Skip to Content

Planet Drupal

Syndicate content - aggregated feeds in category Planet Drupal
Updated: 12 hours 30 min ago

DrupalOnWindows: Database Transactions in Drupal

13 June 2015 - 10:00pm
Language English

This article is not what about transactions are, but the particularities of its implementation in Drupal.

Drupal database abstraction layer has the ability to handle transactions and nested transactions.

It uses the PDO transaction capabilities to start/commit/rollback the higher level transaction in the scope, and database specific functions such as SAVENPOINT to handle the nested transactions.

Transactions in Drupal are quite a mess to use:

More articles...
Categories: Drupal

Drupal core announcements: Drupal core security release window on Wednesday, June 17

12 June 2015 - 3:30pm
Start:  2015-06-17 (All day) America/New_York Online meeting (eg. IRC meeting) Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, June 17.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix/feature release on this date; the next window for a Drupal core bug fix/feature release is Wednesday, July 1.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Drupal

Open Source Training: Easily Apply Drupal Patches with Patch Manager

12 June 2015 - 12:56pm

Have you ever updated your Drupal site only to suddenly have errors?

If you use Drupal regularly, this will happen to you at some point. However, one of the good things about using Drupal is there are so many other users that someone else may well have found and solved the error.

One common way to solve an error is with a patch. A patch changes the code on your site, but only by editing a file rather than providing a complete update.

Many of the available instructions for applying patches ask you to use an application called Git and to use command line instructions. These instructions can be intimidating, so we're going to show you how non-coders can safely and effectively apply patches.

Categories: Drupal

LightSky: LightSky is Seeking a Senior Ruby on Rails Developer / Drupal Developer

12 June 2015 - 12:20pm

LightSky is seeking a Senior Ruby on Rails Developer.

About the job

Categories: Drupal

Drupal Watchdog: Yubikey NEO and a Better Password Manager: pass

12 June 2015 - 9:52am
Supergenpass and its Problems

For a very long time I have been using supergenpass as my primary password “manager”. It started as a simple bookmarklet and evolved into browser extensions and mobile apps. Taking a primary password and the domain name, it creates a password unique to the domain. There are a number of problems with this: if the master password gets compromised, all your passwords are compromised even the ones you will only create in the future. The created password is not flexible: some systems have nonsensical and ill-advised limitations on what the password must contain. It’s not easy to change your password every few months if you want to since it’d involve changing the master password. Also, since it’s domain dependent, logging into with your password or with your password is slightly problematic/annoying. One Shall Pass iterates on this idea and adds a “generation” parameter so you can easily change your password but then you need to remember what generation were you using for a site...

And it’s only a password, it’s not a storage, so it can’t help with PIN codes or security questions and answers which is necessary because you should never use real answers to those questions as they are too easy to social engineer. When asked about your childhood address, use something like “That red van down by the river” or something similar but if you want to put in a different one for every site, you need to store your answers.

Other Solutions

Many use solutions like Lastpass, but I find them entirely unacceptable as they are black boxes and you have no control over your own data. In my world view anything interacting with my passwords must be open source. Also, it creates a huge “single point of failure” in your digital life -- if your cloud-based password manager goes down you can’t log into anything. Something like KeePassX or Kwallet is slightly better but there you have another problem: the master password. It obviously needs to be strong, but that means it’s cumbersome to type in all the time so you will have some long timeout between password prompts and then compromising your machine means compromising all your passwords in one go.

Pass and the NEO

I’ve found a program called pass “the standard unix password manager”. In fact, it’s just a friendly wrapper around GPG encoded files (GPG really needs more friendly UIs). One file per domain is the recommended way to organize your files. Pass can copy the first line of the file to the clipboard so it is recommended to put the password there and use the rest of the file for other data. By itself it’s not much stronger than KeePassX or similar: you have the gpg-agent keeping your private key open (much like ssh-agent). But then there is the Yubikey NEO (and the NEO-n) which can store a GPG key. Now you only present your private key when it’s needed for decryption. Also, since the private key can not be exported from the NEO, a simple (easy to remember and enter) PIN is adequate as it is impossible to brute force the PIN as the device will lock after a few tries.

