Drupal Planet

Syndicate content
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 2 hours 15 min ago

Phponwebsites: Clear views cache when insert, update and delete a node in Drupal 7

Sat, 04/16/2016 - 2:21am
div dir=ltr style=text-align: left; trbidi=onThis blog describes how to clear views cache while inserting, updating and deleting a node in Drupal 7. If we want to improve site performance, then views caching is one of the options.br /br /nbsp; nbsp;For example, you have views which display list of records. It will update occasionally. Then we can render views data from cache rather than server if we set cache for views. We can set views cache at its settings page. Suppose you have cached views for 5 mins. Then it didn't display updated data until 5 mins even if new node is added to that views. It displays updated data only after 5 mins because the views is cached for 5 mins. In that situation, the user can't view new data in cached views. So we need to clear views cache when add , update and delete a node. So only we can see new data in views and also data is rendered from cache.br /br /div class=separator style=clear: both; text-align: center;a href=https://3.bp.blogspot.com/-2dZJrEzybyo/Vw54vofxgNI/AAAAAAAAAr0/t1_yNPbeeY8VKgDshXJUmfE410aul9MvQCLcB/s1600/drupal-7-clear-views-cache-phponwebsites.png imageanchor=1 style=margin-left: 1em; margin-right: 1em;img alt=Clear views cahce when insert, update and delete a node in drupal 7 border=0 src=https://3.bp.blogspot.com/-2dZJrEzybyo/Vw54vofxgNI/AAAAAAAAAr0/t1_yNPbeeY8VKgDshXJUmfE410aul9MvQCLcB/s1600/drupal-7-clear-views-cache-phponwebsites.png title=Clear views cahce when insert, update and delete a node in drupal 7 //a/divbr /br /h3 style=text-align: left;span style=font-weight: normal;Clear views cache when insert a new node in Drupal 7:/span/h3nbsp; nbsp;The newly added node has not been displayed in views list if the cache is applied to a views. So we need to clear views cache when insert a new node using hook_node_insert(). Lets see the code for clear views cache while inserting a node:br /br /div class=bdrnbsp;lt;?phpbr /nbsp;/**br /nbsp; * Imeplement hook_node_insert().br /nbsp; */br /nbsp;function phponwebsites_node_insert($node) {br /nbsp; nbsp;if ($node-gt;type == 'tasks') {br /nbsp; nbsp; nbsp;//clear views cachebr /nbsp; nbsp; nbsp;$viewsname = 'activity';br /nbsp; nbsp; nbsp;cache_clear_all($viewsname, 'cache_views_data', TRUE);br /nbsp; nbsp;}br /nbsp;}/divbr /h3 style=text-align: left;span style=font-weight: normal;Clear views cache when update a node in Drupal 7:/span/h3nbsp; nbsp;When you tried to update a node, the updated data in that node has not been displayed in views. So we need to clear views cache when update a node using hook_node_update(). Lets see the code for clear views cache while updating a node:br /br /div class=bdrnbsp;lt;?phpbr /nbsp;/**br /nbsp; * Imeplement hook_node_update().br /nbsp; */br /nbsp;functionnbsp;phponwebsites_node_update($node) {br /nbsp; nbsp;if ($node-gt;type == 'article') {br /nbsp; nbsp; nbsp;//clear views cachebr /nbsp; nbsp; nbsp;$viewsname = 'articles';br /nbsp; nbsp; nbsp;cache_clear_all($viewsname, 'cache_views_data', TRUE);br /nbsp; nbsp;}br /nbsp;}/divbr /h3 style=text-align: left;span style=font-weight: normal;Clear views cache when delete a node in Drupal 7:/span/h3nbsp; nbsp;After delete a node, you could see the deleted node is displayed in the views. So we need to clear views when delete a node using hook_node_delete(). Lets see the code for clear views cache while deleting a node:br /br /div class=bdrnbsp;lt;?phpbr /nbsp;/**br /nbsp; * Imeplement hook_node_delete().br /nbsp; */br /nbsp;functionnbsp;phponwebsites_node_delete($node) {br /nbsp; nbsp;if ($node-gt;type == 'article') {br /nbsp; nbsp; nbsp;//clear views cachebr /nbsp; nbsp; nbsp;$viewsname = 'articles';br /nbsp; nbsp; nbsp;cache_clear_all($viewsname, 'cache_views_data', TRUE);br /nbsp; nbsp;}br /nbsp;}/divbr /nbsp; nbsp;You can see the performance of views page will be increased and you can see changes in your views. Now I've hope you know how to clear views cache when insert, update and delete a node in Drupal 7./div
Categories: Drupal Feeds

DrupalEasy: DrupalEasy Podcast 173 - Secret Bunker (Peter Wolanin, Cathy Theys - Drupal Security Team)

Fri, 04/15/2016 - 11:36pm
pa href=https://drupaleasy.podbean.com/mf/play/72db66/DrupalEasy_ep173_20160415.mp3Direct .mp3 file download./a/p pCathy Theys (a href=https://www.drupal.org/u/yesctyesct/a) and Peter Wolanin (a href=https://www.drupal.org/u/pwolaninpwolanin/a) from the a href=https://www.drupal.org/security-teamDrupal Security Team/a join Anna Kalata and Mike Anello to discuss the origins, evolution, and efforts of the team. Peter and Cathy discuss how to report potential security issues, how issues are handled within the team, and how they prioritize potential contributed module security issues. In addition, we discuss Drupal from the outside-in, Cathy's travel schedule, secret bunkers, the need for us to keep Peter busy in the Drupal community (seriously), Mike's slow loss of control, customers who contribute, and how Drupal might be related to the a href=https://en.wikipedia.org/wiki/Panama_PapersPanama Papers/a. As if that wasn't enough, we give Cathy control of the five questions - let the fun begin!/p h2Interview/h2 ullia href=https://www.drupal.org/security-teamDrupal Security Team home/a. /li lia href=https://www.drupal.org/node/101494How to report a security issue/a. /li lia href=https://www.drupal.org/drupal8-security-bountyDrupal 8 Security Bounty Bug Program/a. /li liLinks related to ad-hoc pre-security team activity: a href=https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1921https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1921/a, a href=http://www.securiteam.com/exploits/5BP0O20GBS.htmlhttp://www.securiteam.com/exploits/5BP0O20GBS.html/a, a href=https://www.exploit-db.com/exploits/1078/https://www.exploit-db.com/exploits/1078//a, a href=https://www.drupal.org/node/1341738https://www.drupal.org/node/1341738/a. /li lia href=https://www.drupal.org/security/secure-configurationBest practice to block xml rpc in htaccess?/a. /li lia href=https://security.drupal.org/team-membersCurrent Security Team members/a. /li lia href=https://security.drupal.org/joinJoin the Security Team/a. /li /ulh2DrupalEasy News/h2 ulliDrupalEasy and SixMileTech team up for a href=https://events.drupal.org/neworleans2016/training/module-developmentIntroduction to Drupal 8 Module Development/a at DrupalCon New Orleans./li /ulh2Four Stories/h2 ullia href=https://www.drupal.org/drupalorg/blog/top-10-contributing-customersTop 10 contributing customers/a Drupal Association blog post by Joshua Mitchell. a href=https://www.drupal.org/drupalorg/blog/a-guide-to-issue-credits-and-the-drupal.org-marketplaceInformation for organizations who want their people to start recording attribution/a. /li lia href=http://buytaert.net/examples-of-how-to-make-drupal-outside-inExamples of how to make Drupal outside-in/a - blog post by Dries Buytaert. /li lia href=https://www.drupal.org/drupal-8.1.0-rc1Drupal 8.1 RC1 is available/a. /li lia href=https://events.drupal.org/news/schedule-live-drupalcon-new-orleansDrupalCon New Orleans schedule is available/a. /li /ulh2Sponsors/h2 ullia href=http://www.linnovate.net/slaLinnovate.com/sla/a /li lia href=http://webenabled.comWebEnabled.com/a - a href=https://devpanel.comdevPanel/a /li /ulh2Picks of the Week/h2 ulliCathy - a href=http://www.jeffgeerling.com/blog/2016/yes-drupal-8-slower-drupal-7-heres-whyYes, Drupal 8 is slower than Drupal 7 - here's why/a blog post by Jeff Geerling. /li liMike - a href=https://www.drupal.org/project/groupGroup/a module for Drupal 8. See a href=https://www.drupaleasy.com/video/2016/04/using-group-module-administrator-content-editor-access-control-drupal-8Mike's screencast/a demonstrating its use. /li liPeter - a href=http://www.forbes.com/sites/thomasbrewster/2016/04/05/panama-papers-amazon-encryption-epic-leak/#2ec66f51df59From Encrypted Drives To Amazon's Cloud -- The Amazing Flight Of The Panama Papers/a. /li liAnna - Counterpoint to Forbes pointing at Drupal: WordPress slider implicated a href=https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulnerable-slider-revolution/Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause/a. /li liAnna - a href=http://buytaert.net/state-of-drupal-2016-surveyState of Drupal 2016 Survey/a. /li /ulh2Upcoming Events/h2 ullia href=http://drupaldelphia.com/DrupalDelphia/a - April 8, 2016. /li lia href=http://2016.drupalcamp.es/Drupal Camp Spain - Granada/a - Apr 22-24, 2016 - Cathy will be there. /li lia href=http://drupalcon.orgDrupalCon New Orleans/a - May 9-13, 2016 - Cathy is a href=https://events.drupal.org/neworleans2016/tracks/#core-conversationscore conversation track chair/a, a href=https://events.drupal.org/neworleans2016/sessions/drupal-8-where-did-code-go-info-hook-pluginPeter's session/a. /li lia href=http://www.drupalnorth.org/DrupalNorth Montreal/a - June 16-19, 2016 - Cathy will be keynoting. /li /ulh2Follow us on Twitter/h2 ullia href=http://twitter.com/drupaleasy@drupaleasy/a /li lia href=http://twitter.com/andrewmriley@andrewmriley/a /li lia href=http://twitter.com/liberatr@liberatr/a /li lia href=http://twitter.com/ultimike@ultimike/a /li lia href=http://twitter.com/tedbow@tedbow/a /li lia href=http://twitter.com/sixmiletech@sixmiletech/a /li lia href=http://twitter.com/akalata@akalata/a /li lia href=http://twitter.com/yesct@YesCT/a /li lia href=http://twitter.com/hook_menu@hook_menu/a /li /ulh2Cathy's Five Questions (answers only)/h2 olliPython library for reading shape files (a href=https://github.com/cleder/pyshppyshp/a). /li liRetirement. /li liGo back to DIY microbiology/genetic engineering. /li liChx asking him to do “something easy” for Drupal 6. /li liBrian Osborne, working on CAS module (a href=https://www.drupal.org/u/bkosbornebkosborne/a). /li /olh2Intro Music/h2 ullia href=https://www.youtube.com/watch?v=7zvCOKzY3kA#t=30m30sR.T.B.C. - from the DrupalCon Los Angeles pre-note/a performed by Larry Garfield. /li /ulh2Subscribe/h2 pa href=https://itunes.apple.com/us/podcast/drupaleasy-podcast/id305745575Subscribe to our podcast on iTunes/a or a href=http://www.getmiro.com/Miro/a. Listen to our podcast on a href=http://stitcher.com/s?fid=28701amp;refid=stprStitcher/a./p pIf you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our a href=http://DrupalEasy.com/contactcontact page/a./pdiv class=feedflare a href=http://feeds.feedburner.com/~ff/DrupalEasy?a=xY5Mf1vLPeQ:HpRyts53A7M:yIl2AUoC8zAimg src=http://feeds.feedburner.com/~ff/DrupalEasy?d=yIl2AUoC8zA border=0/img/a a href=http://feeds.feedburner.com/~ff/DrupalEasy?a=xY5Mf1vLPeQ:HpRyts53A7M:qj6IDK7rITsimg src=http://feeds.feedburner.com/~ff/DrupalEasy?d=qj6IDK7rITs border=0/img/a /divimg src=http://feeds.feedburner.com/~r/DrupalEasy/~4/xY5Mf1vLPeQ height=1 width=1 alt=/
Categories: Drupal Feeds

