webjoke.de

Drupal theming system is one of the most flexible and powerful tools for web developers, especially when it comes to creating visually appealing and highly functional websites. As a Content management system (CMS), drupal provides the best customization capabilities, making it a top choice for developers worldwide. 

Today we are going to delve deeper into Drupal's Theming system, and its core component.

In this blog, we'll dive into Drupal’s theming system, its core components, and how LN Webworks, with its expert team, leverages Drupal development services to ensure that every Drupal-based website is not just functional but also visually engaging.

Integrating Pipedrive, a powerful CRM tool, with a Drupal Webform can automate lead capturing, tracking, and data management. By using Webform, we can create a custom form and submit form data directly to Pipedrive, enabling a seamless flow of information from your website to your CRM

In this post, we’ll walk through the process of creating a Drupal Webform and then show how to configure a submit handler to send form data to Pipedrive.

Prerequisites

Before we begin, ensure that you have the following:

• A Pipedrive account and API access (API key).
• A Drupal installation with the Webform module installed and enabled.

Integrating Pipedrive with Drupal Webform: A Step-by-Step Guide Step 1: Install the Webform Module in Drupal

The Webform module allows you to create forms and manage submissions in Drupal. To install the Webform module, follow these steps:

AI Chatbot demo with Drupal and RAG Peter Pónya Thu, 11/21/2024 - 12:30 AI Chatbot demo with Drupal and RAG

At DrupalCon Barcelona, we were amazed to see all the powerful and functional Drupal AI integrations in action. I have been following the development closely, and after the recent release announcement of the AI (Artificial Intelligence) module, we decided to recreate one of its use cases: a RAG chatbot enabling semantic search. 

Learn how the Event Platform module simplified building the DrupalCamp Berlin 2024 website, its key features, benefits, and potential for improvements.

Indus Action seeks volunteers with Drupal expertise to enhance RTE-MIS, its open-source platform supporting the implementation of the Right to Education Act. Volunteer 4-8 hours weekly for this social impact project aimed at improving educational access across India.

Well, it's official. My Drupal Lenient Composer Plugin has allowed the lenient Composer repository endpoint on Drupal.org to be sunset and removed. I created the mglaman/composer-drupal-lenient repository two years ago at DrupalCon Portland. It is pretty wild how much it has been adopted in just two years. Not only has it allowed the Drupal Association to dismantle some infrastructure, but it is also baked into the Drupal.org GitLab CI. The package is pushing over 3,000,000 downloads from Packagist!

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

Solution: 

Install the latest version:

• If you are using Drupal 7, update to Drupal 7.102.
• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Fabian Franz
• Juraj Nemec of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team
• Dave Long of the Drupal Security Team
• Alex Pott of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.
• Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Less critical 8 ∕ 25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.
• Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Critical 17 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: 

Drupal 7 core's Overlay module doesn't safely handle user input, leading to reflected cross-site scripting under certain circumstances.

Only sites with the Overlay module enabled are affected by this vulnerability.

Solution: 

Install the latest version:

• If you are using Drupal 7, update to Drupal 7.102
• Sites may also disable the Overlay module to avoid the issue.

Drupal 10 and Drupal 11 are not affected, as the Overlay module was removed from Drupal core in Drupal 8.

Reported By: 

• Cesar

Fixed By: 

• Cesar
• Greg Knaddison of the Drupal Security Team
• Matthew Grill
• Wim Leers
• Drew Webber of the Drupal Security Team
• Ra Mänd
• Fabian Franz
• Juraj Nemec of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation.

As a result, a user may be able to register with the same email address as another user.

This may lead to data integrity issues.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.
• Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Updating Drupal will not solve potential issues with existing accounts affected by this bug. See Fixing emails that vary only by case for additional guidance.

