Newsfeeds

Apigee Edge UI

New Drupal Modules - 7 March 2019 - 4:42am

Enhancements for Apigee Edge App related UIs by Pronovix.

Categories: Drupal

Wayback Submit to Archive.org

New Drupal Modules - 7 March 2019 - 4:21am

You're producing high quality work and you'd like to keep a public record of it on Archive.org.

The Wayback Submit module will submit all your url's to The Wayback Machine at Archive.org.

Thus you should be able to prove that you came up with some great idea first. Or, if your research is taken offline for political reasons, you'll still be able to point to it at The Wayback Machine.

The Wayback Submit module enables you to save your entire site to The Wayback Machine

Categories: Drupal

mark.ie: PatternLab: Linking to Patterns

Planet Drupal - 7 March 2019 - 3:27am
PatternLab: Linking to Patterns

Here's two approaches to linking to patterns in PatternLab.

markconroy Thu, 03/07/2019 - 11:27

When using PatternLab, you can link to a pattern by creating a variable such as {{ url }}. Then in your corresponding JSON or YML file, you can setting this variable equal to something like
url: link.pages-contact
or
url: link.pages-homepage.

We often use this when creating menu items, since in Drupal our menu items template looks for two parts to the menu link: title and url, something like this:

  1. menu:
  2.   items:
  3.   item_1:
  4.   title: 'About Us'
  5.   url: link.sample-pages-basic-page
  6.   item_2:
  7.   title: 'Contact Us'
  8.   url: link.sample-pages-basic-page-contact-us

This works great when working with a template that has a specific variable for the URL, such as the link to a node in node.html.twig, so we can link the title in our teaser template in PL to our sample blog pattern, for example.

But if we have a link field, such as a Call to Action in a paragraph bundle we might have something like this in our pattern:

  1. {{ cta_link }}

and this in our corresponding YML file:

  1. cta_link: '"#">Click Me!'

We don't have PL paths in those links, because if we swap `#` for a `link.sample-pages-basic-page` it'll just render that as a string. And we don't want to break the variable into two parts, because in the Drupal template, we want to be able to {% set cta_link = content.field_cta %} and let Drupal do all its render magic.

The solution? Don't break up variable into two parts, concatenate what you want in YML instead to allow us to link to specific patterns:

  1. cta_link:
  2.   join():
  3. - '"'
  4. - link.sample-pages-basic-page-with-quote
  5. - '">See Ways to Help'

Now, the first part will render as a string, the second as a variable to the pattern you want to link to, and the third part as a string.

We could also create a link pattern, and do something like this:

  1. cta_link:
  2.   include():
  3.   pattern: 'organisms-link'
  4.   with:
  5.   url: 'link.sample-page-homepage'

I don't, because, in general, I don't like patterns to depend on other patterns. This is simply so I can drag and drop them from project to project without any friction. Each component has everything it needs contained within it. It also means in case of something like a link field, we can let Drupal do as much of the heavy lifting as possible.

Categories: Drupal

ComputerMinds.co.uk: Let's say NO to unsanitised inputs

Planet Drupal - 7 March 2019 - 2:36am

Last night saw the popular EU Cookie Compliance module fall from grace, as the Drupal community discovered that numerous inputs in the admin form were not being sanitised.

To me, this shows some serious failings in how our community is handling security awareness. Let's do some fixing :)

1) We need to make this OBVIOUS, with clear examples

One of the most important things when trying to get people to write secure code is making them aware of the issues. We need Drupalers of all levels of experience to know and understand the risks posed by unsanitised input, where they come up and how to fix / avoid them.

I did a little internet searching, and found that there's actually a great guide to writing Drupal modules on Drupal.org. It covers a whole bunch of things, and is compiled really nicely.

I noticed that it says how to do forms, but it manages to NOT mention security anywhere. This should be a key thought right now, no? There is a guide to handling text securely, but it's just there and isn't really linked to.

Similarly, the page of Drupal 7 sanitize functions is easily findable, but only if you know to look for it in the first place

Guys and girls, if we're going to help our Drupalers to write secure code we simply have to make it obvious. We shouldn't be assuming young new Drupalers will think to browse around the internet looking for sanitization functions. We shouldn't be assuming they know all the niggly bits that present security issues. We shouldn't be assuming that anyone really know when to use tokens in URLs and when not to. We should be putting all these things right there, saying hey! don't forget to use these! here's why!. We should have articles and guides for writing forms that take the time to cover how to handle the security side of things.