Lullabot: Lullabot's 8th Annual DrupalCon Party

Fri, 04/15/2016 - 2:41pm
div class=rich-textpLullabot#x2019;s annual party has become a DrupalCon tradition #x2013; fun friendly people hanging out and having a good time. If you#x2019;re new to DrupalCon, it#x2019;s a great place to meet people. And if you#x2019;re an old-timer, it#x2019;s a great place to see old friends and make new ones./p pstrongLullabot#x2019;s DrupalCon Party 2016/strongbr/ Wednesday, May 11th at the a href=https://www.acehotel.com/neworleansAce Hotel/abr/ 600 Carondelet St.br/ New Orleans, LA 70130br/ 7PM #x2018;til wheneverbr/ (a a href=https://www.google.com/maps/dir/Convention+Center+Blvd,+New+Orleans,+LA+70130/600+Carondelet+St,+New+Orleans,+LA+70130/@29.945564,-90.0706884,17z/data=!3m1!4b1!4m14!4m13!1m5!1m1!1s0x8620a66faf9a2707:0x81306dde0c88b155!2m2!1d-90.0644775!2d29.9426927!1m5!1m1!1s0x8620a674f96cdc1d:0x326a129a6ca91928!2m2!1d-90.0719486!2d29.948318!3e215 minute walk/a from Drupalcon)/p pWe have 31 Lullabots attending Drupalon this year. Nine of them are a href=https://www.lullabot.com/articles/lullabot-drupalcon-sessions-2016presenting sessions/a, so don#x2019;t miss those. Also, both Lullabot and a href=https://tugboat.qaTugboat/a will be representing at booth 206 in the exhibit hall. We#x2019;ll have our famous floppy disk party invites at the booth, so stop by early on Tuesday if you want to fill out your collection. And finally, since itapos;s our 10 year anniversary, if you happen to stop by the booth wearing an old Lullabot tee, youapos;ll also receive a new special edition Lullabot shirt. Hooray for new threads!/p pThe venue for the party is a short 15 minute walk from the Convention Center. So stop by on Wednesday evening, enjoy a drink with us, and say #x201C;hello!#x201D;./p /div
Categories: Drupal Feeds

Drop Guard: Drop Guard recipes: Configure your Drupal update behaviours

Fri, 04/15/2016 - 1:15pm
span data-quickedit-field-id=node/67/title/en/rss class=field field--name-title field--type-string field--label-hiddenDrop Guard recipes: Configure your Drupal update behaviours/span span data-quickedit-field-id=node/67/uid/en/rss class=field field--name-uid field--type-entity-reference field--label-hiddenspanIgor Kandyba/span/span span data-quickedit-field-id=node/67/created/en/rss class=field field--name-created field--type-created field--label-hiddenFri, 15.04.2016 - 20:15/span div data-quickedit-field-id=node/67/field_teaser_image/en/rss class=field field--name-field-teaser-image field--type-image field--label-hidden field__item img src=/blog/sites/default/files/styles/medium/public/2016-04/project-overview.jpg?itok=eZT7vaag width=220 height=156 alt=Project overview class=image-style-medium / /div div data-quickedit-field-id=node/67/body/en/rss class=clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__itempThe real benefits and value of Drop Guard are not about being able to monitor, but actually perform updates by committing the newer Drupal and modules versions directly into the project's Git repository. In this article, we'll familiarise ourselves with the basic Drop Guard concepts, and go through the update behaviours configuration process to secure our website./p /div div data-quickedit-field-id=node/67/field_blog_post_tags/en/rss class=field field--name-field-blog-post-tags field--type-entity-reference field--label-hidden field__items div class=field__itema href=/blog/taxonomy/term/7 hreflang=enDrop Guard/a/div div class=field__itema href=/blog/taxonomy/term/31 hreflang=enDrop Guard recipes/a/div div class=field__itema href=/blog/taxonomy/term/3 hreflang=enDrupal Planet/a/div /div
Categories: Drupal Feeds

The Cherry Hill Company: Join us for the Drupal in Libraries BoF at DrupalCon NOLA

Fri, 04/15/2016 - 12:34pm
pThis year's Drupal in Libraries Birds of a Feather session will be on Wednesday, May 11th from 3:45 to 4:45 in the Cherry Hill BoF Room (291) at the Morial Convention Center./p pThere is no agenda, so please bring your questions and stories. We would all love to see what you have been up to./p pAmong the things that we are interested in are the upcoming version of Islandora and summer reading programs./p
Categories: Drupal Feeds

Phponwebsites: Login using email and username in Drupal 7

Fri, 04/15/2016 - 12:31pm
div dir=ltr style=text-align: left; trbidi=onnbsp; nbsp;This blog describes about how to login using both email and username in Drupal 7. All of you know we could login using only username in Drupal 7.br /br /div class=separator style=clear: both; text-align: center;a href=https://1.bp.blogspot.com/-nvpgMT1lGR4/VxEhZTNv6ZI/AAAAAAAAAsU/iQQIhkrODVwH4YvNfDtW6_IlGU6rY4HngCLcB/s1600/login-email-username-drupal-phponwebsites.png imageanchor=1 style=margin-left: 1em; margin-right: 1em;img alt=Login using mail address and usename in Drupal 7 border=0 src=https://1.bp.blogspot.com/-nvpgMT1lGR4/VxEhZTNv6ZI/AAAAAAAAAsU/iQQIhkrODVwH4YvNfDtW6_IlGU6rY4HngCLcB/s1600/login-email-username-drupal-phponwebsites.png title=Login using mail address and usename in Drupal 7 //a/divbr /br /nbsp; nbsp; nbsp; nbsp;I've tried to login using email without any contrib modules. Finally i got the code. First alter form to add custom form validation. In custom form validation, get the name from user table by email and set that value into name field in form. nbsp;Let see the code:br /br /div class=bdrlt;?phpbr //**br /nbsp;* Implement hook_form_alter().br /nbsp;*/br /function phponwebsites_form_alter(amp;$form, amp;$form_state, $form_id) {br /br /nbsp; if ($form_id == user_login || $form_id == user_login_block) {br /nbsp; nbsp; $form['name']['#title'] = t('Username or E-mail Address');br /nbsp; nbsp; // Ensure a valid validate array.br /nbsp; nbsp; $form['#validate'] = is_array($form['#validate']) ? $form['#validate'] : array();br /nbsp; nbsp; // login using username or email addressbr /nbsp; nbsp; array_unshift($form['#validate'],'phponwebsites_user_login_validate');br /nbsp; }br /}br /br /nbsp;/**br /nbsp;* Implement phponwebsites_user_login_validate()br /nbsp;*br /nbsp;* Return name by its email addressbr /nbsp;*/br /function phponwebsites_user_login_validate($form, amp;$form_state) {br /nbsp; if (isset($form_state['values']['name']) amp;amp; strpos($form_state['values']['name'], '@') !== false) {br /nbsp; nbsp; nbsp; $name = db_query(SELECT name FROM {users} WHERE LOWER(mail) = LOWER(:name), array(':name' =gt; $form_state['values']['name']))-gt;fetchField();br /nbsp; nbsp; }br /nbsp; if (isset($name)) {br /nbsp; nbsp; form_set_value($form['name'], $name, $form_state);br /nbsp; }br /}/divbr /nbsp; nbsp;Now you can login using both username and email. I've hope you know how to login using both username and email in Drupal 7./div
Categories: Drupal Feeds