Reported By: 

• Wayne Eaker

Fixed By: 

• Wayne Eaker
• cilefen of the Drupal Security Team
• Kristiaan Van den Eynde
• Drew Webber of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: >= 8.8.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Jay Beaton

Fixed By: 

• Lee Rowlands of the Drupal Security Team
• catch of the Drupal Security Team
• Mingsong
• Juraj Nemec of the Drupal Security Team
• Dave Long of the Drupal Security Team
• Benji Fisher of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team

Usage (TLDR;)

You can simply copy <CTRL-C> + <CTRL-V> the following into your public_html/site/default/settings.php, and toggle on/off those that are relevant to you based on your need:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 $config['system.logging']['error_level'] = 'verbose'; // [A] (For Drupal 8+) Turn on verbose debug message reporting //$conf['error_level'] = 2; // [A] (For Drupal 7) Turn on verbose debug message reporting (Equivalant to navigate to Administration→ Configuration→ Development → logging and errors and select "All messages".) // [A] ------------------------------------------- error_reporting(E_ALL); // [A] Enable PHP errors (For local Drupal development, you can also enable error reporting, display errors and display startup error to help you further debugging and fixing major runtime errors ini_set('display_errors', TRUE); // [A] Enable PHP errors (For local Drupal development, you can also enable error reporting, display errors and display startup error to help you further debugging and fixing major runtime errors ini_set('display_startup_errors', TRUE); // [A] Enable PHP errors (For local Drupal development, you can also enable error reporting, display errors and display startup error to help you further debugging and fixing major runtime errors $settings['twig_debug'] = TRUE; // [B] Twig Debug - Turn on twig debug mode $settings['twig_auto_reload'] = TRUE; // [B] Twig Debug - Turn on twig template auto reload $settings['twig_cache'] = FALSE; // [B] Twig Debug - Turn off twig cache // [B] ------------------------------------------ $settings[‘cache’][‘bins’][‘render’] = ‘cache.backend.null’; // [B] Disable Caching - Disable render caching. $settings[‘cache’][‘bins’][‘page’] = ‘cache.backend.null’; // [B] Disable Caching - Disable page cache. $settings[‘cache’][‘bins’][‘dynamic_page_cache’] = ‘cache.backend.null’; // [B] Disable Caching - Disable dynamic page cache. $settings[‘cache’][‘default’] = ‘cache.backend.null’; // [B] Disable Caching - Disable backend cache. $config['system.performance']['css']['preprocess'] = FALSE; // [C] Turn off agrregated css (see: https://www.drupal.org/docs/develop/development-tools/disabling-and-debugging-caching) $config['system.performance']['js']['preprocess'] = FALSE; // [C] Turn off agrregated js (see: https://www.drupal.org/docs/develop/development-tools/disabling-and $settings['update_free_access'] = FALSE; // [D] Enable access to /update.php $settings['rebuild_access'] = TRUE; // [D] Enable access to /rebuild.php (This setting can be enabled to allow Drupal's php and database cached storage to be cleared via the rebuild.php page. Access to this page can also be gained by generating a query string from rebuild_token_calculator.sh and using these parameters in a request to rebuild.php. $settings['skip_permissions_hardening'] = TRUE; // [E] Skip file system permissions hardening. (The system module will periodically check the permissions of your site's site directory to ensure that it is not writable by the website user. For sites that are managed with a version control system, this can cause problems when files in that directory such as settings.php are updated, because the user pulling in the changes won't have permissions to modify files in the directory. $settings['extension_discovery_scan_tests'] = TRUE; // [E] Allow test modules and themes to be installed. (Drupal ignores test modules and themes by default for performance reasons. During development it can be useful to install test extensions for debugging purpose. $settings['trusted_host_patterns'] = array(); // [E] Turn off trusted host

(for instance verbose debug required then turn comment all lines except for $config['system.logging']['error_level'] = 'verbose';)

Welcome to the Event Impact Recap of DrupalCon Barcelona 2024. This year’s conference not only showcased the vibrant spirit of our global network but also highlighted the achievements and successes that emerged from this remarkable gathering. As we look forward to upcoming events in Singapore and Atlanta, let's take a minute to celebrate what we accomplished together in Barcelona!

At every DrupalCon, we unite the global Drupal community—crafted by the community, for the community. Our mission is to foster an inclusive environment where Drupal Certified Partners, Agencies, Marketers, End Users, Developers, Site Builders, and Community Organizers come together to train, learn, network, see old friends and make new ones, and grow their careers. We strive to create a vibrant space that celebrates collaboration and innovation, providing opportunities for personal and professional development.