The Worst Case

Even in the worst case where an attacker can execute arbitrary commands on your computer the pass-NEO combo is not defeated immediately: again, the NEO does not support exporting the key so each password file would need to be sent to the NEO for decryption. However, it is only present very briefly -- just when you log in. So it will take time for the attacker to walk away with every password you have and in such a catastrophic event every small hindrance might matter. (The really worst case is a machine compromised in this fashion and then the attacker physically stealing your YubiKey later. Our only advice for this case: try not to cross any three letter agencies.)

The Various Modes of the NEO One Time Password (OTP)

The NEO can operate in a number of modes: it can provide a one time password (OTP) which is not particularly useful because the server would need to implement the YubiKey API for this to be useful and few websites do.

Universal Two Factor (U2F)

The U2F mode implements an up-and-coming standard which -- as these standards usually do -- won’t be ubiquitous any time soon. Where it is implemented, it prevents both phishing and spear-phishing attacks.

Chip Card Interface Device (CCID)

Finally, it can emulate a smartcard reader and the smartcard both, this is called the CCID mode. It is capable of emulating the removal of the smartcard as well which is very useful for the “worst case” described above. YubiKey calls this the “eject” mode: one touch of the device “inserts” the smartcard, another “ejects” it. It is even capable of triggering an “eject” automatically a few seconds after the “insert”. How long it should wait for the automated eject is configurable.

Setting up Eject Mode GUI to Read the Warnings

There are no less than three utilities provided for mode switching. The GUI, called neoman is useless for us: it is not capable of switching on eject mode at all. Experimenting with it, however, shows a very useful warning: after switching modes you need to remove the device and plug it back. No other utility shows this warning. For this reason, if you are setting up a NEO-n I recommend using a simple USB extension cord to make it (much) easier to unplug and replug.

ykpersonalize to Set

The ykpersonalize utility can set eject mode and also can set the automated timeout. To do this, run ykpersonalize -m81:12:1 where 81 is the mode for eject, the middle number belongs to a mode we do not use (can not use alongside eject, in fact) and the last 1 means one second automated timeout. Once you’ve run this command, do not forget to unplug and replug. After that, ykpersonalize no longer recognizes the NEO. If you run pscc_scan you will get

Reader 0: Yubico Yubikey NEO CCID 00 00 Card state: Card removed, Exclusive Mode

And touching the device will switch on the LED and make pcsc_scan show the card “inserted” (press Ctrl+C to exit pcsc_scan). After one second the LED switches off and pcsc_scan now reports the card removed. If you do not get these results from pcsc_scan, make sure you have pcscd running.

ykneomngr to Reset

If you want to change the eject timeout then you need to run the third utility provided with the NEO, ykneomgr. Even this won’t be able to read the status of your device, but it will be able to reset to a mode where ykpersonalize can work again. Since this requires the device to be “present” and we set up a very short timeout, it’s recommended to run this in an infinite loop: until ykneomgr -M0 2&> /dev/null ; do sleep 0.1 ; done then touch the NEO. Once reset to mode 0, don’t forget to unplug and replug, and then you can set a different timeout if you want or completely without an automated timeout even with ykpersonalize -m81.

Now that’s sorted, we can turn to creating GPG keys, subkeys and installing them into the NEO/NEO-n. This process I won’t cover because it’s extensively covered elsewhere.

Using it All

After all this setup, the usage is fairly simple:

On Mobile

This combo works with Android as well: the NEO is NFC compatible and there is an Android version of pass which uses OpenKeyChain (the rough equivalent of gpg-agent for Android) to communicate with the NEO.

On Desktop

I’ve written a little script to make my life easier: first it waits for an URL to appear on the clipboard, then it’ll wait for a Yubikey and call pass with the domain extracted from the URL. Since there is an extension for copying URLs from Chrome and I have a NEO-n the login process becomes this: click the URL copy button in the addressbar (or press Ctrl-L Ctrl-C or F6 Ctrl-C), touch the NEO-n, wait for the notification and paste the password. Without this script, the one second auto timeout recommended in the setup section is not viable. Although certainly not as simple as the Supergenpass extension, it’s still pretty easy and incomparably more secure.

