Planet Drupal

Syndicate content
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 41 min 10 sec ago

Modules Unraveled: 122 The Drupal Security Team With Greg Knaddison and Michael Hess - Modules Unraveled Podcast

Fri, 10/17/2014 - 12:04
div class=field field--name-field-image field--type-image field--label-hiddendiv class=field__itemsdiv class=field__item evenimg typeof=foaf:Image src=http://modulesunraveled.com/sites/default/files/styles/podcast_default/public/podcast/image/Photo%20of%20Greg%20and%20Michael.png?itok=WQlvuqPo width=350 height=176 alt=Photo of Greg Knaddison and Michael Hess //div/div/divspan class=submitted-byPublished: Fri, 10/17/14/spandiv class=field field--name-field-podcast-file field--type-file field--label-hiddendiv class=field__itemsdiv class=field__item evendiv class=mediaelement-audioaudio src=http://traffic.libsyn.com/modulesunraveled/122_The_Drupal_Security_Team_With_Greg_Knaddison_and_Michael_Hess_-_Modules_Unraveled_Podcast.mp3 class=mediaelement-formatter-identifier-1413556613-0 controls=controls /audiodiv class=mediaelement-download-linka href=http://traffic.libsyn.com/modulesunraveled/122_The_Drupal_Security_Team_With_Greg_Knaddison_and_Michael_Hess_-_Modules_Unraveled_Podcast.mp3Download this episode/a/div/div/div/div/divdiv class=field field--name-body field--type-text-with-summary field--label-hiddendiv class=field__itemsdiv class=field__item even property=content:encodedh2The Drupal Security Team/h2 ulliWhat type of people are on the Drupal Security Team? ullihttps://security.drupal.org/team-members /li liMostly coders, some project managers, core maintainers/li /ul/li liWhat does the security team do? ulliWe fix issues in drupal/li liResolve reported security issues in a Security Advisory/li liProvide assistance for contributed module maintainers in resolving security issues/li liProvide documentation on how to write secure code/li liProvide documentation on securing your site/li liHelp the infrastructure team to keep the drupal.org infrastructure secure/li /ul/li liWhat doesn’t the security team do ulliprojects without stable releases/li liSite support/li liSet policy around security with the security working group./li /ul/li liIs there a D7 security team and a D8 security team with different people? (What about Drupal 6)/li liHow can others get involved?/li liWhat was the recent bug that was fixed/li /ulh2Questions from Twitter/h2 ullia href=http://www.twitter.com/PaulenasPaulius Pazdrazdys/abr / How this latest security release is different from others? Do you have any information if this bug done any harm before release?/li lia href=http://www.twitter.com/hunaborosaboros/abr / The recent bug was über critical, still only 20/25. What would be a 25/25 bug?/li lia href=http://www.twitter.com/hunaborosaboros/abr / Do you notify any high value targets before SA is sent out? Is the list of those public? Can one be part of this privileged group?/li lia href=http://www.twitter.com/cariefisherCarie Fisher/abr / When the latest bug was found? is there a private drupal security group where this was discussed? could we have found out sooner?/li lia href=http://www.twitter.com/davidnarrabilisDavid Hernandez/abr / What is the average time from discovery to announcement?/li lia href=http://www.twitter.com/DamienMcKennaDamien McKenna/abr / @ModsUnraveled Are there existing stats on how long it takes from initial reporting, to maintainer response, to first patch amp; fix?/li lia href=http://www.twitter.com/UstimaHeine Deelstra/abr / How was SA-CORE-005 (in hindsight) able to be public for so long in the public queue?/li lia href=http://www.twitter.com/markconroyMark Conroy/abr / I think the #drupal security team are great. Working extremely hard. (I know, that wasn't a question)/li lia href=http://www.twitter.com/hunaborosaboros/abr / Are there plans for some sort of bounty program run by DA maybe?/li lia href=http://www.twitter.com/davidnarrabilisDavid Hernandez/abr / What kind of work does the security team do besides review code? What is the administrative overhead?/li /ul/div/div/divdiv class=field field--name-field-items-mentioned field--type-link-field field--label-abovediv class=field__labelEpisode Links:nbsp;/divdiv class=field__itemsdiv class=field__item evena href=https://www.drupal.org/u/greggles rel=nofollow target=_blankGreg on drupal.org/a/divdiv class=field__item odda href=https://twitter.com/greggles rel=nofollow target=_blankGreg on Twitter/a/divdiv class=field__item evena href=https://www.drupal.org/u/mlhess rel=nofollow target=_blankMichael on drupal.org/a/divdiv class=field__item odda href=https://twitter.com/mlh407 rel=nofollow target=_blankMichael on Twitter/a/divdiv class=field__item evena href=https://www.drupal.org/security-advisory-policy rel=nofollow target=_blankList of permissions that aren’t included/a/divdiv class=field__item odda href=http://drupalsecurityreport.org rel=nofollow target=_blankDrupal Security Report/a/divdiv class=field__item evena href=https://www.drupal.org/project/tfa rel=nofollow target=_blankTwo factor auth module/a/divdiv class=field__item odda href=https://www.drupal.org/project/paranoia rel=nofollow target=_blankParanoia module to prevent php execution/a/divdiv class=field__item evena href=https://groups.drupal.org/security rel=nofollow target=_blankSecurity group on g.d.o/a/div/div/divdiv class=field field--name-field-tags field--type-taxonomy-term-reference field--label-abovediv class=field__labelTags:nbsp;/divdiv class=field__itemsdiv class=field__item evena href=/tags/security typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Security/a/divdiv class=field__item odda href=/tags/drupal-core typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Drupal Core/a/divdiv class=field__item evena href=/planet-drupal typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=planet-drupal/a/div/div/div