Modules Unraveled: 158 Using the Group module as an Alternative to Organic Groups in Drupal 7 and 8 with Kristiaan Van den Eynde - Modules Unraveled Podcast

Wed, 03/23/2016 - 12:00am
div class=field field--name-field-image field--type-image field--label-hiddendiv class=field__itemsdiv class=field__item evenimg typeof=foaf:Image src=https://modulesunraveled.com/sites/default/files/styles/podcast_default/public/podcast/image/KristiaanVandenEynde.jpg?itok=W8QJfw3J width=350 height=350 alt=Photo of Kristiaan Van den Eynde //div/div/divspan class=submitted-byPublished: Wed, 03/23/16/spandiv class=field field--name-field-podcast-file field--type-file field--label-hiddendiv class=field__itemsdiv class=field__item evendiv class=mediaelement-audioaudio src=http://traffic.libsyn.com/modulesunraveled/15820Using20the20Group20Module20as20an20Alternative20to20Organic20Groups20in20Drupal20720and20820with20Kristiaan20Van20den20Eynde20-20Modules20Unraveled20Podcast.mp3 class=mediaelement-formatter-identifier-1458712820-0 controls=controls /audiodiv class=mediaelement-download-linka href=http://traffic.libsyn.com/modulesunraveled/15820Using20the20Group20Module20as20an20Alternative20to20Organic20Groups20in20Drupal20720and20820with20Kristiaan20Van20den20Eynde20-20Modules20Unraveled20Podcast.mp3Download this episode/a/div/div/div/div/divdiv class=field field--name-body field--type-text-with-summary field--label-hiddendiv class=field__itemsdiv class=field__item even property=content:encodedh2Group Module/h2 ulliWhat is the Group module? ulliA really awesome tool to basically create subsites within one site, private content, manage groups of people or all that combined./li /ul/li liWhy did you create it instead of just using OG? ulliOG DX experience.../li /ul/li liThere are versions for D7 and D8. Which are you more focused on? ulliD8/li /ul/li liHow is the Group module different from Organic Groups? ulliGood question! The key difference is how the modules decide to structure their data, how that affects the user flow and how the configuration model is built./li /ul/li liWhat is the underlying architecture? OG uses entityreferences heavily. How does Group work? ulliDedicated Group Entity/li /ul/li liWhat’s the status? Is it usable now? (D7 and D8) ulliAvailable for Drupal 7 and 8, with the 8 version being a large improvement over D7. There’s a few minor things I need to add to the D8 version, but it looks and works great already!/li /ul/li liIs there much difference between the Drupal 7 and 8 version? ulliYes and no: the key concept remains the same, but the UX and data model was improved even further. I would really recommend going forward with D8 from now on if you have the chance./li /ul/li /ulh2Use Cases/h2 ulliWhy should I use Group instead of OG? ulliUX, UX, UX/li lidata structure/li liDX/li liBut most of all: dedicated functionality, it will all make sense!/li /ul/li liUsers that get something special that you can’t do with Roles/li liGroups of people/li liGroups of content/li liThere are so many!!!/li /ulh2Questions from Twitter/h2 ulliMichelle Lauer a href=https://twitter.com/bymiche@bymiche/abr / How many subgroups can you nest? How are permissions inherited?/li liMichelle Lauer a href=https://twitter.com/bymiche@bymiche/abr / Can you easily categorize roles within a group?/li liMichelle Lauer a href=https://twitter.com/bymiche@bymiche/abr / If you have many roles and want to expose them to managers - for UX purposes, roles in categories would be easier to look at/li liErich Beyrent a href=https://twitter.com/ebeyrent@ebeyrent/abr / Sounds like a great UX, what about DX - is there a well-defined API as well?/li liDamien McKenna a href=https://twitter.com/DamienMcKenna@DamienMcKenna/abr / Any plans to port some OG modules, e.g. og_menu or og_menu_single?/li liDamien McKenna a href=https://twitter.com/DamienMcKenna@DamienMcKenna/abr / Would it be possible to create og_forum's functionality out of the box or will it require custom work?/li liDamien McKenna a href=https://twitter.com/DamienMcKenna@DamienMcKenna/abr / Are the join forms configurable/fieldable?/li liTed Bowman a href=https://twitter.com/tedbow@tedbow/abr / Interested in this. Can you add fields to a membership? /li liErich Beyrent a href=https://twitter.com/ebeyrent@ebeyrent/abr / What doesn't Groups do? Are there features that you feel need to be added before 1.0 release?/li /ul/div/div/divdiv class=field field--name-field-items-mentioned field--type-link-field field--label-abovediv class=field__labelEpisode Links:nbsp;/divdiv class=field__itemsdiv class=field__item evena href=http://drupal.org/user/kristiaanvandeneynde rel=nofollow target=_blankKristiaan on drupal.org/a/divdiv class=field__item odda href=http://twitter.com/Magentix rel=nofollow target=_blankKristiaan on Twitter/a/divdiv class=field__item evena href=https://www.drupal.org/project/group rel=nofollow target=_blankThe Group Module/a/divdiv class=field__item odda href=https://github.com/mortenson/erd rel=nofollow target=_blankDrupal 8 Entity Relationship Diagrams/a/divdiv class=field__item evena href=https://www.drupal.org/project/config_inspector rel=nofollow target=_blankConfiguration inspector for Drupal 8/a/div/div/divdiv class=field field--name-field-tags field--type-taxonomy-term-reference field--label-abovediv class=field__labelTags:nbsp;/divdiv class=field__itemsdiv class=field__item evena href=/tags/group typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Group/a/divdiv class=field__item odda href=/tags/organic-groups typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Organic Groups/a/divdiv class=field__item evena href=/planet-drupal typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=planet-drupal/a/div/div/div
Categories: Drupal Feeds

Daniel Pocock: GSoC 2016 opportunities for Voice, Video and Chat Communication

Tue, 03/22/2016 - 10:55pm
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpI've advertised a GSoC project under Debian a href=https://wiki.debian.org/SummerOfCode2016/Projects#SummerOfCode2016.2FProjects.2FVoice_Webcam_and_Chat_Communication.Improving_voice.2C_video_and_chat_communication_with_free_softwarefor improving voice, video and chat communication with free software/a./p pReplacing Skype, Viber and WhatsApp is a big task, however, it is quite achievable by breaking it down into small chunks of work. I've been a href=https://project.freertc.org/issues?per_page=100cataloguing many of the key improvements needed to make Free RTC products work together/a. Many of these chunks are within the scope of a GSoC project./p pIf you can refer any students, if you would like to help as a mentor or if you are a student, please come and introduce yourself on the a href=https://lists.fsfe.org/mailman/listinfo/free-rtcFreeRTC mailing list/a. If additional mentors volunteer, there is a good chance we can have more than one student funded to work on this topic./p h3The deadline is Friday, 25 March 2016/h3 pThe student application a href=https://developers.google.com/open-source/gsoc/timelinedeadline/a is 25 March 2016 19:00 UTC. This is a hard deadline for students. Mentors can still join after the deadline, during the phase where student applications are evaluated./p pemThe Google site can be very busy in the hours before the deadline so it is recommended to try and complete the application at least 8 hours before the final deadline./em/p pAction items for students:/p ulliRegister yourself on the a href=https://summerofcode.withgoogle.com/get-started/Google Site/a and submit an application. You can submit applications to multiple organizations. For example, if you wish to focus on the a href=http://drucall.orgDruCall module for Drupal/a, you can apply to both Debian and Drupal./li liJoin the a href=https://lists.fsfe.org/mailman/listinfo/free-rtcFreeRTC/a mailing list and send a message introducing yourself. Tell us which topics you are interested in, which programming languages your are most confident with and which organizations you applied to through the Google site./li liCreate an application wiki page on a href=https://wiki.debian.org/SummerOfCode2016/StudentApplicationsthe Debian wiki/a. You are permitted to edit the page after the 25 March deadline, so if you are applying at the last minute, just create a basic list of things you will work on and expand it over the following 2-3 days/li /ulh3Introducing yourself and making a strong application/h3 pWhen completing the application form for Google, the wiki page and writing the email to introduce yourself, consider including the following details:/p ulliLink to any public profile you have on sites like a href=https://github.comGithub/a or bug trackers/li liTell us about your programming language skills, list the top three programming languages you are comfortable with and tell us how many years you have used each/li liother skills you have or courses you have completed/li liany talks you have given at conferences/li liany papers you have had published/li liany conferences you have attended or would like to attend/li liwhere you are located and where you study, including timezone/li liany work experience you already have/li liany courses, exams or employment commitments you have between 22 May and 24 August/li lianybody from your local free software community or university who may be willing to help as an additional mentor/li /ulh3Further reading/h3 pPlease also see my other project idea, a href=http://danielpocock.com/gsoc-2016-ham-radio-sdrfor ham radio / SDR projects/a and my blog a href=http://danielpocock.com/getting-selected-for-google-summer-of-code-2016Want to be selected for Google Summer of Code 2016?/a./p h3If you are not selected in 2016/h3 pWe try to make contact with all students who apply and give some feedback, in particular, we will try to let you know what to do to increase your chances of selection in the next year, 2017. Applying for GSoC and being interviewed by mentors is a great way to practice for applying for other internships and jobs./p /div/div/div
Categories: Drupal Feeds