Categories: Drupal

Sooper Drupal Themes: What's your opinion on "premium Drupal modules"

12 June 2015 - 9:45am

We had this discussion 4 years ago. Why bring it up again now? Because several big codecanyon projects are coming to Drupal soon and I think it will have an impact. One of them is Slider Revolution. Slider Revolution is an "All-purpose Slide Displaying Solution that allows for showing almost any kind of content with highly customizable transitions, effects and custom animations". With nearly 60.000 sales at 18 USD it's the second most popular Wordpress plugin on codecanyon. The number of sites using this module is much greater because hundreds of premium Wordpress themes ship with the slider built into the theme. Some of these themes like Avada (140.000 sales) are widespread and amplify the impact of paid plugins in Wordpress.

To refresh our memories here are some quotes from 2011:

the DrupalAppStore that killed drupal

MortenDK, thing that open source doesn't do a good job with: building teams of people with complementary skills to make sure that the software is a good experience for the customer. Why? Because there is no customer. Oh sure, hundreds of thousands of people use my software and they consider themselves customers, but ultimately they are not. Why? The definition of a customer involves, among other things, providing a revenue stream.

Earl Miles (merlinofchaos),

The pay-per-copy business model just doesn't work very well, practically, unless you have the completely artificial system of copyright restrictions to prop it up. (Physical objects have a natural scarcity that makes pay-per-copy vastly more practical.) When you're dealing with copyleft software, it works even more poorly.

Larry Garfield,

Sometimes I keep wondering why on almost every drupaller comment I read on the net is against making money on selling modules but it is OK to sell themes?

If themer can get away / circumvent GPL by licensing their css/images/js in different license than GPL why can't module developer create a separate php class api that doesn't touch any of drupal api and license it with commercial license?

Jason Xie,

With respect to the question "How" this last commenter was on to something. Large projects on CodeCanyon protect themselves against redistribution by having a functional code library that can work independently from the CMS integration. If there is any open source lawyer reading this I would love to hear comments on GPL compatibility of this structure.

My opinion

As a (premium) Drupal themes developer I have a special interest in development of these plugins: they provide great value to clients of my premium theme. For only around 100 USD I can buy an extended license for a module that cost the developer hundreds of man-hours to develop. By including several plugins into my theme that cost 20 USD per plugin, my theme which costs 48 USD is instantly more valuable to end-users. In general I have a positive attitude to CodeCanyon developers joining the Drupal modules. However, there will be some modules that are good for Drupal and others that could be bad for the Drupal ecosystem. 

For example, me and several other Drupal developers have been working on improving Bootstrap+Views integration through the views_bootstrap module: In the meantime, some guy on CodeCanyon seems to have all our problems figured out already and he is selling a very sleek Views+Bootstrap module on CodeCanyon. The code he sells is all Drupal-integrated programming. As far as I understand GPL this means that all his code is also GPL. So what can we do, is it legal to copy his code into the views_bootstrap module? Is it compliant with the rules and code of conduct on Is it morally OK?


Tags planet drupal app store premium modules premium themes Drupal 7.x
Categories: Drupal

OpenLucius: 13 new kick-ass features | Drupal distro OpenLucius updated

12 June 2015 - 4:26am

It has been quiet for a few weeks around our Drupal distro OpenLucius, but this has its reason. We have worked hard on the first 'Release Candidate'. And we could not resist to implement new features. These new features have been developed with the feedback of the now thousands of OpenLucius users.

So team and project management has been made even easier! :-D

The 13 new features and improvements:

Categories: Drupal

Open Source Training: How to Add a Slider Search to Drupal

11 June 2015 - 5:18pm

One of our customers was setting up a Drupal Commerce site and wanted to add a slider search.

Here's an example of a slider search in action:

There are a lot of steps involved in this process, but it's worth the effort. This tutorial will use the default search, without relying on Apache Solr or alternatives.

Categories: Drupal

DrupalCon News: Book Your Hotel Room Today!

11 June 2015 - 5:10pm

Have you reserved your room at the Barcelona Princess yet? It’s the preferred hotel for all DrupalCon Barcelona attendees, and we’ve negotiated some great rates for our Drupal friends.

Categories: Drupal

Red Crackle: 15 minutes to your first Drupal integration test

11 June 2015 - 1:52pm
This post will help you write and run your first Drupal integration test in less than 15 minutes. By end of this post, you will be able to write an automated test to make sure that superuser is able to create two pieces of content, one published and the other unpublished. We'll test that anonymous user is able to view the published content and is not able to view the unpublished content. You can follow along these steps on any Unix or Mac machine and have automated tests running in a matter of minutes.
Categories: Drupal

Drupal core announcements: DrupalCI: It's coming!