Get Pantheon Blog: What We Are Seeing With Drupal SA 2014-005

Thu, 10/16/2014 - 23:41
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenpIt's been 24 hours since a href=https://www.drupal.org/SA-CORE-2014-005Drupal SA-CORE-2014-005/a was announced, and we are already beginning to see attacks in the wild. As a platform with 10s of 1000s of Drupal sites, we have a unique perspective on the problem./p pThis is not a drill: black-hat scripters from sketchy domains are working through lists of known Drupal websites probing for exploits. If you have not patched all your sites, stop reading and do it right now./p p.../p pOk, now that your websites are safe, here's what we're seeing./p !--break--h4Profiling and Logging Suspected Exploits/h4 pWe learned of the vulnerability through our participation with the Drupal Security team, so we had a few days to prepare prior to the announcement. At that point, we were under obligation not to share details as part of responsible disclosure, but we did tweet and email customers to be ready for the update on Wednesday./p pBeyond that, the first step was fashioning our own exploit to have something to build a defense against. I owned my personal blog several times getting this right./p pWith a sense of a potential attack signature, we developed platform-wide request filtering, WAF style. At our scale, we couldn't try to tweak every individual site: a platform solution was the only answer./p pWe got that deployed on Monday, giving us two days to see the results of real production traffic. We were able to eliminate false-positives while still detecting our PoC attacks, which gave us confidence that our filter would not impact legitimate traffic. That was an important moment, because it meant we could start locking things down./p h4Log and Block/h4 pWith the SA announcement on Wednesday we switched the filter from log to log and block. The first detected (and blocked) attack came in at 22:42 UTC (3:42 PM PT), about seven hours after the security announcement. It attempted to set up a fake user with id 9999 and a suspicious temp email address from a href=http://trbvm.comtrbvm.com/a./p pOver the rest of the day we saw a handfull (20-ish) more attacks that looked like proof of concepts or penetration tests. We saw attempts to re-use a proof of concept posted in a Reddit thread, an attempt to create a user named morpheus with a pre-set password, and a few attempts to make accounts with the email address codetest@test.com/code and then elevate them to an admin role./p h4It Gets Real/h4 pa href=https://gist.github.com/joshkoenig/f5485f3db8efdd98f184img src=https://www.getpantheon.com/sites/default/files/informant-attacks.png alt=Attacks start title=Attacks start width=462 height=220 //a/p pEarly this morning at 08:23 UTC (1:23 AM PT) we started seeing an attack that attempts to insert a href=https://gist.github.com/joshkoenig/f5485f3db8efdd98f184a new item into the codemenu_router/code table/a. This attack is originating from IPs from a VPS provider in the .ru domain space, and it appears to be working through a list of domain names alphabetically./p pThe attack seems to be the initial part of a multi-step process. The menu_callback it is attempting to create will try to use codefile_put_contents()/code to drop a file somewhere in the codebase. That file will pick up a subsequent http request with more of an attack payload in the $_COOKIE superglobal. This sophistication plus the alphabetical attack sequence suggests a professional exploit./p pNote that this attack has a 0% chance of success on Pantheon. We block it, but even if we didn't live sites can't write files into the codebase, and a sophisticated code$_COOKIE/code attack would also be stripped. Still, it's concerning./p h4This Is Not A Drill/h4 pIt's barely 24 hours after the SA, and we have logged and blocked over 500 attempted attacks on sites on the Pantheon platform. We expect this rate to increase as exploit code is more widely shared and attacks become more automated./p pThe fact that we are blocking suspect traffic does not mean you delay updating. We're happy to be defending sites on our Platform, but the filter, like a href=https://blog.cloudflare.com/drupal-7-sa-core-2014-005-sql-injection-protection/CloudFlare's WAF firewall rule/a is not a guarantee to secure your site. You need to get the update deployed and patch the vulnerability at the source./p pIf you need help, let us know. If you have friends who need help, lend a hand./p h4Credits/h4 pCredit to the Drupal Security team for organizing a responsible and orderly release. There was likely temptation to rush something out once the severity was realized, but they showed great professionalism by taking a more deliberate route. As soon as the fix was disclosed, black-hats would start working to weaponize the exploit, which we are already seeing./p pI'd also like to thank a href=http://about.me/leonardo.finettiLeonardo Finetti/a for chiming in based on some tweets with additional information about the codemenu_router/code attack. He has a href=http://leonardofinetti.blogspot.it/2014/10/grave-vulnerabilita-drupal-drupageddon.htmlhis own post up (in Italian) here/a./p pFinally, I'd like to give credit to a href=https://www.drupal.org/u/gregglesGreg greggles Knaddison/a for planting the idea in my head of using the reach of our platform as a way to monitor exploit attempts against sites running on Pantheon. Hopefully the data we're able to gather will help everyone defend better and build more secure software and platforms./p /div/div/divdiv class=field field-name-field-blog-categories field-type-taxonomy-term-reference field-label-abovediv class=field-labelBlog Categories:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/blog/engineeringEngineering/a/div/div/divdiv class=easy_social_box clearfix horizontal easy_social_lang_und div class=easy_social-widget easy_social-widget-twitter firsta href=http://twitter.com/share class=twitter-share-button data-url=https://www.getpantheon.com/blog/what-we-are-seeing-drupal-sa-2014-005 data-count=horizontal data-lang = en data-via= data-related=:Check it out! data-text=What We Are Seeing With Drupal SA 2014-005 Tweet/a/div div class=easy_social-widget easy_social-widget-facebookiframe src=//www.facebook.com/plugins/like.php?locale=en_USamp;href=https%3A//www.getpantheon.com/blog/what-we-are-seeing-drupal-sa-2014-005amp;send=falseamp;layout=button_countamp;width=88amp;show_faces=trueamp;action=likeamp;colorscheme=lightamp;font=amp;height=21amp;appId= scrolling=no frameborder=0 style=border:none; overflow:hidden; width:88px; height:21px; allowTransparency=true/iframe/div div class=easy_social-widget easy_social-widget-googleplusdiv class=g-plusone data-size=medium data-annotation=bubble data-href=https://www.getpantheon.com/blog/what-we-are-seeing-drupal-sa-2014-005/div/div div class=easy_social-widget easy_social-widget-linkedin lastscript type=in/share data-url=https://www.getpantheon.com/blog/what-we-are-seeing-drupal-sa-2014-005 data-counter=right/script/div /div !-- /.easy_social_box --