Acquia Developer Center Blog: Drupal 8 Module of the Week: Linkit

Tue, 03/22/2016 - 12:31pm
div class=field field-name-field-blog-image field-type-image field-label-hiddendiv class=field-itemsdiv class=field-item evenimg typeof=foaf:Image src=https://dev.acquia.com/sites/default/files/styles/blog__190_x110_/public/blog/drupal_8_logo_isolated_cmyk_72_2_8.png?itok=2uMzRQ-s width=140 height=85 alt=Drupal 8 logo title=Drupal 8 logo //divdiv class=field-item oddimg typeof=foaf:Image src=https://dev.acquia.com/sites/default/files/styles/blog__190_x110_/public/blog/linkit.gif?itok=P8bLUwIK width=140 height=85 alt=Linkit autocomplete search in action title=Linkit autocomplete search in action //div/div/divdiv class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpemEach day, more Drupal 7 modules are being migrated to Drupal 8 and new ones are being created for the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some of the most prominent, useful modules, projects, and tools available for Drupal 8. This week, a handy-dandy usability module called stronga href=https://www.drupal.org/project/honeypotLinkit/a/strong./em/p /div/div/divdiv class=field field-name-field-blog-tags field-type-taxonomy-term-reference field-label-inline clearfixdiv class=field-labelTags:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/tags/acquia-drupal-planet typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=acquia drupal planet/a/divdiv class=field-item odda href=/tags/usability typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=usability/a/divdiv class=field-item evena href=/tags/drupal-8 typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=drupal 8/a/divdiv class=field-item odda href=/tags/d8 typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=D8/a/divdiv class=field-item evena href=/tags/linkit typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Linkit/a/divdiv class=field-item odda href=/tags/autocomplete typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=autocomplete/a/div/div/div
Categories: Drupal Feeds

Mediacurrent: Easy Ways to Make Your Website More Accessible

Tue, 03/22/2016 - 11:56am
img typeof=foaf:Image src=http://d1l4od7sxc8nwf.cloudfront.net/sites/default/files/styles/thumb_blog_spotlight/public/accessibility-01_0.png?itok=oTqOexcV width=200 height=152 / pI recently had the opportunity to give a beginners talk about website accessibility at a href=http://2016.midcamp.org/session/easy-ways-make-your-site-more-accessibleMidCamp 2016/a where I covered some easy ways to promote accessibility in terms of structure, color and contrast, fonts, links, and media. It was a wonderful experience for me and I was grateful for the audience who had some nice feedback and interesting questions. Here are the highlights of the presentation, plus the audio recording and links to related resources.  /p
Categories: Drupal Feeds

Jeff Geerling's Blog: Use Drupal 8 Cache Tags with Varnish and Purge

Tue, 03/22/2016 - 11:52am
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedp style=text-align: center;img src=//www.jeffgeerling.com/sites/jeffgeerling.com/files/images/varnish-cache-hit.png alt=Varnish cache hit in Drupal 8 width=311 height=92 //p pOver the past few months, I've been reading about BigPipe, Cache Tags, Dynamic Page Cache, and all the other amazing-sounding new features for performance in Drupal 8. I'm working on a blog post that more comprehensively compares and contrasts Drupal 8's performance with Drupal 7, but that's a topic for another day. In this post, I'll focus on a href=https://www.drupal.org/developing/api/8/cache/tagscache tags in Drupal 8/a, and particularly their use with a href=https://www.varnish-cache.org/Varnish/a to make cached content expiration much easier than it ever was in Drupal 7./p/div/div/div
Categories: Drupal Feeds

Disruptive Library Technology Jester: Modify Islandora objects on-the-fly using Devel “Execute PHP Code”

Tue, 03/22/2016 - 10:45am
pa href=http://islandora.ca/content/meet-your-developer-alan-stanley title=Meet Your Developer: Alan Stanley | Islandora WebsiteAlan Stanley/a taught me this trick at an Islandora Camp a few years ago, and when trying to remember it this morning I messed up one critical piece. So I#8217;ll post it here so I have something to refer back to when I need to do this again./ppThe a href=https://www.drupal.org/project/develDrupal Devel module/a includes a menu item for executing arbitrary PHP code on the server. (This is, of course, something you want to set permissions on very tightly because it can seriously wreck havoc on your day if someone uses it to do bad things.) Navigate to code/devel/php/code on your Islandora website (with the Devel module enabled), and you#8217;ll get a nice, big codelg;textareagt;/code and an #8220;Execute#8221; button:/pdiv id=attachment_27172 style=width: 594px; border: 1px solid #dddddd; background-color: #f3f3f3; padding-top: 4px; margin: 10px; text-align:center; class=wp-caption alignnonea href=http://d2chgkz0kdtxdm.cloudfront.net/wp-content/uploads/2016/03/devel-execute-php.png rel=attachment wp-att-27172img src=http://d2chgkz0kdtxdm.cloudfront.net/wp-content/uploads/2016/03/devel-execute-php-1024x794.png alt=Execute arbitrary PHP using Drupal Devel module. width=584 height=453 class=size-large wp-image-27172 srcset=http://d2chgkz0kdtxdm.cloudfront.net/wp-content/uploads/2016/03/devel-execute-php-300x233.png 300w, http://dltj.org/wp-content/uploads/2016/03/devel-execute-php-768x596.png 768w, http://dltj.org/wp-content/uploads/2016/03/devel-execute-php-1024x794.png 1024w, http://dltj.org/wp-content/uploads/2016/03/devel-execute-php-387x300.png 387w, http://dltj.org/wp-content/uploads/2016/03/devel-execute-php-250x194.png 250w, http://dltj.org/wp-content/uploads/2016/03/devel-execute-php-375x291.png 375w, http://dltj.org/wp-content/uploads/2016/03/devel-execute-php.png 1033w sizes=(max-width: 584px) 100vw, 584px //ap style=' padding: 0 4px 5px; margin: 0;' class=wp-caption-textExecute arbitrary PHP using Drupal Devel module./p/divpIn this case, I#8217;m generating the TECHMD datastream using the FITS module and displaying the results of the function call on the HTML page using the Devel module#8217;s a href=https://api.drupal.org/api/devel/devel.module/function/dpm/7dpm()/a function:/pdiv class=wp_syntaxtabletrtd class=codepre class=php style=font-family:monospace;span style=color: #b1b100;include/span drupal_get_pathspan style=color: #009900;#40;/spanspan style=color: #0000ff;'module'/spanspan style=color: #339933;,/span span style=color: #0000ff;'islandora_fits'/spanspan style=color: #009900;#41;/span span style=color: #339933;./span span style=color: #0000ff;'/includes/derivatives.inc'/spanspan style=color: #339933;;/span span style=color: #000088;$object/spanspan style=color: #339933;=/span islandora_object_loadspan style=color: #009900;#40;/spanspan style=color: #0000ff;'demo:6'/spanspan style=color: #009900;#41;/spanspan style=color: #339933;;/span span style=color: #000088;$results/span span style=color: #339933;=/span islandora_fits_create_techmdspan style=color: #009900;#40;/spanspan style=color: #000088;$object/spanspan style=color: #339933;,/span span style=color: #009900; font-weight: bold;False/spanspan style=color: #339933;,/span span style=color: #990000;array/spanspan style=color: #009900;#40;/spanspan style=color: #0000ff;'source_dsid'/span span style=color: #339933;=gt;/span span style=color: #0000ff;'OBJ'/spanspan style=color: #009900;#41;/spanspan style=color: #009900;#41;/spanspan style=color: #339933;;/span dpmspan style=color: #009900;#40;/spanspan style=color: #000088;$results/spanspan style=color: #009900;#41;/spanspan style=color: #339933;;/span/pre/td/tr/table/divpWorks like a charm!/p
Categories: Drupal Feeds

Acquia Developer Center Blog: Do You Need to Upgrade Your Drupal Site?

Tue, 03/22/2016 - 10:01am
div class=field field-name-field-blog-image field-type-image field-label-hiddendiv class=field-itemsdiv class=field-item evenimg typeof=foaf:Image src=https://dev.acquia.com/sites/default/files/styles/blog__190_x110_/public/blog/signs.jpg?itok=G75OSVDk width=140 height=85 alt=signs //div/div/divdiv class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpWe've been talking to our clients about Drupal upgrades a lot lately. This is not surprising, of course, given the recent release of Drupal 8, which signaled the end of life for Drupal 6./p pThe Drupal community is excited about all that Drupal 8 has to offer.  If you’re on Drupal 6, however, that excitement may be muted by the feeling that you're between platforms. You want to be thoughtful about your next steps. You want to anticipate all the possible consequences. The stakes are high./p pHere at a href=https://www.advomatic.com/Advomatic/a we've been involved in many, many Drupal upgrade decisions in the last few months. We've gotten good at helping customers navigate the options./p pSo what are we now telling our current customers, and prospective customers? Read on./p p /p /div/div/divdiv class=field field-name-field-blog-tags field-type-taxonomy-term-reference field-label-inline clearfixdiv class=field-labelTags:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/tags/acquia-drupal-planet typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=acquia drupal planet/a/div/div/div
Categories: Drupal Feeds