11 June 2015 - 11:25am

DrupalCI is the next-generation version of our beloved testbot. The MVP ("minimum viable product") is coming soon (rolled out in parallel with the old testbot for awhile).

Here's a sneak peak at what it'll look like and some of its new capabilities:

Categories: Drupal

Drupal core announcements: D8 Accelerate critical issue sprint in London, UK, July 2-8

11 June 2015 - 10:08am
Start:  2015-07-02 09:00 - 2015-07-08 18:00 UTC Sprint Organizers:  xjm Sprint toward a Drupal 8 release candidate

As of this writing, 22 known critical issues block a Drupal 8 release candidate. It's time to close that gap.

The D8 Accelerate program is sponsoring a critical issue sprint in London, UK, from Thursday, July 2 to Wednesday, July 8. The sprint will be hosted by UK company and Drupal Association member BrightLemon at Unit 12, Zeus House 16-30 Provost Street London, N1 7NG United Kingdom.

Space is limited but we welcome your help!

This sprint will be focused exclusively on resolving critical issues in Drupal 8. Confirmed attendees so far include alexpott, amateescu, Berdir, dawehner, pfrenssen, plach, xjm, Wim Leers, and znerol. If you can help resolve the remaining critical issues, we'd love to collaborate with you as well! Space is limited, so contact xjm if you are interested in signing up for the sprint.

Remote collaboration is also welcome; join us in #drupal-contribute during the sprint. If you can't make this sprint, you can help on Drupal 8 criticals in the issue queue now or at one of the other upcoming Drupal 8 sprints, or help by triaging major issues.

Let's get Drupal 8 done!

Categories: Drupal

Drupal Association News: Wunderkraut Breaks Ground as Drupal's First Signature Partner

11 June 2015 - 9:32am

The Drupal Association is excited to announce that Wunderkraut, a full service European agency and longtime supporter of the Drupal project, is now our first Signature Supporting Partner. A Supporting Partner since March 2014, Wunderkraut's latest contribution deepens its commitment to advancing the Drupal project and empowering the Drupal community.

"Drupal’s community is amazing. We’re very proud to be a part of it," said Wunderkraut CEO Vesa Palmu. "We're an established provider of Drupal services, and enjoy contributing to the Drupal ecosystem however we can, whether through camps or sponsored events, and especially when we can be quirky and fun! This passion is why we're now a Signature Partner—to strengthen our commitment to growing this community and project we love."

The Supporting Partner Program includes more than 60 companies from around the world. All of the funding from the program goes directly to support maintenance and enhancements for Program contributions have funded many initiatives, such as

  • Advancements in security
  • Improved development environments
  • User-friendly content strategy and design

Partners enjoy enhanced promotional services from the Drupal Association, such as brand visibility on, select access at premier events like DrupalCon, and increased publicity via various online social platforms. For their elevated contributions to the program, Signature Partners will receive upgraded promotional services.

"I’m absolutely thrilled that Wunderkraut is joining us as the first Signature Supporting Partner," said Drupal Association Executive Director Holly Ross. "Their support for the Association and the project is, and has always been, top-notch. This is another great expression of how much Wunderkraut believes in the incredible work our community does."

To join Wunderkraut as one of the Drupal Association's contributing partners, start by learning more about the Supporting Partner Program.

And to join us in thanking Wunderkraut for its partnership, we encourage you to send this pre-populated tweet, or to say thanks in the comments for their blog post.

Categories: Drupal

Mediacurrent: State of the Panels Union

11 June 2015 - 8:22am

One of the most loved display architectures available for Drupal, the Panels module and its many related projects have come a long way from rather humble beginnings as a customizable dashboard for Drupal 4. Today they stand to be a testament to the power and flexibility of the Drupal platform. At DrupalCon LA I was joined by several other contributors, as we give an update to where the modules are right now, along with some insight into our plans for Drupal 8.