Acquia: Shields Up!

Thu, 10/16/2014 - 23:32
div class=field field-name-body field-type-text-with-summary field-label-hidden div class=field-items div property=content:encoded class=field-item evenpYesterday, the Drupal Security team a href=https://www.drupal.org/SA-CORE-2014-005announced that all Drupal 7 sites are highly vulnerable to attack/a. Acquia deployed a platform-wide shield which protects all our customer sites, while still keeping them 100% functional for visitors and content editors. These sites can now a href=http://docs.acquia.com/articles/drupal-7x-sa-core-2014-005-critical-security-updateupgrade to 7.32/a in a more calm, controlled timeline. /p/div /div /div span property=dc:title content=Shields Up! class=rdf-meta/span

Acquia: 30 Awesome Drupal 8 API Functions you Should Already Know - Fredric Mitchell

Thu, 10/16/2014 - 20:49
div class=field field-name-body field-type-text-with-summary field-label-hidden div class=field-items div property=content:encoded class=field-item evenpApart from presenting a terrific session that will help you wrap your head around developing for Drupal 8, Fredric and I had a great conversation that covered the use of Drupal and open source in government, government decision-making versus corporate decision-making, designing Drupal 7 sites with Drupal 8 in mind, designing sites for the end users and where the maximum business value comes from in your organization, and more!/p /div /div /div span property=dc:title content=30 Awesome Drupal 8 API Functions you Should Already Know - Fredric Mitchell class=rdf-meta/span

Dries Buytaert: Acquia a leader in Gartner Magic Quadrant for Web Content Management

Thu, 10/16/2014 - 14:23
div class=field field-name-taxonomy-vocabulary-1 field-type-taxonomy-term-reference field-label-abovediv class=field-labelTopic:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/tag/drupal typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Drupal/a/divdiv class=field-item odda href=/tag/acquia typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=Acquia/a/div/div/divdiv class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpYou might have read that a href=http://acquia.comAcquia/a was named a leader in the a href=https://www.gartner.com/doc/2870517Gartner Magic Quadrant for Web Content Management/a. /p pIt's easy to underestimate the importance of this recognition for both a href=http://acquia.comAcquia/a and a href=http://drupal.orgDrupal/a to be in the leader quadrant. If you want to find a good coffee place, you use Yelp. If you want to find a nice hotel in New York, you use TripAdvisor. Similarly, if a CIO wants to spend $250,000 or more on enterprise software, they consult an analyst firm like a href=http://gartner.comGartner/a. So think of Gartner as Yelp for the enterprise./p pMany companies create their technology shortlist based on the a href=http://www.gartner.com/technology/research/methodologies/research_mq.jspleader quadrant/a. That means that Drupal has not been considered as an option for hundreds of evaluations for large projects that have taken place in the past couple of years. Being named a leader alongside companies like Adobe, HP, IBM, Oracle, and Sitecore will encourage more organizations to evaluate Drupal. More organizations evaluating Drupal should benefit the Drupal ecosystem and the development of Drupal./p /div/div/div

tanay.co.in: SA-CORE-2014-005 - All you need to know to protect your Drupal Site from the latest SQL Injection vulnerability