Danny Englander: Drupal 8 Theming: How I got Inspired by Drupal All Over Again

Tue, 03/22/2016 - 9:53am
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item oddpimg src=http://dannyenglander.com/sites/default/files/styles/adaptive/public/hrm-blog-banner-copy.jpg?itok=5vP6MXQA width=880 height=320 alt=quot;I was inspired by Drupal all over again and moreover, by Drupal 8quot; title=quot;I was inspired by Drupal all over again and moreover, by Drupal 8quot; class=image-adaptive inline-adaptive //p pWhen Drupal 8 and its innovative architectural changes were first announced several years back, there were a variety of reactions within the community ranging from euphoria and elation, to emFUD/em and potential abandonment of the platform altogether. I remember feeling caught in the middle of these two camps, not really being able to come to any conclusion for some time to come./p pAdmittedly, I had my reservations about Drupal 8 but I really wanted to give it a chance. I experimented with it while in the early alpha stages, but for a themer it was frustrating as there were constant code changes to core (as was to be expected), and the theming layer was constantly evolving./p pIn fact, these broad changes with Drupal 8 prompted the forking of Drupal 7 into a new platform called Backdrop CMS, which would carry the essence of Drupal 7 into the future while taking some of the refinements made to Drupal 8 and splitting the difference. I tested out Backdrop during that time as well, but honestly I was not happy with Backdrop's theming layer; it seemed disjointed to me./p h2Getting inspired all over again/h2 pFast forward to 2016 and now that Drupal 8 has been out for almost six months, I decided to dig in again. It all started with attending SANDCamp here in San Diego at the end of February. Thanks to my company, a href=http://jacksonriver.com/Jackson River/a for making my attendance to the camp possible, I was inspired by Drupal all over again and moreover, by Drupal 8. I was especially taken by how awesome and logical theming is in Drupal 8; it's now super refined and powerful. At the camp, I took an all day Drupal 8 theming workshop led by the good folks at Chapter Three, and by the end of the day I saw the light and was a believer./p pA lot of this has to do with two new base themes in Drupal 8 called Classy and Stable, as well as the underlying Twig and YAML frameworks. Out the box, Classy and Stable each give you 100 + templates to override and modify into your own custom sub-theme./p h2Classy has class/h2 blockquoteIts purpose is to provide many classes throughout the markup that help annotate and describe markup elements that render on the page. In the past, the extra effort that Drupal applies to elements in annotating them this way has been viewed as helpful by some and a hindrance by others. In Drupal 8, you now have the option of either including or excluding this extra help./blockquote h2Go minimal, don't use classy/h2 blockquoteNot using Classy is a great idea when you don't want the classes defined by Drupal to conflict with CSS and JavaScript frameworks being used by your theme. Excluding Classy gives you full responsibility over the classes your theme has./blockquote pI'm now in the process of designing and developing a Drupal 8 theme and I'm still deciding whether to use Classy or Stable as my base-theme. I'm thinking I'll use Classy and then in any of my template sub-theme overrides, I can alter or remove markup as needed. Using either of these as a base-themes in combination with Twig debugging makes Drupal 8 a theming force to be reckoned with./p h2Less preprocessing, more Twig/h2 pMuch of what used to be done altering things like field markup with codetheme_field/code in Drupal 7 is much more accessible and alterable directly in Twig templates now in Drupal 8. Thus, less of a need to use theme preprocess functions compared with Drupal 7. However, when you do need to write a preprocess function, you'll typically use minimal code. The other thing that I love with Drupal 8 theming is that theme hooks seem to be more accessible and easier to write via quick and easy alter hooks. Write a hook and magically see your new template suggestion(s) appear in your Twig debug area. In addition, the Drupal 7 module, emView Modes/em in now part of Drupal 8 core so you get easy creation of view modes AKA emDisplay Modes/em with a UI right out of the box. This is great news for themers, and I've become a huge fan theming using view modes over the past few years./p h2Devel Kint/h2 pAs a themer, if you were used to exploring data arrays in Drupal 7 with Devel's venerable codedpm/code functions, with Drupal 8 you can use Devel Kint. Kint is somewhat mind boggling at first but it does do very similar things ascodedpm/code did with Drupal 7. The one big feature missing for me with Kint is a search function similar to the emSearch Krumo/em module in Drupal 7. I hope that becomes available in the future. Kint most definitely comes in handy for designing your theme hooks./p h2Summary/h2 pI am really excited about theming with Drupal 8, I feel like I did when I first discovered and started developing with Drupal 6 back in 2009. In the coming months here on my blog, I hope to share some of this new-found theming knowledge. One of the main takeaways is that Drupal 8 theming presents far less of a barrier to entry than I thought it would./p /div/div/divh2 class=field-labelTagsnbsp;/h2ul class=field-items tag-itemsli class=field-item odd firstDrupal Planet/lili class=field-item evenDrupal 8/lili class=field-item oddTwig/lili class=field-item even lastDrupal/li/ulh2 class=field-labelResourcesnbsp;/h2ul class=field-items tag-itemsli class=field-item odd firsta href=https://www.drupal.org/node/2289511 target=_blank rel=nofollowThe Evolution of Classy: [meta] Results of Drupalcon Austin's Consensus Banana/a/lili class=field-item evena href=https://www.drupal.org/theme-guide/8/classy target=_blank rel=nofollowUsing Classy as a base theme/a/lili class=field-item odda href=http://twig.sensiolabs.org/ target=_blank rel=nofollowThe Twig template engine/a/lili class=field-item evena href=https://www.drupal.org/theme-guide/8/twig target=_blank rel=nofollowTwig in Drupal 8/a/lili class=field-item odda href=https://www.drupal.org/node/1935708 target=_blank rel=nofollowYAML in Drupal 8/a/lili class=field-item evena href=http://jacksonriver.com/news/part-1-report-drupal-sandcamp target=_blank rel=nofollowJackson River: Report from Drupal SANDCamp/a/lili class=field-item odda href=https://www.chapterthree.com/blog/drupal target=_blank rel=nofollowChapter Three/a/lili class=field-item even lasta href=http://raveren.github.io/kint/ target=_blank rel=nofollowKint/a/li/ul
Categories: Drupal Feeds

