupal & securing the future of Drupal
27  novembre     21h14
PreviousNext: Drupal front-end nirvana with Vite, Twig and Storybook
   We’re proud to announce the release of vite plugin twig drupal, a plugin for Vite that we hope will improve your workflow for front end development with Drupal. by lee.rowlands November The problem spaceYou’re working with Twig in a styleguide driven development process....