Thu, 10/16/2014 - 13:18
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenp dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Last night, Drupal Release a security update to its core - /spana href=https://www.drupal.org/drupal-7.32-release-notesspan style=font-size: 15px; font-family: Arial; color: rgb(17, 85, 204); font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;v7.32/span/aspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; /span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;The release addresses the SQL Injection vulnerability described at /spana href=https://www.drupal.org/SA-CORE-2014-005span style=font-size: 15px; font-family: Arial; color: rgb(17, 85, 204); font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;https://www.drupal.org/SA-CORE-2014-005/span/a/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;  /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;img height=391px; src=/sites/default/files/cdn/2014/10/16/qGjH9efhrdnZBcoDhFwOmAnPMmFADGh-bfQQVdqTnNeS-VlOqrseVpA7NmLqLnS2wrj83NteGeCzHtlRoMPS6csHpmpybLhh0iw7orapjnaOvqlhkf7HM8-RQbhubXkbwQ style=border-style: none; transform: rotate(0rad); -webkit-transform: rotate(0rad); width=624px; //span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;  /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;How serious is it?/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;There are many proof of concepts scripts available all over the internet now. Both python and php variants. So, anyone who is knowledgeable enough to run a php/python script can now login to your /spanspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Drupal 7/spanspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; Site as admin, or execute any SQL on your Drupal Database!/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 11px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;[I am not linking them here for the obvious reasons, if you came here searching for those scripts, you are at the wrong place]/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;So, is my site vulnerable?/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Most of the Drupal-special webhosts like Acquia, Pantheon, Platform.sh have apparently patched their platforms protecting your Drupal site even if your individual site has not been patched yet. So most of you are safe. You should be worried if you are hosting on one of those generic hosts to whom Drupal is just yet another script or if you are running the site on your own stack./span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;And if you have a CDN like cloudflare infront of your website, then you are safe as well (at least for a while). As of now, I am aware of only cloudflare that has /spana href=http://blog.cloudflare.com/drupal-7-sa-core-2014-005-sql-injection-protection/span style=font-size: 15px; font-family: Arial; color: rgb(17, 85, 204); font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;announced/span/aspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; that they have updated their Web App Firewall rules to mitigate this vulnerability. So if you are using Cloudflare CDN like I do for this blog site, make sure you turn on this option./span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;img height=69px; src=/sites/default/files/cdn/2014/10/16/uiTs1A5TnZPhzZzzWCW9cjk16PQ8QHjlAAkRv4OYRE7-xTU5xjGrLwgnVuG31W_DTKgjQ8j3FVpjiHfD0VH85a981sobfK53Xb7tKGkFc3gosPSfC-BQQq2A_rrP3ROquQ style=border-style: none; transform: rotate(0rad); -webkit-transform: rotate(0rad); width=624px; //span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;How do I fix my Site?/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Don’t worry. Fortunately it is very simple. And it would not take more than 2 minutes to fix your site (if you do it via #3 below)./span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;If the words like “git”, “patch”, “upgrade” scare you and if you like the words “FTP”, “Filezilla” more then skip directly to #3 below/spanspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;./span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p ul style=margin-top:0pt;margin-bottom:0pt; li dir=ltr style=list-style-type: disc; font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;OPTION #1: /spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;The first option is to update your site to the latest version of Drupal - 7.32. /span/span/p /li li dir=ltr style=list-style-type: disc; font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;OPTION #2:/spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;But yeah, there is considerable effort involved behind upgrading your Drupal Site. Every upgrade usually would require significant regression testing and this could take a while. /spanbr class=kix-line-break /br class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;So, as an alternative, there is a very small patch out there for  you. Apply it and you are all set./spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Patch : /spana href=https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patchspan style=font-size: 15px; font-family: Arial; color: rgb(17, 85, 204); font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch/span/abr class=kix-line-break /br class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;How do I apply this patch?/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Like any other patch - /span/span/p ul style=margin-top:0pt;margin-bottom:0pt; li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;SSH To your drupal root directory/span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Get the patch by executing the command/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: italic; font-variant: normal; white-space: pre-wrap; background-color: transparent;wget a href=http://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patchhttp://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch/a/span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Assuming you got git on the server, run the command/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: italic; font-variant: normal; white-space: pre-wrap; background-color: transparent;git apply -v SA-CORE-2014-005-D7.patch/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;img height=64px; src=/sites/default/files/cdn/2014/10/16/SPjSJJ8s6Q9BZiT6NewBr7BKMb0kEOquNFlmxB13RI68hwhAAuKsWsv37VP9OqsIyfaxtYg9iozbBwCoqJEPsH4SKw-2_dfDQYpANtFx5KYyvrdAmaEsZRJExk7-Vt7r3A style=border-style: none; transform: rotate(0rad); -webkit-transform: rotate(0rad); width=624px; //spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;If you see something like this, you are all set now :-)/span/spanbr class=kix-line-break /br /  /p /li /ul /li li dir=ltr style=list-style-type: disc; font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;OPTION #3: [THE SIMPLEST OF ALL] /spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Alternatively, if you do not want to deal with patches or upgrades, or if you are are looking for a quick fix, here you go:/span/span/p ul style=margin-top:0pt;margin-bottom:0pt; li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;FTP to, or open your Drupal Root Directory/span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Navigate to  /spanspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;includes/database//spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; folder/span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;There will be a file named /spanspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;database.inc/spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; . Take a backup of the file. We are going to modify the file. Store the backup somewhere safe just in case./span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Open the file /spanspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;database.inc/spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; . /span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;At around/spanspan style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent; line 739/spanspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;, you will find a line of code that reads/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: italic; font-variant: normal; white-space: pre-wrap; background-color: transparent;foreach ($data as $i =gt; $value) {/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Replace this line with/spanbr class=kix-line-break /span style=font-size: 15px; font-family: Arial; font-weight: bold; font-style: italic; font-variant: normal; white-space: pre-wrap; background-color: transparent;foreach (array_values($data) as $i =gt; $value) {/span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Save the file and exit/span/span/p /li li dir=ltr style=list-style-type: square; font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Pat yourself on the back. You are all set now :-)/span/span/p /li /ul /li /ul p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;br class=kix-line-break /span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;I have no enemies. Should I still fix my site?/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Absolutely yes. With the many google dorks that could be used to find Drupal Sites, you could be the subject of random attack. - ie Some noob with the script picking up your site randomly to login as admin and defacing it or playing around with it, or stealing your userbase for spamming!/span/span/p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt; /p p dir=ltr style=line-height:1.5;margin-top:0pt;margin-bottom:0pt;span id=docs-internal-guid-10318073-19eb-5c02-1cfb-dcc5bc51b9bcspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-weight: bold; font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Who found this issue? Who reported it? When was it first reported? ……. /spanspan style=font-size: 15px; font-family: Arial; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; white-space: pre-wrap; background-color: transparent;Check out the FAQ on Drupal.org for answers - /spanspan style=font-size: 15px; font-family: Arial; color: rgb(17, 85, 204); font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; white-space: pre-wrap; background-color: transparent;a href=https://www.drupal.org/node/2357241https://www.drupal.org/node/2357241/a/span/span/p div  /div /div/div/div