Code Enigma: Drupal Security Audits: What to look for

Tue, 03/22/2016 - 8:59am
div id=node-404 class=node node-page clearfix h2a href=/build/blog/drupal-security-audits-what-look-forDrupal Security Audits: What to look for/a/h2 div class=content div class=form-item form-type-item labelLanguage /label English /div article div class=max article-banner-topimg src=https://www.codeenigma.com/sites/default/files/styles/banner_mobile/public/13856199984_63b612a886_o.jpg?itok=tDhvqJOi width=400 height=225 alt=Drupal Security title=Drupal Security //div header class=altdiv h1Drupal Security Audits: What to look for/h1 /div/headerdiv class=revdiv class=main p class=leadSecurity audits in Drupal are not a trivial thing. This is how we do it./p /divfooter class=aside vcarda href=/community/blog?author=salvaimg src=https://www.codeenigma.com/sites/default/files/salva-yelllow.jpg width=240 height=240 alt=Photo of Salvador Molina Moreno //adiv class=vcard-detailsabbr class=published command contemporary title=2016-03-22T13:59:40+00:00Tue, 2016-03-22 13:59/abbrspan class=author contemporary secondaryBy a href=/community/blog?author=salva class=fn urlsalva/a/span/div/footer/divdiv class=alt div class=mainpSite audits are one of the services that some of our clients have requested from us in the past. While a site audit might be done with a specific objective in mind, there's always a common reason: find, understand, and fix any potential holes or problems that could cause a service outage on the site, or on the server where it is hosted. In some cases, that's the only reason, whereas in other cases the outcome of the audit will inform a more important decision, such as a platform or server move, or a site rebuild, to name a few./p pDepending on the goal of an audit, the things to look at on the site might change a bit: is it a performance audit, a security one, or a general review to check the overall status of the site and the feasibility of keep evolving it in an efficient way? This post covers the details concerning security audits in particular, although some of the practices mentioned here do not belong exclusively to the realm of security, and will be equally needed in other audits. Let's get started./p h2General aspects/h2 pThere are some things that an audit should always cover, as they give a good overview of the site and how well it's been looked after. Some of these aspects are:/p ullistrongGeneral codebase observations/strong: Get an overview of the structure and organisation of modules and custom php scripts (if any). In big projects, where people come and go and different developers get to work on the code, it's not uncommon to see a big mess in custom code, structured without consistent patterns or styleguides. This might not affect security directly, but it might be a sign that not much care has been put into how things are done, and it will surely impact maintenance./li listrongGeneral code inspection/strong: Performed through an IDE or automated tools, to find extensive uses of bad practices in code. Again, this might not necessarily surface any potential security holes, but depending on the tools used, there are cases in which it could actually do so. A good tool for a general review of Drupal modules is the a href=http://drupal.org/project/coderCoder/a module, which can be tuned to look only for problems of a specific nature (e.g: only check Drupal standards)./li listrongSite Audit Script/strong: The a href=https://www.drupal.org/project/site_auditSite Audit/a module is worth a look as well. While it's not the most feature-complete audit tool, it provides useful info about certain areas of a Drupal site, and includes some security checks too./li listrongWatch out for patched modules/strong: The a href=https://www.drupal.org/project/hackedHacked!/a module can help you to easily identify which contributed modules have been altered by developers after the official version was added to the codebase.  It compares the installed version with the official one available in a href=http://www.drupal.orgwww.drupal.org/a, to highlight the differences. If the development team have behaved well, all these patches will be documented in some way in the codebase, so make sure you consider them in more specific audits, in particular for security./li /ulh2 Finding the security holes/h2 pDrupal core is great when it comes to security, and it also encourages module developers to follow good practices when contributing to the community, by providing clear guidelines about a href=https://drupal.org/writing-secure-codehow to write secure code/a. However, considering the low entry barrier of the platform for anyone who has some basic PHP skills, it's not hard to find projects in which some of the standard APIs and guideliness are either overlooked, or bypassed entirely. This opens possible security holes in the system./p pBeing a CMS, the possible security holes of a Drupal site may not lay only in the codebase, but also in how the different modules are configured, often in a too-permissive fashion. Enabling PHP Filter to allow PHP execution from the UI, or a bad configuration of input (text) formats, are just a couple examples of how a bad configuration could be used to breach into the site. You can find more details about this in this page of the a href=https://www.drupal.org/security/secure-configurationAdministration  Security Guide/a./p pIn this article, I'd like to focus a bit more in the possible issues that can be generated at the codebase level. The next list covers the most common vulnerabilities that should be looked for when auditing a Drupal project, and some other aspects to consider. These checks are normally for the custom code. Some details are given next to each vulnerability type, with the common functions or elements that can be used to exploit the vulnerability, or where it might be introduced:/p ul style=list-style-type:disc;li dir=ltr p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongSQL Injection/strong: Make sure n/spano em$_GET /emdata is used without proper sanitisation, specially if it's going to be used in queries to the database. The term is a classic, I know, and it's been used and abused all over the web for a lot of years, but not without cause: it's been less than two years since I came across a vulnerability of this type (don't get excited, you won't find any emname and shame/em in this post). /p ulli p dir=ltrspan style=line-height: 1.6;Check as well for usage of /spanem style=line-height: 1.6;drupal_get_query_parameters()/emspan style=line-height: 1.6;. If not treated safely, data received from there can be as dangerous as /spanem style=line-height: 1.6;$_GET/emspan style=line-height: 1.6;./span/p /li /ul/li li dir=ltr p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongRemote code execution/strong: Make sure /spanem$_POST/em data is being used safely.  Not usually an issue if a href=https://api.drupal.org/api/drupal/developer!topics!forms_api_reference.html/7Drupal Form API/a is used. While not encouraged, it's possible for developers to use em$_POST/em or em$form_state['input'] /emto retrieve user-submitted data. So, when searching for places where this kind of data is used in code, make sure those variable names are included in the search./p ul style=list-style-type:circle;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Pay also attention to custom data stored in the database that is later used for custom logic, but having being previously retrieved through a custom form./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Some functions can be used to exploit vulnerabilities with malicious data captured through any of the methods described. Most of these functions are not too common for small websites, but they can be very dangerous if not used with care, so it's always worth looking for any usages of these in code, and in case you see any of them, ensure they're used safely:/span/p ul style=list-style-type:square;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1eval/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1preg_replace/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1create_function/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1include_once/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1require_once/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1system/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1exec/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1shell_exec/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1pcntl_exec/span/p /li /ul/li /ul/li li dir=ltr p dir=ltrstrongspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1XSS / Persistent XSS/span/strong: Another classic. Check that all user input is sanitised before being output as HTML. See a href=https://www.drupal.org/node/28984Handle text in a secure fashion/a:/p ul style=list-style-type:circle;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1General checks. Make sure these functions or statements are used according to the documentation, and with data sanitised where relevant:/span/p ul style=list-style-type:square;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1print./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1echo./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1l()./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1t()./span/p /li /ul/li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongCustom blocks/strong:/span/p ul style=list-style-type:square;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Make sure anything contained in blocks content is sanitised, since these contents are output as is./span/p /li /ul/li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongOther possibly dangerous Drupal elements/strong:/span/p p These elements are not dangerous as such, but they're used to display HTML contents. The general idea here is: sanitise data before displaying it!/p ul style=list-style-type:square;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1theme(‘placeholder’)./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1drupal_set_title()./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1theme(‘username’)./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Custom forms./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Form API #title and #description/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Form API #markup types./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Review usages of rich text fields in code, and make sure they're always displayed using their appropriate text format./span/p /li /ul/li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Treatment of incoming URL data in usage of HTML attributes. Arguments that might be used in HTML attributes could be encoded in a way that malforms the HTML to ultimately inject Javascript./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Views fields without sanitising (e.g: using the raw” contents from a views template)./span/p /li /ul/li li dir=ltr p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongPrivilege escalation/strong: /span/p ul style=list-style-type:circle;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Do all custom emhook_menu/em functions have access arguments declared?/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Do all custom queries use the emnode_access/em tag where required?/span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Are permissions respected when displaying entities retrieved via emEntityFieldQuery/em?/span/p /li /ul/li li dir=ltr p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongCSRF/strong: Make sure a/spanll custom forms use Drupal's FAPI or confirmation forms / tokens./p /li li dir=ltr p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1strongGeneral configuration/strong: /span/p p These are some of the most common checks to go through when reviewing the site configuration:/p ul style=list-style-type:circle;li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1HTTPS configured correctly./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1PHP filter is disabled./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Access to text formats./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Private files directory is in a secure location outside of webroot./span/p /li li p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Execution of PHP files in subfolders disabled./span/p /li /ul/li li dir=ltr p dir=ltr​span id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Everything else covered in the a href=https://drupal.org/writing-secure-codeçWriting secure code/a page of the Drupal developer handbook./span/p /li li dir=ltr p dir=ltrspan id=docs-internal-guid-3cbe7de2-8a3d-c3db-406d-089a8d6799c1Anything listed in the /spana href=https://www.owasp.org/index.php/Top_10OWASP Top 10/a should be always present in a security audit./p /li /ulp /p pSome of the points listed there are rather uncommon to see these days. However, no matter how unlikely they are, a security vulnerability is always a risk, so as good developers is our duty to, at least, try our best to make sure we follow good practices and don't create holes in the system, or fix them if we find any./p pOnce in the auditor role, there are tools to automate the search for some of the possible issues in code. One example is the a href=https://www.drupal.org/project/security_reviewSecurity Review/a module for Drupal, which makes some checks on a given site (none on the codebase itself) and generates a report highlighting the areas where the configuration should be changed. Taking it a step further, the a href=https://www.drupal.org/project/paranoiaParanoia/a module will automatically make some changes to your site, disabling certain sections or features that could make it insecure./p pSecurity is not a setting, it's a process, and even experts (except Code Enigma sysadmins) make mistakes. The worst mistake one can make about a site is taking its security for granted. /p p /p /div /divaside class=article-list max div class=article-list-item divdiv class=article-list-item-typePage/diva href=/support/page/drupal-security-updates class=article-list-item-linkDrupal Security Updates/a/div /div div class=article-list-item divdiv class=article-list-item-typePage/diva href=/host/secure-drupal-sites class=article-list-item-linkSecure Drupal Hosting/a/div /div div class=article-list-item divdiv class=article-list-item-typeBlog/diva href=/community/blog/meet-yubikey class=article-list-item-linkMeet the YubiKey/a/div /div div class=article-list-item divdiv class=article-list-item-typePage/diva href=/drupal-support class=article-list-item-linkDrupal Support/a/div /div /aside/article /div /div
Categories: Drupal Feeds

Acquia Developer Center Blog: Defining and Altering Routes in Drupal 8

Tue, 03/22/2016 - 8:15am
div class=field field-name-field-blog-image field-type-image field-label-hiddendiv class=field-itemsdiv class=field-item evenimg typeof=foaf:Image src=https://dev.acquia.com/sites/default/files/styles/blog__190_x110_/public/blog/hires580.jpg?itok=B5e3nQFA width=140 height=85 alt=map and routes //div/div/divdiv class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpDrupal's menu system API underwent a large number of significant changes in Drupal 8, just like many other areas in Drupal's newest version. /p pThe way we define what piece of PHP logic should respond to a particular path, e.g. /example, is no longer part of the menu; instead it is now defined via the route system. The menu system - as it should logically - is now used to define how a particular page (a route) fits into the menu system, tabs, and contextual links. Let’s take a quick look at how the familiar tasks of defining and altering such entries have changed./p/div/div/divdiv class=field field-name-field-blog-tags field-type-taxonomy-term-reference field-label-inline clearfixdiv class=field-labelTags:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/tags/acquia-drupal-planet typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=acquia drupal planet/a/div/div/div
Categories: Drupal Feeds

Dries Buytaert: How should you decouple Drupal?