Through shared knowledge, diverse perspectives, and active engagement, DrupalCon serves as a beacon for Drupal enthusiasts, empowering them to contribute to the future of open-source software. Together, we will shape the next generation of digital experiences, ensuring that Drupal continues to thrive, grow and innovate worldwide.

Key Highlights from DrupalCon Barcelona 2024 Attendance and Engagement

With 1,087 registered attendees and an impressive 96% check-in rate, DrupalCon Barcelona brought together a passionate community of Drupal enthusiasts and professionals. Notably, 307 participants received complimentary registrations (that’s 31%!) for their roles as speakers, scholarship recipients, or planners, reinforcing our commitment to inclusivity and accessibility.

Among the attendees, 27% were first-time DrupalCon participants, while 33.8% had attended four or more times. An impressive 79.1% of attendees expressed their intention to recommend DrupalCon to friends or colleagues, highlighting the event’s value.

Global Representation

DrupalCon Barcelona truly exemplified our global reach, with attendees from 66 countries across six continents. This diversity enriched our discussions and collaborations, showcasing the power of Drupal as a unifying platform.

Registrations Per Country United Kingdom 122 Japan 4 Spain 113 Slovenia 3 Germany 111 Uruguay 3 Belgium 102 Iceland 3 United States 97 Estonia 2 France 58 Czechia 2 India 33 España 2 Netherlands 31 Israel 2 Norway 30 Armenia 2 Denmark 27 Croatia 2 Switzerland 24 Ghana 2 Austria 23 Schweiz 1 Sweden 22 Nicaragua 1 Finland 21 Singapore 1 Bulgaria 20 Thailand 1 Poland 16 Cyprus 1 Portugal 15 Turkey 1 Ireland 15 Åland Islands 1 Italy 15 Luxembourg 1 Greece 13 Algeria 1 Canada 12 Magyarország 1 Czech Republic 9 Niger 1 Georgia 9 Antigua 1 Romania 8 Bangladesh 1 Serbia 7 Saudi Arabia 1 Brazil 7 Tunisia 1 Ukraine 6 Peru 1 Australia 5 Argentina 1 Lithuania 5 Philippines 1 Belarus 5 Colombia 1 Hungary 5 Burkina Faso 1 Mexico 5 Afghanistan 1 Slovakia 4 Iran 1 DriesNote and Starshot

A standout moment was the DriesNote, which attracted 810 attendees eager to learn about the future of Drupal CMS and the role of AI in expanding our marketplace. The insights shared during this session sparked lively discussions and innovative ideas.

The Starshot track and Makers and Takers tracks were immensely popular, with the top session, "Drupal AI: The Golden Era of the Web," drawing 520 attendees. These sessions not only highlighted cutting-edge topics but also fostered collaboration and knowledge sharing among participants.

Sponsorship Support

DrupalCon Barcelona 2024 was made possible by the generous support of our sponsors:

• Diamond Sponsors: 4
• Platinum Sponsors: 6
• Gold Sponsors: 3
• Silver Sponsors: 12
• Module Sponsors: 11
• Village Sponsors: 5
• Media Sponsors: 3
• Scholarship Sponsors: 3
• Total Sponsors: 30

In total, we had 30 sponsors whose commitment to the Drupal community was essential for the event and the overall community growth and success. Their support underscores the strength of our partnerships and shared goals.

Volunteer Contributions

The success of DrupalCon Barcelona was greatly aided by 208 dedicated volunteers, who contributed their time and talents across various roles—from session review committees and help desks to contribution monitors and photographers. Their hard work and enthusiasm were crucial in creating a welcoming and productive environment for all.

Looking Ahead

As we reflect on the achievements and connections fostered at DrupalCon Barcelona 2024, I feel optimistic about the future of Drupal. This event was not just a conference; it was a celebration of collaboration, knowledge sharing, and community spirit. 

I extend my heartfelt gratitude to everyone who contributed to this success—from attendees and volunteers to sponsors and organizers. Together, we can carry this momentum forward as we embark on the next chapter of Drupal's journey at DrupalCon Singapore, DrupalCon Atlanta, and beyond.