In that vein, surely the Form API reference should surely have a reminder link? A little sidebar with some links to all these guides and articles on writing secure code?

I'm going to go start some conversations and some edits - Drupal documentation is maintained by us, the Drupalers, after all.
Who else out there wants to help move things in the right direction? :)

2) We need to be aware of what we're installing

81,086 modules report use of the EU Cookie Compliance module. That's a whole bunch of blind installs! Nobody thought to check through the code? Nobody missed the lack of check_plain?

Well, you don't, do you? It's far too easy to assume that things are just fine. Our wonderful Open Source world, protected by our numbers, means that code is safe because it has a thousand people keeping eyes on it. Unless, of course, we're all assuming that somebody else is looking. In that case, as evident here, nobody really takes responsibility - and that's why we end up with module maintainers burning out trying to fight battles alone. In the presence of other people who we know could also do something, humans are significantly less likely to take responsibility.

I've said this before in my previous article discussing security risks to Drupal as we mature - if we took a little more of a moment to check through the modules that we install, we might catch a whole bunch of missed bugs!

I must make explicit that this call isn't just to the big bods and the experienced Drupalers. This task is for you, too, freelancers and small Drupal shops. We all have unique perspectives and unique opportunities that will allow us to see what others have missed - but if nobody is looking then nobody will see anything.

3) Contrib security reviews need help

Unless we're going to go through every module by hand, we need to think about writing some tool to do a basic sanity check on our contrib modules. How hard can it be to see if there's even one instance of a check_plain in a .admin.inc file?

It's admirable and encouraging to see the Drupal Security Team making huge progress on really key modules. Well done guys :) But, as far as I can guess, they're going through modules by hand, line by line. What other way is there?

If I had £50k going spare, I'd put a huge bounty out for anyone that can write an automated tool for spotting missing check_plains. Alas, I really don't have that! But I reckon there must be a decent tool for at least getting a start?

If we can solve this problem for contrib, then we can also solve it for every site's custom modules. And that will be of huge security benefit for Drupalers worldwide.

Huge publicity awaits whoever solves this problem, I'm sure.
Inventors and innovators in the Drupal world, this is your moment!

Categories: Drupal

Character Class: Multi-Classing: The Butt-Kickers

RPGNet - 7 March 2019 - 12:00am
Smash stuff and fight!
Categories: Game Theory & Design

Dev shares real talk about the personal costs of living in fear of layoffs

Social/Online Games - Gamasutra - 6 March 2019 - 2:40pm

Game developer Katie Chironis discusses the personal costs of living in fear of layoffs. ...

Categories: Game Theory & Design

Tips on porting your indie game (and how we can help!)

Social/Online Games - Gamasutra - 6 March 2019 - 1:07pm

Indies can handle porting by themselves, but there's significant investment required - likely several months per platform. DO games' tech leads offer tips on porting, and explore whether a dev partner is right for your game. ...

Categories: Game Theory & Design

Lullabot: Lullabot Education Becomes Osio Labs

Planet Drupal - 6 March 2019 - 12:54pm

What do you do when you accomplish your dream? If you’re like Addison Berry, you make another dream.

Categories: Drupal

RESTful Web Services Field Collection

New Drupal Modules - 6 March 2019 - 12:31pm

This module makes it possible to process Field Collections in the same
requests as their host entity, using the RESTful Web Services module.

Categories: Drupal

Valve bans sexual violence game from Steam, but stops short of condemning it

Social/Online Games - Gamasutra - 6 March 2019 - 12:22pm

Valve has ruled that an adult game about committing sexual assault against women will not launch on Steam due to the fact that it †œposes unknown costs and risks†. ...

Categories: Game Theory & Design

Bootstrap datepicker

New Drupal Modules - 6 March 2019 - 10:55am
Categories: Drupal

Block Config Override

New Drupal Modules - 6 March 2019 - 10:48am

Allows for Block configuration to be overridden on a site and saved to key-value store instead of saving to configuration. This would allow a block to be placed into a region and have default configuration set, but in another environment override certain fields that don't then get overridden on configuration import.

Categories: Drupal

GDC 2019 debuts free to all GDC @ The Gardens space

Social/Online Games - Gamasutra - 6 March 2019 - 9:02am

This year GDC will be complemented by a new initiative aimed at giving everyone a place to relax and unwind while listening to live performances from some of the industry's leading musicians! ...