Visitors Voice: What is a good autocomplete?

Thu, 10/16/2014 - 12:45
Too often clients add autocomplete as an requirement without much thought. And as an result it is actually making the user experience worse. Instead of helping the users it confuses them. The first rule when designing autocomplete is: the suggestions must be relevant for many! Otherwise don#8217;t make any suggestions at all, since it#8217;s just [#8230;]

Open Source Training: Drupal 7.32 is an Absolutely Necessary Update

Thu, 10/16/2014 - 11:03
!-- Start ScreenSteps Content -- div class=LessonContent div class=LessonSummary pimg style=float: right; src=https://www.ostraining.com/cdn/images/ostrainingcom/drupal-update.jpg alt=drupal-update width=200 height=200 /We're accustomed to the Drupal security team releasing security fixes./p pFortunately, most of the fixes were relatively minor. They either impacted a small group of sites, or they were unlikely to lead to your site being hacked./p pLet's take a brief look at the 4 previous Drupal security advisories in 2014:/pimg src=http://feeds.feedburner.com/~r/ostrainingdrupal/~4/N4pxNY2Ho6k height=1 width=1/

PreviousNext: Constructive Conflict Resolution in the Drupal Community

Thu, 10/16/2014 - 06:06
pHow can the Drupal community recognise and handle conflict more constructively? This core conversation session from DrupalCon Amsterdam aimed to start a discussion about creating an army of empowered bystanders ready, willing and able to use conflict as a positive force in the community./p span property=dc:title content=Constructive Conflict Resolution in the Drupal Community class=rdf-meta/span

PreviousNext: Constructive Conflict Resolution in the Drupal Community

Thu, 10/16/2014 - 06:06
pHow can the Drupal community recognise and handle conflict more constructively? This core conversation session from DrupalCon Amsterdam aimed to start a discussion about creating an army of empowered bystanders ready, willing and able to use conflict as a positive force in the community./p span property=dc:title content=Constructive Conflict Resolution in the Drupal Community class=rdf-meta/span

Midwestern Mac, LLC: Fixing Drupal Fast - Using Ansible to deploy a security update on many sites