Categories: Drupal

Drupal Watchdog: HTML + CSS + JavaScript = Mobile Web App

11 June 2015 - 8:08am

If you're a web developer, perhaps you've heard of this newfangeldy “mobile” concept that's been sweeping the world. And perhaps you've even gone so far as reading a tutorial or two on how to create mobile applications. If so, you've seen that you get the delightful choice between Objective C and Swift (iOS), or Java (Android), all of which renders your hard-fought HTML, CSS, and JavaScript knowledge moot.

But, lo! There is hope!

If you're someone for whom writing code in web parlance is a piece of cake (or at least more doable than C/Java), this article will explain how you can use the knowledge you already possess in order to create mobile applications using the following three ingredients:

  • jQuery Mobile, an HTML5-based framework for developing web-based mobile applications.
  • Drupal 8's Web Services modules, which provide read and write access to Drupal's content for use in your application.
  • Adobe PhoneGap, which packages web-based applications as mobile apps for use on platforms such as iOS and Android.

Let's get started!

About Our App

First, when developing mobile applications, it's customary to give some thought to the flow of the user interactions. Here are some basic wireframes:

Figure 1: The two main screens of our mobile application: list and view.

The idea of our app is simple: display a list of nodes from the front page of a Drupal 8 site, and provide a links view for the content. Drupal 8’s web services can also edit and delete content, but we'll stick to view, both for article space constraints and to avoid some bugs that are still present in Drupal 8's alpha releases.

Categories: Drupal

DrupalCon News: Session Submission Recap for DrupalCon Barcelona

11 June 2015 - 6:41am
Putting on a DrupalCon is a huge enterprise, and it wouldn’t happen without help from our amazing community. While our end goal is always that our guests have a great time at the convention, much of a Con’s success depends on the amazing men and women who step up to give sessions and lead training programs.   
Categories: Drupal

Acquia: Migrating Content to Drupal: The Weather Channel

11 June 2015 - 6:31am

One of the major challenges facing every digital publisher is making sure its content will display properly up on every possible venue: desktop, tablet, and phone of course, but also in web services, and on the emerging display opportunities arriving with the Internet of Things, like wearables.

Acquia partner Mediacurrent recently tackled this challenge on an awesome scale: migrating the giant The Weather Channel site to Drupal in a way that worked with all the above venues, and then some. (Have you thought about how your content will look on gas station pumps? Mediacurrent and The Weather Channel have.)

Recently, Matt Davis, a senior Drupal developer at Mediacurrent, explained how the team approached this task, in the first blog post in a projected series on the topic: Migrating To Drupal: Increased Content Portability.

If your goal is to "write once, use everywhere" (and it should be), this post is worth checking out.

Tags:  acquia drupal planet
Categories: Drupal Re-using the repeating date field widget in custom Drupal forms

11 June 2015 - 2:05am
As part of our work on Rooms Tours, (coming soon!) we wanted to give users the ability to quickly and easily input regular tour dates/times. This is a quick overview of how you can easily get this in Drupal using the widget that comes from the Date module.
Categories: Drupal frontpage posts: DrupalCamp St. Louis 2015 - June 20-21 - Register now!

10 June 2015 - 3:20pm

On June 20 - 21, people from all over the Midwest who use, design, develop and support Drupal will convene in downtown St. Louis for the second annual DrupalCamp STL. Meet us in St. Louis and help us forge new skills and friendships while furthering the Drupal project.

Registration is only $25, and if you register ASAP you'll get a soft, comfy T-shirt, a nice catered lunch, and an excellent lineup of sessions on Saturday, and sprints all day Sunday!

Check out the schedule for the day, which includes a keynote by Alina Mackenzie on getting involved in the Drupal Community.

Join us in the Learning Lounge on Saturday, and for Sprints on Sunday, to increase your Drupal knowledge, meet some other Drupal community members, and help make Drupal better!

Categories: Drupal

Open Source Training: There's an Updated Drupal Logo for Drupal 8

10 June 2015 - 12:44pm

Drupal 8 will ship with a new version of the Drupal logo, known as the Druplicon.

It's not the biggest news in the world, but this will make some people happy. The current version of the logo is 11 years old and has several design problems:

  • The lighting on the logo is from top left which can conflict with other sources.
  • The 'freaky alien' vibe.
  • It looks a bit dated.
  • Some people find it "sinister", or "mean".
  • The color scheme is muddy and out-of-sync with "Seven" administration theme.
Categories: Drupal

about seo