Categories: Game Theory & Design

Platform.sh: Even more batteries included: Platform.sh configuration libraries

Planet Drupal - 6 March 2019 - 8:23am
Even more batteries included: Platform.sh configuration libraries Crell Wed, 03/06/2019 - 16:23 Blog

Platform.sh, like any good PaaS, exposes a lot of useful information to applications via environment variables. The obvious parts, of course, are database credentials, but there's far more that we make available to allow an application to introspect its environment.

Sometimes those environment variables aren't as obvious to use as we'd like. Environment variables have their limits, such as only being able to store strings. For that reason, many of the most important environment variables are offered as JSON values, which are then base64-encoded so they fit nicely into environment variables. Those are not always the easiest to read.

That's why we're happy to announce all new, completely revamped client libraries for PHP, Python, and Node.js to make inspecting the environment as dead-simple as possible.

Installation

All of the libraries are available through their respective language package managers:

PHP:

composer install platformsh/config-reader

Python:

pip install platformshconfig

Node.js:

npm install platformsh-config --save

That's it, you're done.

Usage

All three libraries work the same way, but are flavored for their own language. All of them start by instantiating a "config" object. That object then offers methods to introspect the environment in intelligent ways.

For instance, it's easy to tell if a project is running on Platform.sh, in the build hook or not, or if it's in a Platform.sh Enterprise environment. In PHP:

$config = new \Platformsh\ConfigReader\Config(); $config->inValidPlatform(); // True if env vars are available at all. $config->inBuild(); $config->inRuntime(); $config->onEnterprise(); $config->onProduction(); // Individual Platform.sh environment variables are available as their own properties, too. $config->applicationName; $config->port; $config->project; // ...

The onProduction() method already takes care of the differences between Platform.sh Professional and Platform.sh Enterprise and will return true in either case.

What about the common case of accessing relationships to get credentials for connecting to a database? Currently, that requires deserializing and introspecting the environment blob yourself. But with the new libraries, it's reduced to a single method call. In Python:

config = platformshconfig.Config() creds = config.credentials('database')

This will return the access credentials to connect to the database relationship. Any relationship listed in .platform.app.yaml is valid there.

What if you need the credentials formatted a particular way for a third-party library? Fortunately, the new clients are extensible. They support "credential formatters", which are simply functions (or callables, or lambdas, or whatever the language of your choice calls them) that take a relationship definition and format it for a particular service library.

For example, one of the most popular Node.js libraries for connecting to Apache Solr, solr-node wants the name of a collection as its own string. The Platform.sh relationship provides a path, since there are other libraries that use a path to connect. Rather than reformat that string inline, the Node.js library includes a formatter specifically for solr-node:

const solr = require('solr-node'); const config = require("platformsh-config").config(); let client = new solr(config.formattedCredentials('solr-relationship-name', 'solr-node'));

Et voila. client is now a solr-node client and is ready to be used. It's entirely possible to register your own formatters, too, and third-party libraries can include them as well:

config.registerFormatter('my-client-library', (creds) => { // Do something here to return a string, struct, dictionary, array, or whatever. });

We've included a few common formatters in each library to cover some common libraries. We'll be adding more as time goes by, and, of course, PRs are always extremely welcome to add more!

But what about my language?

We wanted to get these three client libraries out the door and into your hands as soon as possible. But don't worry; Go and Ruby versions are already in the works and will be released soon.

We'll continue to evolve these new libraries, keeping the API roughly in sync between all languages, but allowing each to feel as natural as possible for each language.

Larry Garfield 7 Mar, 2019
Categories: Drupal

Is there a way to research the 'happiness' factor in Game Development? - by Zuby Ahmed

Gamasutra.com Blogs - 6 March 2019 - 7:56am
The blog post explores how through a combination of research conducted on academic theory and recent industry case-studies, a refined framework has now emerged to facilitate further research into the ‘happiness’ factor in Game Development.
Categories: Game Theory & Design

Localising Kenshi: A Post Mortem - by Natalie Mikkelson

Gamasutra.com Blogs - 6 March 2019 - 7:54am
Did Kenshi's localisation pay for itself? Was the investment worth it? In this blog post I explore how Kenshi's regional sales were affected (or not affected!) after translating the game into various languages.
Categories: Game Theory & Design