Thu, 10/16/2014 - 06:01
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpEarlier today, the Drupal Security Team announced a href=https://www.drupal.org/SA-CORE-2014-005SA-CORE-2014-005 - Drupal core - SQL injection/a, a 'Highly Critical' bug in Drupal 7 core that could result in SQL injection, leading to a whole host of other problems./p pWhile not a regular occurrence, this kind of vulnerability is disclosed from time to time—if not in Drupal core, in some popular contributed module, or in some package you have running on your Internet-connected servers. What's the best way to update your entire infrastructure (all your sites and servers) against a vulnerability like this, and emfast/em? High profile sites could be quickly targeted by criminals, and need to be able to deploy a fix ASAP... and though lower-profile sites may not be immediately targeted, you can bet there will eventually be a malicious bot scanning for vulnerable sites, so these sites need to still apply the fix in a timely manner./p/div/div/div

Drupalize.Me: Tips for Applying Today's Drupal Core Security Update (SA-CORE-2014-005)

Wed, 10/15/2014 - 23:13
div class=field field-name-body field-type-text-with-summary field-label-hidden text-content text-secondarydiv class=field-itemsdiv class=field-item evenpToday a highly critical security update (SA-CORE-2014-005) was released for Drupal 7. Any Drupal site running Drupal 7.31 or lower needs to update to 7.32 or apply the patch immediately. Here are some tips to get your Drupal 7 site updated today!/p /div/div/divdiv id=comment-wrapper-nid-1877/div

Mediacurrent: 10 Reasons Why Marketers Are Moving to Drupal

Wed, 10/15/2014 - 22:11
img typeof=foaf:Image src=http://www.mediacurrent.com/sites/default/files/styles/thumb_blog_spotlight/public/10-reasons-marketers-01_0.png?itok=H_bQTVwi width=200 height=152 alt=10 Reason Why Marketers Are Moving to Drupal title=10 Reason Why Marketers Are Moving to Drupal / pMarketers around the world face the same pressures of trying to leverage a href=http://www.mediacurrent.com/blog/top-drupal-marketing-automation-modulesmarketing automation/a, a href=http://www.mediacurrent.com/blog/quick-guide-creating-content-marketing-strategycontent marketing/a, a href=http://www.mediacurrent.com/blog/7-reasons-why-your-company-should-be-using-social-mediasocial media engagement/a, a href=http://www.mediacurrent.com/blog/4-seo-tips-you-can-implement-todaySEO/a, and more to drive prospective buyers to engage with their brands./p

CMS Quick Start: Drupal 7 Login Methods and Module Roundup: Part 2

Wed, 10/15/2014 - 21:35
!-- google_ad_section_start --divdivdivdivdivdivbrdivLast time we explored some different options that determined how the login form was displayed on your site. Today we're going to expand on that and look at different ways of wrangling or changing the actual login experience for your users. The default settings aren't exactly very refined and so it can take some configuration to get a better user experience out of the whole process.!-- google_ad_section_end --div class=og_rss_groups/divpa href=http://www.cmsquickstart.com/blog/drupal-7-login-methods-and-module-roundup-part-2 target=_blankread more/a/p

CTI Digital: See the team behind Drupal 8 (all 2,300 of them!)

Wed, 10/15/2014 - 18:28
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encoded pOn October 1st 2014, Dries announced at DrupalCon Amsterdam that Drupal 8 had reached Beta 1, a significant milestone in the journey to Drupal 8.  /p divHe also revealed that 2,300 individuals have contributed to the Drupal 8 project. Pretty impressive - but hard to imagine, right?/div div /div divOne of our Drupal developers here at CTI decided to create a visualisation to express the flurry of activity before, during and after DrupalCon, which has culminated in this significant achievement. /div div /div divThe video Adam created helps communicate the true scale of the project. Enjoy…/div div /div piframe allowfullscreen= frameborder=0 height=315 src=//www.youtube.com/embed/gAxsrIr5hd4?list=UUylSUwvJHvEnYKQral4dadw width=560/iframe/p /div/div/div

LightSky: Are you Giving Back?