Tue, 03/22/2016 - 5:03am
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpWith a href=https://www.drupal.org/documentation/modules/restRESTful web services in Drupal 8 core/a, Drupal can function as an API-first back end serving browser applications, native applications on mobile devices, in-store displays, even in-flight entertainment systems (Lufthansa is doing so in Drupal 8!), and much more. When building a new website or web application in 2016, you may ask yourself: how should I decouple Drupal? Do I build my website with Drupal's built-in templating layer or do I use a JavaScript framework? Do I need Node.js?/p pThere is a lot of hype around decoupled architectures, so before embarking on a project, it is important to make a balanced analysis. Your choice of architecture has implications on your budget, your team, time to launch, the flexibility for content creators, the ongoing maintenance of your website, and more. In this blog post, I'd like to share a flowchart that can help you decide when to use what technology./p figure class=figure div class=img no-resize style=border: 1px solid #ccc; padding: 4px;display: inline-blockimg src=http://buytaert.net/sites/buytaert.net/files/images/drupal/decoupled-decision-flowchart.jpg style=display:block alt=Decoupled decision flowchart//div figcaption/figcaption /figure pThis flowchart shows three things:/p pFirst, using strongcoupled Drupal/strong is a perfectly valid option for those who don't need extensive client-side rendering and state management. In this case, you would use Drupal's built-in Twig templating system rather than heavily relying on a JavaScript framework. You would use jQuery to take advantage of limited JavaScript where necessary. Also, with a href=http://buytaert.net/bigpipe-no-longer-just-for-the-top-50-websitesBigPipe in Drupal 8.1/a, certain use cases that typically needed asynchronous JavaScript can now be done in PHP without slowing down the page (i.e. communication with an external web service delaying the display of user-specific real-time data). The advantage of this approach is that content marketers are not blocked by front-end developers as they assemble their user experiences, thus shortening time to market and reducing investment in ongoing developer support./p pSecond, if you want all of the benefits of a JavaScript framework without completely bypassing Drupal's HTML generation and all that you get with it, I recommend using strongprogressively decoupled Drupal/strong. With a href=http://buytaert.net/the-future-of-decoupled-drupalprogressive decoupling/a, you start with Drupal's HTML output, and then use a JavaScript framework to add client-side interactivity on the client side. One of the most visited sites in the world, a href=https://weather.comThe Weather Channel/a (100 million unique visitors per month), does precisely this with Angular 1 layered on top of Drupal 7. In this case, you can enjoy the benefits of having a “decoupled team made up of both Drupal and JavaScript developers progressing at their own velocities. JavaScript developers can build richly interactive experiences while leaving content marketers free to assemble those experiences without needing a developer's involvement./p pThird, whereas strongfully decoupled Drupal/strong makes a lot of sense when building native applications, for most websites, the leap to fully decoupling is not strictly necessary, though a growing number of people prefer using JavaScript these days. Advantages include some level of independence on the underlying CMS, the ability to tap into a rich toolset around JavaScript (e.g. Babel, Webpack, etc.) and a community of JavaScript front-end professionals. But if you are using a universal JavaScript approach with Drupal, it's also important to consider the drawbacks: you need to ask yourself if you're ready to add more complexity to your technology stack and possibly forgo functionality provided by a more integrated content delivery system, such as layout and display management, user interface localization, a href=http://buytaert.net/the-future-of-decoupled-drupaland more/a. Losing that functionality can be costly, increase your dependence on a developer team, and hinder the end-to-end content assembly experience your marketing team expects, among other things./p pIt's worth noting that over time we are likely to see better integrations between Drupal and the different JavaScript frameworks (e.g. Drupal modules that export their configuration, and SDKs for different JavaScript frameworks that use that configuration on the client-side). When those integrations mature, I expect more people will move towards fully decoupled Drupal./p pTo be performant, fully decoupled websites using JavaScript a href=http://buytaert.net/a-history-of-javascript-across-the-stackemploy Node.js on the server to improve initial performance/a, but in the case of Drupal this is not necessary, as Drupal can do the server-side pre-rendering for you. Many JavaScript developers opt to use Node.js for the convenience of shared rendering across server and client rather than for the specific things that Node.js excels in, like real-time push, concurrent connections, and bidirectional client-server communication. In other words, most Drupal websites don't need Node.js./p figure class=figure div class=img no-resize style=border: 1px solid #ccc; padding: 4px;display: inline-blockimg src=http://buytaert.net/sites/buytaert.net/files/images/drupal/decoupled-delivery-architectures.jpg style=display:block alt=Decoupled delivery architectures//div figcaption/figcaption /figure pIn practice, I believe many organizations want to use all of these content delivery options. In certain cases, you want to let your content management system render the experience so you can take full advantage of its features with minimal or no development effort (coupled architecture). But when you need to build a website that needs a much more interactive experience or that integrates with unique devices (i.e. on in-store touch screens), you should be able to use that same content management system's content API (decoupled architecture). Fortunately, Drupal allows you to use either. The beauty of choosing from the spectrum of fully decoupled Drupal, progressively decoupled Drupal, and coupled Drupal is that you can do what makes the most sense in each situation./p pemSpecial thanks to a href=https://www.drupal.org/u/prestonsoPreston So/a, a href=https://www.drupal.org/u/effulgentsiaAlex Bronstein/a and a href=https://www.drupal.org/u/wim-leersWim Leers/a for contributions to this blog post. We created at least 10 versions of this flowchart before settling on this one./em/p/div/div/div
Categories: Drupal Feeds

TimOnWeb.com: Happy birthday to me and Devel form debug module to you all

Mon, 03/21/2016 - 11:26pm
divIrsquo;m turning strong32/strong today. People love birthdays, to me itrsquo;s just another line numbernbsp;in a messed stack trace output (philosophy mode enabled)./div divnbsp;/div divTwo years ago I released a drupal module called Get form id em(deprecated from now on)/em that does one small tasknbsp;- it tells you any form#39;s id .../div pa href=http://timonweb.com/posts/happy-birthday-to-me-and-devel-form-debug-module-to-you-all/ class=btnRead now/a/p
Categories: Drupal Feeds

2bits: Installing and Configuring Redis for Drupal 7, and other Memcached Alternatives