Of Players & Characters - by Alois Bourguenolle

Gamasutra.com Blogs - 6 March 2019 - 7:53am
Game theory covers a wide range of knowledge, but when it comes to the player-character relationship, tabletop roleplaying and LARP have a headstart video games can exploit to move further.
Categories: Game Theory & Design

Spinnortality: crunching the numbers - by James Patton

Gamasutra.com Blogs - 6 March 2019 - 7:53am
Is it still possible to break into the games industry as an unknown indie in 2019? James Patton shares the sales numbers for his indie success "Spinnortality", a cyberpunk management sim that launched a month ago.
Categories: Game Theory & Design

The Philosophies of Gameplay - by Josh Bycer

Gamasutra.com Blogs - 6 March 2019 - 7:16am
Gameplay may come in all forms and genres, but today, we're going to talk about how we can break it down into two philosophies that govern the player's experience.
Categories: Game Theory & Design

Aten Design Group: Drupal 8 Paragraphs + Layout Discovery

Planet Drupal - 6 March 2019 - 5:45am

I recently wrote an article about Flexible Authoring with Structured Content. In this follow-up post, I'm going to dig into more detail on one specific approach we've been working on: Entity Reference with Layout.

If you use the Paragraphs module and wish there was a way to more easily control the layout of referenced paragraphs on a particular node, check out Entity Reference with Layout, a new module for Drupal 8. Entity Reference with Layout combines structured content (a la Paragraphs) with expressive layout control (a la Layout Discovery in core). Now you can quickly add new sections without leaving the content edit screen, choose from available layouts, add text or media to specific regions, drag them around, edit them, delete them, add more, and so on. The experience is easy-to-use, fast, and expressive.

Background Structured Content FTW.

We’ve been working with Drupal for a very long time: since version 4.7, way back in 2006. We love the way Drupal handles structured content – something that has only improved over the years with support for important concepts like “fieldable entities” and “entity references.” Integration with flexible rendering systems like Views, and in more recent years the ability to quickly expose content to services for headless, decoupled applications, relies largely on structured content. With structured content, editors can “Create Once, Publish Everywhere (COPE),” a widely-recognized need for modern web authoring. Drupal’s support for structured content is an important advantage.

Drupal, We Have a Problem.

But Drupal’s interface for creating structured content– the part that editors use daily, often many times per day – is lagging. In the era of SquareSpace, WIX, and Gutenberg, Drupal’s clunky authoring interface leaves much to be desired and is quickly becoming a disadvantage.

Paragraphs to the Rescue. Sort Of.

There have been a number of really interesting steps forward for Drupal’s authoring interface as of late. Layout Builder is powerful and flexible and soon to be a full-fledged part of Drupal core. Gutenberg, an expressive authoring experience first developed for Wordpress, now offers a Drupal version. The Paragraphs module solves similar problems, providing a way for authors to create structured content that is incredibly flexible.

We started using Paragraphs years ago, soon after it was first introduced in Drupal 7. We liked the way it combined structure (Paragraphs are fieldable entities) with flexibility (Paragraphs can be dragged up and down and reordered). We used nested Paragraphs to give authors more control over layout. The approach was promising; it seemed flexible, powerful, and easy-to-use.

For more complex applications, though, nested Paragraphs proved anything but easy-to-use. They could be profoundly complicated. Managing intricate layouts with nested Paragraphs was downright difficult.

If only there was a way to have it both ways: Drupal Paragraphs plus easy layout control. Well of course, now there is.

Introducing Entity Reference with Layout

We created Entity Reference with Layout to give authors an expressive environment for writing structured content. As the name suggests, Entity Reference with Layout is an entity reference field type that adds an important element to the equation: layout. It leverages the layout discovery system in Drupal Core, allowing editors to quickly add new paragraphs into specific regions. The authoring experience is expressive and easy, with drag-and-drop layout controls.

Give Entity Reference with Layout a Whirl

Entity Reference with Layout is available on Drupal.org. Installation is quick and easy (we recommend composer, but you can also just download the files). The module is experimental and still under active development; check it out and let us know what you think. We’d love to hear feedback, bug reports, or feature requests in the issue queue. And if you think your organization’s web editors might benefit from this approach and want to learn more, drop us a line and we’ll follow up!

Categories: Drupal

Pages

Subscribe to As If Productions aggregator