Wed, 10/15/2014 - 17:56
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpLightSky has been using Drupal for quite some time, but because of a lot of factors haven’t contributed as much during that time as we probably should.  Mike and I implemented a philosophical change about a year ago to make a concerted effort to give back.  It has been small steps for us though, we are a small organization and in a growing phase, so our resources to give back have been limited.  Starting with attending some Drupal camps, to building modules, contributing to core, and growing from there, we have made a pretty big effort on our end to help support the Drupal community and we think you should too./p pAgencies like us aren’t the only ones to give back though, companies of all different backgrounds across the globe use Drupal, and give back to the community.  Some, more directly than others, but even passively, giving back to the community is what keeps Drupal sustainable, and makes the platform so desirable./p h2 How Can a Widget Factory Give Back to Drupal?/h2 pThis is an interesting question, but it isn’t as complicated as one might think.  Look at all of our clients for example, they all give back to Drupal and many of them have no web experience, and can’t write or interpret even the most basic of code.  They give back through us.  They choose to partner with a company that gives back to the Drupal community, and that is a big deal.  There is great value in their support of the community for their company and their bottom line.  Open source projects are often some of the most cost effective choices in the software world, and Drupal is really no different. /p h2 Experience Not Needed/h2 pContributing doesn’t have to be through a third party though.  Content on Drupal.org can be updated by anyone with a user account.  Making documentation changes to a module that your organization is using, or building better documentation is a great way to give back, and anyone can do it.  But the way that I recommend companies give back is speaking at a Drupal camp.  Do a case study, it doesn’t have to be technical, show people how Drupal has helped your company./p pDrupal allows our clients to to have an enterprise level product, that is community based, and completely flexible, and often Drupal provides them a solution that no other software could really match.  But what created this excellent product is the community, and without people giving back regularly, this product would never exist.  So if you aren’t giving back, think about how you can, and if your Drupal firm isn’t giving back, make sure that they know you think they should./p h3 For more tips like these, a href=http://www.lightsky.com/lightsky-socialfollow us/a on social media or subscribe for free to our a href=http://www.lightsky.com/rssRSS feed/a and a href=http://eepurl.com/dx_ljnewsletter/a. You can also a href=http://www.lightsky.com/simple-contact-formcontact us/a directly or a href=http://www.lightsky.com/request-consultationrequest a consultation/a. /h3 /div/div/div

Drupal Watchdog: The Angry Themer

Wed, 10/15/2014 - 17:00
div class=field field--article-edit-printtype field-type-list-text field-label-hidden field--rss Column /div div class=field field--article-body field-type-text-long field-label-hidden field--rss pWelcome back to the ANGRY THEMER!/p pFaithful readers of this column who have followed my outbursts over the past few years might ask, “How can I prevent myself from turning into a grumpy old themer with high blood pressure like you?”/p pFortunately, the Drupal project has grown to include new tools to help battle-hardened Vikings such as I cope with Drupal’s terrible markup and keep my rage more or less under control. /p pAnd you, dear themer, no longer have to dive into code or understand the inner workings of Drupal, while also battling Responsive, Web 2.0, Internet Explorer versions 6,7, 8, 9..., Safari, Chrome, Firefox, or Opera – not to mention the gazillion tablets and smartphones. (Ah, but that’s another story, best saved for another day.)/p pThese are my favorite weapons – uh, I mean tools, tools of the trade – that I utilize when I need to slice through the Drupal Markup sludge./p h3Themes/h3 pDrupal contrib has a ton of “Starter Themes”; so you don't have to trudge through all the basics every time you design a site. /p pOf course my favorite theme is the Mothership (Full Disclosure: written by your very own Angry Themer), which isn’t so much a theme as a complete cleanup of Drupal’s approach to markup./p h4Mothership – Keelhaul the DIV!/h4 pThe a href=https://drupal.org/project/mothershipMothership theme/a is not something you use to make your site pretty; this isn’t Wordpress. It’s designed to make your source code look and act awesome by knifing through the sea of divs, classes, and about 20% of old markup fixes that come packed with Drupal, and deep-sixing it – leaving sparkling-clean HTML5 in its wake. /p pThe Mothership theme comes equipped to clean up nearly every dusty corner and musty absess of Drupal that needs cleaning up:/p ullisettings for removing class names/li licorrects the markup to HTML5 standards/li limodifies CSS amp; Javascript files/li /ulpIt also comes with commonly used basic CSS and JS libraries to help with responsive HTML5 sites, and now it even fixes the IE 9 CSS caching/respond.js issue./p pAs a bonus, you get to swagger and swear like a Caribbean pirate – and the ship’s captain strongly resembles Johnny Depp! /p pFor those less-aggressive themers out there (and you know who your are), maybe Zen or Aurora – which have a more relaxed attitude towards markup – are more your speed. /p /div