Mon, 03/21/2016 - 10:15pm
div class=field field-name-body field-type-text-with-summary field-label-hidden view-mode-rssdiv class=field-itemsdiv class=field-item evenpFor years, we have been using and recommending a href=http://memcached.org/memcached/a for Drupal sites as its caching layer, and we wrote several articles on it, for example: a href=/articles/configuring-drupal-with-multiple-bins-memcached.htmlconfiguring Drupal with multiple bins in memcached/a./p pMemcached has the advantage of replacing core caching (which uses the database) with memory caching. It still allows modules that have hook_boot() and hook_exit() to work, unlike external cache layers such as a href=/articles/installing-varnish-3x-ubuntu-server-1204-lts-and-using-munin-monitor-it.htmlVarnish/a./p pHowever, memcached has its limitations: It is by definition btransient/b, so rebooting wipes out the cache, and the server can suffer if it has high traffic. It is also entirely bmemory resident/b, so to cache more items you need more RAM, which is not suitable for small servers./p pFor Drupal 7, there is a solution that does avoids this first limitation: a href=http://redis.io/Redis/a. It provides a href=http://redis.io/topics/persistencepersistence/a, but not the second./p pThe following is a detailed guide to get Redis installed and configured for your server. It assumes that you are an Ubuntu Server 14.04, or the equivalent Debian release./p h2Installing Redis/h2 pFirst, download the a href=https://www.drupal.org/project/redisDrupal redis module/a, which should go to sites/all/modules/contrib. You can do that in many ways, here is how you would use a href=http://www.drush.org/en/master/Drush/a for that:/p div class=codeblockcodedrush @live dl redis/code/div pYou do not need to enable any Redis modules in Drupal./p pThen, install the Redis Server itself. On Debian/Ubuntu you can do the following. On CentOS/RedHat, you should use yum./p div class=codeblockcodeaptitude install redis-server/code/div pThen, install PHP's Redis integration. Once you do that, you do not need to compile from source, or anything like that, as mentioned in Redis README.txt file./p div class=codeblockcodeaptitude install php5-redis/code/div pRestart PHP, so it loads the Redis integration layer.br / This assumes you are using a href=/articles/high-performance-drupal-with-apache-mpm-worker-threaded-server-and-php-fpm.htmlPHP FPM/a:/p div class=codeblockcodeservice php5-fpm restart/code/div pIf you are using PHP as an Apache module, then you need to restart it as follows:/p div class=codeblockcodeservice apache2 restart/code/div h2Configuring Redis/h2 pThen in your settings.php file, you should replace the section for memcache which would be as follows:/p div class=codeblockcode$conf['cache_backends'][] = './sites/all/modules/contrib/memcache/memcache.inc';br /$conf['cache_default_class'] = 'MemCacheDrupal';br /$conf['memcache_servers'] = array('' =gt; 'default');br /$conf['memcache_key_prefix'] = 'site1';/code/div pAnd replace it with the following configuration lines:/p div class=codeblockcode// Redis settingsbr /$conf['redis_client_interface'] = 'PhpRedis';br /$conf['redis_client_host'] = '';br /$conf['lock_inc'] = 'sites/all/modules/contrib/redis/redis.lock.inc';br /$conf['path_inc'] = 'sites/all/modules/contrib/redis/redis.path.inc';br /$conf['cache_backends'][] = 'sites/all/modules/contrib/redis/redis.autoload.inc';br /$conf['cache_default_class'] = 'Redis_Cache';br /// For multisite, you must use a unique prefix for each sitebr /$conf['cache_prefix'] = 'site1';/code/div h2Cleaning Up/h2 pOnce you do that, caching will start using redis. Memcached is not needed, so you should stop the daemon:/p div class=codeblockcodeservice memcached stop/code/div pAnd you should purge memcached as well:/p div class=codeblockcodeaptitude purge memcached/code/div pAnd that is all there is to it. /p h2Changing Redis Configuration/h2 pYou can then review the /etc/redis/redis.conf file to see if you should tweak parameters more, such as changing maxmemory to limit it to a certain amount, as follows:/p div class=codeblockcodemaxmemory 256mb/code/div pMore below on this specific value./p h2Checking That Redis Is Working/h2 pTo check that Redis is working, you can inspect that keys are being cached. For this, you can use the redis-cli tool. This tool can be used interactively, as in, you get a prompt and type commands in it, and results are returned. Or you can use the specific command as an argument to redis-cli./p pFor example, this command filters on a specific cache bin, the cache_bootstrap one:/p div class=codeblockcode$ redis-clibr /; keys *cache_boot*/code/div pOr you can type it as:/p div class=codeblockcode$ redis-cli keys *cache_boot*/code/div pIn either case, if Drupal is caching correctly, you should see output like this:/p div class=codeblockcode 1) site1:cache_bootstrap:lookup_cachebr / 2) site2:cache_bootstrap:system_listbr / 3) site3:cache_bootstrap:system_listbr / 4) site3:cache_bootstrap:hook_infobr / 5) site2:cache_bootstrap:variablesbr /.../code/div pAs you can see, the key structure is simple, it is composed of the following components, separated by a colon:/p ulliCache Prefixbr / This is the site name in a multi site environment./li liCache Binbr / This is the cache table name when using the default database caching in Drupal./li liCache Keybr / This is the unique name for the cached item. For cached pages, the URL is used, with the protocol (http or https) and the host/domain name./li /ulpYou can also filter by site, using the cache_prefix:/p div class=codeblockcode$ redis-cli keys *site1:cache_page*/code/div pThe output will be something like this:/p div class=codeblockcode1) site1:cache_page:http://example.com/node/1br /2) site1:cache_page:http://example.com/contact_usbr /.../code/div pYou can also check how many items are cached in the database:/p div class=codeblockcode$ redis-cli dbsize/code/div pThe output will be the number of items:/p div class=codeblockcode(integer) 20344/code/div h2Flushing The Cache/h2 pIf you need to clear the cache, you can do:/p div class=codeblockcode$ redis-cli flushall/code/div h2Checking Time To Live (TTL) For A Key/h2 pYou can also check how long does a specific item stay in cache, in seconds remaining:/p div class=codeblockcode$ redis-cli ttl site1:cache_page:http://example.com//code/div pThe output will be the number of seconds:/p div class=codeblockcode(integer) 586/code/div h2Getting Redis Info/h2 pYou can get a lot of statistics and other information about how Redis is doing, by using the info command:/p div class=codeblockcode$ redis-cli info/code/div pYou can check the full documentation for the a href=http://redis.io/commands/infoinfo command/a./p pBut here is one of the important values to keep an eye on is bused_memory_peak_human/b, which tells you the maximum memory that was used given your site's specifics, such as the number of items cached, the rate of caching, the size of each item, ...etc. /p div class=codeblockcodeused_memory_peak_human:256.25/code/div pYou can use that value to tune the maxmemory parameter, as above./p pYou can decrease the bMinimum Cache Lifetime/b under i/admin/config/development/performance/i to make the available memory fit that number, or the other way around: you can allocate more memory to fit more./p h2Monitoring Redis Operations In Real Time/h2 pAnd finally, here is a command that would show you all the operations that are being done on Redis in real time. Do bnot/b try this on a high traffic site!/p div class=codeblockcode$ redis-cli monitor/code/div h2Performance Results/h2 pRedis performance as a page cache for Drupal is quite good, with Time To First Byte (TTFB) is ~ 95 to 105 milliseconds. /p h2Alternatives To Redis and Memcached/h2 pWe did fairly extensive research for Redis and Memcached alternatives with the following criteria:/p ullibCompatible With Redis or Memcached Protocol/bbr / We wanted to use the same PHP extension and Drupal Redis (or Memcached) modules, and not have to write and test yet another caching module. /li libNon-Memory Resident Storage/bbr / We want to reduce the memory foot print of Redis/Memcached, because they both store the entire key/value combinations in memory. But still wanted to get acceptable performance. /li /ulpThe following products all claim to meet the above criteria, but none of them worked for us. They were tested on Ubuntu LTS 14.04 64-bit:/p h3MongoDB/h3 pUsing a href=http://mongodb.orglt;/agt; as a page cache layer for Drupal is feasible, but there is a performance penalty for it. See our lt;a href=MongoDB/a article for more details./p h3MemcacheDB/h3 pa href=http://memcachedb.org/MemcacheDB/a is a Memcached compatible server which used the excellent Berkeley DB database for storage. /p pThis a href=http://memcachedb.org/memcachedb-guide-1.0.pdfMemcacheDB presentation/a explains what it does in detail. /p pIt has an a href=http://packages.ubuntu.com/trusty/memcachedbUbuntu package/a right in the repository, so no need to compile from source, or manually configure it. It works flawlessly. The -N option enable the DB_TXN_NOSYNC option, which means writes to the database are asynchronous, providing a huge performance improvement./p pConfiguration in Drupal's settings.php is very easy: it is exactly like Memcached, with only the port number changing, from 11211 to 21201. /p pAlas, all is not rosy: it is not really a cache layer, since it does not expire keys/values based on time, like Memcached and Redis does. /p h3Redis NDS/h3 pa href=https://github.com/mpalmer/redis/tree/nds-2.6Redis-NDS/a is a fork of Redis 2.6, patched for NDS (Naive Disk Store). /p pIt does compile and run, but when the line: 'nds yes' is added to the configuration file, it is rejected as an invalid value. Looking briefly in the source, we also tried 'nds_enabled yes', but that was rejected as well. So we could not get it to run in NDS mode./p h3ARDB/h3 pa href=https://github.com/yinqiwen/ardbARDB/a is another NoSQL database that aims to be Redis protocol compatible. /p pWe compiled this with three different storage engines: The Facebook RocksDB did not compile to begin with. Google's LevelDB compiled cleanly, and so did WiredTiger. But when trying to connect Drupal to it, Drupal hanged and never came back with both engines. /p h3SSDB/h3 pa href=http://ssdb.io/docs/index.htmlSSDB/a is also another NoSQL database that tries to be Redis protocol compatible. /p pIt compiled cleanly, but had the same symptom as ARDB: Drupal hangs and never receives back a reply from SSDB. /p pThere are a couple of sandbox projects, a href=https://www.drupal.org/sandbox/ssdb/2167835here/a and a href=https://www.drupal.org/sandbox/cezaryrk/2170559here/a, that aim for native integration, but no code has been committed so far in two years./p pIf you were able to get any of the above, or another Redis/Memcached compatible caching engine working, please post a comment below./p h2Resources/h2 ulliA useful article on a href=http://oldblog.antirez.com/post/redis-persistence-demystified.htmlRedis persistence/a. Make sure you read this in conjunction with Redis' own documentation on a href=http://redis.io/topics/persistencepresistence/a./li liRedis documentation on a href=http://redis.io/topics/memory-optimizationmemory optimization/a./li liThe Pantheon a href=https://pantheon.io/docs/redis/Redis instructions/a are useful, even though they are specific to their hosted service./li /ul/div/div/divsection class=field field-name-taxonomy-vocabulary-2 field-type-taxonomy-term-reference field-label-above view-mode-rssh2 class=field-labelTags:nbsp;/h2ul class=field-itemsli class=field-item evena href=/tags/redisRedis/a/lili class=field-item odda href=/tags/cachingCaching/a/lili class=field-item evena href=/tags/memcachememcache/a/lili class=field-item odda href=/tags/memcachedmemcached/a/lili class=field-item evena href=/tags/memcachedbMemcacheDB/a/lili class=field-item odda href=/tags/ardbARDB/a/lili class=field-item evena href=/tags/ssdbSSDB/a/lili class=field-item odda href=/tags/redis-ndsRedis NDS/a/lili class=field-item evena href=/tags/drupalDrupal/a/lili class=field-item odda href=/tags/drupal-planetDrupal Planet/a/lili class=field-item evena href=/tags/mongodbMongoDB/a/li/ul/sectionsection class=field field-name-taxonomy-vocabulary-1 field-type-taxonomy-term-reference field-label-above view-mode-rssh2 class=field-labelContents:nbsp;/h2ul class=field-itemsli class=field-item evena href=/contents/articlesArticles/a/li/ul/section
Categories: Drupal Feeds

2bits: MongoDB as a caching solution for Drupal 7

Mon, 03/21/2016 - 10:05pm
div class=field field-name-body field-type-text-with-summary field-label-hidden view-mode-rssdiv class=field-itemsdiv class=field-item evenpa href=http://www.mongodb.org/MongoDB/a is a NoSQL database that has a href=https://www.drupal.org/project/mongodbDrupal integration/a for various scenarios. /p pOne of these scenarios is using MongoDB as the caching layer for Drupal. /p pThis article describes what is needed to get MongoDB working as a caching layer for your Drupal site. We assume that you have an Ubuntu Server LTS 14.04 or similar Debian derived distro./p h2Download The Drupal Module/h2 pFirst, download the MongoDB Drupal module. You do not need to enable any MongoDB modules./p div class=codeblockcodedrush @live dl mongodb/code/div h2Install MongoDB Server, Tools and PHP Integration/h2 pThen install MongoDB, and PHP's MongoDB integration. Note that 'mongodb' is a virtual package that installs the mongodb-server package as well as other client tools and utilities:/p div class=codeblockcodeaptitude install php5-mongo mongodb/code/div h2Restart PHP/h2 pRestart PHP, so that MongoDB integration takes effect:/p div class=codeblockcodeservice php5-fpm restart/code/div h2Configure Drupal With MongoDB/h2 pNow, edit your settings.php file, to add the following:/p div class=codeblockcode$conf['mongodb_connections']['default']['host'] = 'mongodb://';br /$conf['mongodb_connections']['default']['db'] = 'site1';br /$conf['cache_backends'][] = 'sites/all/modules/contrib/mongodb/mongodb_cache/mongodb_cache.inc';br /$conf['cache_default_class'] = 'DrupalMongoDBCache';/code/div pNote, that if you have multisite, then using a different 'db' for different sites will prevent cache collision./p h2Monitoring MongoDB/h2 pYou can monitor MongoDB using the following commands./p div class=codeblockcodemongotop -vbr /mongostat 15/code/div h2Tuning MongoDB/h2 pTurn off MongoDB's journaling, since we are using MongoDB for transient cache data that can be recreated from Drupal./p pEdit the file i/etc/mongodb.conf/i and change ijournal=/i to ifalse/i./p h2Performance Results/h2 pQuick testing on a live site showed that MongoDB performance is acceptable, but not spectacular. That is specially true when compared to other memory resident caching, such as Memcached or a href=/articles/installing-configuring-redis-drupal-7-other-memcached-alternatives.htmlRedis/a./p pFor example, on the same site and server, with Redis, Time To First Byte (TTFB) is ~ 95 to 105 milliseconds. With MongoDB it is ~ 200, but also goes up to ~350 milliseconds. /p pStill, MongoDB can be a solution in memory constrained environments, such as smallish VPS's./p /div/div/divsection class=field field-name-taxonomy-vocabulary-2 field-type-taxonomy-term-reference field-label-above view-mode-rssh2 class=field-labelTags:nbsp;/h2ul class=field-itemsli class=field-item evena href=/tags/drupal-planetDrupal Planet/a/lili class=field-item odda href=/tags/mongodbMongoDB/a/lili class=field-item evena href=/tags/cachingCaching/a/lili class=field-item odda href=/tags/memcachememcache/a/li/ul/sectionsection class=field field-name-taxonomy-vocabulary-1 field-type-taxonomy-term-reference field-label-above view-mode-rssh2 class=field-labelContents:nbsp;/h2ul class=field-itemsli class=field-item evena href=/contents/articlesArticles/a/li/ul/section
Categories: Drupal Feeds