Here’s to continued growth, innovation, and the vibrant spirit of the Drupal community! I hope to see many of you in Singapore in December where we will be getting a sneak peek of the Drupal CMS, ahead of it’s release in January 2025; tickets are available on the DrupalCon Singapore website.

Multilingual websites can attract a wider audience! Read this blog to strengthen your technical knowledge about multilingual SEO and the impact of hreflang tags.

Join us THURSDAY, November 21 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)

We don't have anything specific on the agenda this month, so we'll have plenty of time to discuss anything that's on our minds at the intersection of Drupal and nonprofits.  Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone. 

• Join the call: https://us02web.zoom.us/j/81817469653

  • Meeting ID: 818 1746 9653
    Passcode: 551681

  • One tap mobile:
    +16699006833,,81817469653# US (San Jose)
    +13462487799,,81817469653# US (Houston)

  • Dial by your location:
    +1 669 900 6833 US (San Jose)
    +1 346 248 7799 US (Houston)
    +1 253 215 8782 US (Tacoma)
    +1 929 205 6099 US (New York)
    +1 301 715 8592 US (Washington DC)
    +1 312 626 6799 US (Chicago)

  • Find your local number: https://us02web.zoom.us/u/kpV1o65N

• Follow along on Google Docs: https://nten.org/drupal/notes

View notes of previous months' calls.

Today we are talking about some things are on our mind including, The DOJ Accessibility ruling,Drupal CMS Event Recipes and Tooling for core development with our Hosts. We’ll also cover @font-your-face as our module of the week.

For show notes visit: https://www.talkingDrupal.com/476

Topics

• DOJ Accessibility Ruling
• Drupal CMS
• Tooling for core development
• Open University

Resources

• Accessibility ruling
• PHPUnit testing
  • https://www.drupal.org/docs/develop/automated-testing/phpunit-in-drupal/running-phpunit-javascript-tests
  • https://github.com/ddev/ddev-selenium-standalone-chrome
• Drupal Events Recipes

Guests

Martin Anderson-Clutz - mandclu.com mandclu

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Martin Anderson-Clutz - mandclu.com mandclu Joshua "Josh" Mitchell - joshuami.com joshuami

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted to add and manage web fonts for your Drupal site, directly within the admin interface? There’s a module for that.
• Module name/project name:
  • @font-your-face
• Brief history
  • How old: created in May 2010 by Scott Reynen, but the most recent release was by Henrique Mendes (hmendes) of CI&T
  • Versions available: 7.x-2.8 and 4.0.0 versions available, the latter of which support Drupal 9.4 and 10.
• Maintainership
  • Actively maintained
  • Security coverage
  • Test coverage
  • Documentation, but looks like it might be ready for a refresh
  • Number of open issues: 48 open issues, 8 of which are bugs against the current branch
• Usage stats:
  • 32,213 sites
• Module features and usage
  • The module provides an interface to browse fonts from Google, Adobe, Typekit, and more
  • License restrictions for fonts are clearly indicated
  • When you find a font you want to use, you just click “enable”. You don’t need to write any CSS or define a library, and it’s easy to mix-and-match fonts from different providers. It can even make it easier to include your own local fonts
  • The module includes submodules for the different font providers, so you enable the submodules based on where you want to use fonts from
  • Then you can import the fonts for those providers, though you do need an API key to import fonts from Google
  • The module does also have an API, so you can write your own modules to integrate with other font providers, or access the information about available fonts

Explore how the integration of Drupal Recipes is transforming Drupal development by simplifying configurations and enhancing reusability. Learn how these innovations are setting the stage for the highly anticipated release of the official Drupal CMS in January 2025.

Explore how the integration of Symfony Recipes is transforming Drupal development by simplifying configurations and enhancing reusability. Learn how these innovations are setting the stage for the highly anticipated release of the official Drupal CMS in January 2025.

Headless CMS allows flexible data exposure for different applications. In systems like Drupal, this concept becomes especially important for teams that want to build modern applications with a separate frontend layer. In this blog post, you'll see the process of exposing Drupal data using the REST API and JSON API. You'll also discover how to customize views, generate content, and manage settings to ensure seamless collaboration with frontend frameworks.