Drupal.org frontpage posts for the Drupal planet: Drupal 7.32 released

Wed, 10/15/2014 - 14:47
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenp style=position: inherit;Drupal 7.32, a maintenance release which contain fixes for strongsecurity vulnerabilities/strong, is now available for download. See the a href=https://www.drupal.org/drupal-7.32-release-notesDrupal 7.32/a release notes for further information./p div style=float: right; margin: 0 0 1em 1em; text-align: center; a href=http://ftp.drupal.org/files/projects/drupal-7.32.tar.gz class=link-button style=margin: 0 0 0.6em 0;spanDownload Drupal 7.32/span/a /div p style=position: inherit;stronga href=/upgrade/Upgrading/a your existing Drupal 7 is strongly recommended./strong There are no new features or non-security-related bug fixes in this release. For more information about the Drupal 7.x release series, consult the a href=https://www.drupal.org/drupal-7.0Drupal 7.0 release announcement/a./p !--break--div style=float: right; padding: 0 0 2em 1em; margin-left: 2em; width: 35%; border-left: 1px solid #cdcdcd; h2Security information/h2 pWe have a a href=/securitysecurity announcement mailing list and a history of all security advisories/a, as well as an a href=/security/rss.xmlRSS feed with the most recent security advisories/a. We strongstrongly advise Drupal administrators to a href=/securitysign up/a/strong for the list./p pDrupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes./p h2Bug reports/h2 pBoth Drupal 7.x and 6.x are being maintained, so given enough a href=https://drupal.org/project/issues/search/drupal?status[]=8amp;categories[]=1bug fixes/a (not just a href=https://drupal.org/project/issues/search/drupal?status[]=1amp;categories[]=1bug reports/a) more maintenance releases will be made available, according to our a href=https://www.drupal.org/documentation/version-info#whenmonthly release cycle/a. /p/div h2Changelog/h2 pDrupal 7.32 is a security release only. For more details, see the a href=https://www.drupal.org/drupal-7.32-release-notes7.32 release notes/a. A complete list of all bug fixes in the stable 7.x branch can be found in a href=http://drupalcode.org/project/drupal.git/shortlog/refs/heads/7.xthe git commit log/a./p h2Security vulnerabilities/h2 pDrupal 7.32 was released in response to the discovery of critical security vulnerabilities. Details can be found in the official security advisory:/p ullia href=https://www.drupal.org/SA-CORE-2014-005SA-CORE-2014-005/a/li /ulpTo fix the security problem, please upgrade to Drupal 7.32./p h2Known issues/h2 pNone./p /div/div/divdiv class=field field-name-taxonomy-vocabulary-34 field-type-taxonomy-term-reference field-label-abovediv class=field-labelFront page news:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/taxonomy/term/903Planet Drupal/a/div/div/divdiv class=field field-name-taxonomy-vocabulary-5 field-type-taxonomy-term-reference field-label-abovediv class=field-labelDrupal version:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/taxonomy/term/120Drupal 7.x/a/div/div/div

Code Karate: Drupal 7 jQuery Countdown

Wed, 10/15/2014 - 14:36
div class=field field-name-field-episode-number field-type-number-integer field-label-abovediv class=field-labelEpisode Number:nbsp;/divdiv class=field-itemsdiv class=field-item even173/div/div/divdiv class=field field-name-field-ddod-video field-type-file field-label-hiddendiv class=field-itemsdiv class=field-item evenimg src=http://codekarate.com/sites/default/files/styles/large/public/media-youtube/2rKeTyLit2I.jpg?itok=SDchADJd alt=Drupal 7 jQuery Countdown - Daily Dose of Drupal episode 173 //div/div/divdiv class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenpIn episode 173 you learn about how to make a simple countdown timer using the a href=https://www.drupal.org/project/jquery_countdown rel=nofollowjQuery Countdown module/a. This module, which uses jQuery, allows you to specify an end date which the countdown timer will countdown to. The countdown timer is available as a block and can be placed in any region that you desire for your website. Also, at this recording their was a minor bug that didn't allow for countdown dates to extend beyond 100 days (wouldn't display the third digit)./p/div/div/divdiv class=field field-name-taxonomy-vocabulary-1 field-type-taxonomy-term-reference field-label-abovediv class=field-labelTags:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/category/tags/drupalDrupal/a/divdiv class=field-item odda href=/category/tags/drupal/core-concepts/blocksBlocks/a/divdiv class=field-item evena href=/category/tags/drupal/drupal-7Drupal 7/a/divdiv class=field-item odda href=/category/tags/drupal-planetDrupal Planet/a/divdiv class=field-item evena href=/category/tags/uidesign/javascriptJavascript/a/divdiv class=field-item odda href=/category/tags/uidesign/javascript/jqueryJQuery/a/div/div/div

KnackForge: Drupal user picture deleted automatically

Wed, 10/15/2014 - 09:33
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodeddivSometimes you could be in a fury when user picture gets deleted automatically with nothing being noticed as strange. Even this thread a href=https://www.drupal.org/node/93559935592/a might not help you. Then you have come to right place. Ofcourse the culprit could be your call to user_save() somewhere. The actual issue might be, you are passing global user object instead of full account object. The first param of user_save() should be a full account object, while global a href=https://api.drupal.org/api/drupal/developer!globals.php/global/user/7user/a does not have all the data of account object. In this case $account-gt;picture is an object while $user-gt;picture is just an integer, fid (File id) of the image file. So while trying to save, your picture association with the user account gets broken. The reason can be understood by looking at the user_save() source code. The method checks for /div div pre class=brush: php; auto-links: true; collapse: false; first-line: 1; html-script: false; smart-tabs: true; tab-size: 4; toolbar: true; codetagempty($account-gt;picture-gt;fid)/pre/div divWhile using $user, this condition becomes false (we only have $account-gt;picture not $account-gt;picture-gt;fid) and user picuter is removed./div divSo make sure you call like this,/div div pre class=brush: php; auto-links: true; collapse: false; first-line: 1; html-script: false; smart-tabs: true; tab-size: 4; toolbar: true; codetagglobal $user $account = account_load($user-gt;uid); /*Some operations with $account object*/ user_save($account, $edit); /*NOT user_save($user, $edit)*//pre/div/div/div/div