Code Karate: Drupal 7 Smart Trim: An simple way to shorten long text areas

Planet Drupal - Thu, 2015/01/08 - 2:45pm
Episode Number: 189

The Drupal 7 Smart Trim module allows you complete control over how you want text to be displayed when shortened. Put another way this is the module to use if you want to display a teaser or a beginning part of a longer text area.

Once installed you are able to set a variety of things. These include: shorten length by either words or characters, what to display for the ellipse (...), if you want a "read more" link to appear and what you want the link to say and lastly if you prefer to use the Drupal summary option.

Tags: DrupalFieldsViewsDrupal 7Site BuildingDrupal Planet

Wunderkraut blog: Iterative and incremental Drupal development

Planet Drupal - Thu, 2015/01/08 - 11:54am

Iterative development process works well for software development in general. Using a process like Scrum can however cause some problems with a high productivity platform like Drupal. With Drupal you already have a working product very early in the process, you tweak the details and in the end have an improved version. With Drupal features are cheap and details are expensive.

We like to experiment with our process and to improve it. With a company full of agile experts, trainers and coaches there are plenty of discussions around the topic. One of the recent ones has been on moving from just one definition of done to having one for each iteration of a feature. This should give us better visibility for progress and provide earlier decision points for the customer.

Why do we need this?
  1. Make sure we don't do what the customer asks but what the customer needs. It's our job to meet the business need of a customer, we should be able to offer alternative solutions to the customer instead of just going for the most obvious or the "Drupal standard" one.
  2. Keep better control over the project budget. We are good at delivering the highest priority items first, but not always great at knowing what's good enough. This approach will move the work to the next story before the previous story is implemented perfectly. The goal is to add more clarity on when good is better than perfect.
  3. Help the team members work together in a more effective way. When we work on different stages of multiple stories simultaneously it's easy to lose track of progress. Having a clear process should help us not to do important steps too late and keep the communication simpler.
  4. Allow customers more time to react on the primary decisions by pushing detailed decisions to later in the project. When the customer knows what level of detail we are dealing with they should have easier time on deciding how much time they should use on it.

In the end of the day most of our customers just care about getting the job done in the most efficient way possible. It’s not so much about technology, design or methodology to get there, it’s much more about the results.

How should we do it?

By combining iterative and incremental process into what I call development waves. It's nothing radically new, just combining many things we already do into a process and documenting it.

The basic idea is to approach a project with increments and iterations. Increments will add functionality and iterations will improve functionality. Instead of trying to get a story done-done in a sprint we will have different definitions of done for different iteration tasks. This is intended to help us find better ways of meeting the why of a story, keep the project moving forward faster and allow more innovation during the project.

The cooperation between team members should also improve with each story being split always to similar tasks based on iterations. We can also use the same methodology for epic stories and tasks.

Sprints move through increments and iterations of them in waves. In some cases multiple iterations will be done in a sprint, in some just one. Instead of working to reach the definition of done for a full story the team works to reach definition of done for each iteration of a story. This removes a lot of the extra overhead needed for quality assurance while we are still not 100% sure what the final implementation will look like. When the PO changes her mind or the team figures out a better way of delivering the story less work is wasted.

To help balance the workload of team members stories are not in sync for their iteration level. One story in a sprint may only have concept level work done on it, another user experience design and third MVP implementation. This will replace the sprint scouting we do today and make the communication around it easier. It should also make progress more visible and estimation of tasks easier when every story is always split to iteration tasks.

The goal for any project should not be to complete 100% of the backlog. Usually if that happens time has already been wasted on low value items and the same time would be better spent on either improving the quality of higher value stories or coming up with new ideas.

When a release of a project is done we have always completed the most valuable stories for that release and also done some scouting for the future. There may be some time wasted with getting started on stories that will not be implemented, but on the other hand we should be able to make incredible savings on other stories by coming up with more effective ways of implementing them.

Image credit: Henrik Kniberg, What is Scrum

The approach is to build something visible and useful as early as possible. This is true both for iterations and increments. Everything we build should immediately have some value to it and we should be able to explain that value to the customer at any point.


In the next post I'll define different iterations and how to do them.


KatteKrab: The Great D8 Chook Raffle

Planet Drupal - Thu, 2015/01/08 - 11:06am
Thursday, January 8, 2015 - 21:06The Drupal Association board approved a new initiative to help get Drupal 8 done.  It's called the D8 Accelerate fund. We also agreed to personally help do fundraising to support the program.  So I'm running a chook raffle.  For those of you who don't know what that is, Wikipedia gives a decent introduction.   The Drupal Association is working with the Drupal 8 branch maintainers to provide Drupal 8 Acceleration Grants. The goal is to fund work that will positively impact the release date. Drupal 8 has had over 2,400 contributors to date, which is more than any release so far. We hope that this initiative will encourage even more people to join the effort to get D8 done.   I'm about to launch a pozible campaign.  Stay tuned!      

Yuriy Gerasimov: Render custom button

Planet Drupal - Thu, 2015/01/08 - 9:19am

Sometimes for our front-end development we need to have very granular control about how our form buttons being rendered. So instead of standard drupal markup we want to have something like

<button class="bird-guide-zip-submit button pea-green"> <span class="hide-for-medium hide-for-large hide-for-xlarge"> <i class="icon-magnifier"></i> </span> <span class="hide-for-tiny hide-for-small">Ok</span> </button>

You would think that something like:

$form['submit'] = array( '#type' => 'button', '#value' => '<span class="hide-for-medium hide-for-large hide-for-xlarge"> <i class="icon-magnifier"></i> </span> <span class="hide-for-tiny hide-for-small">' . t('Ok') . '</span>', '#attributes' => array( 'class' => array('bird-guide-zip-submit', 'button', 'pea-green'), ), );

would do the job but that is not the case as #value is being sanitized (that is great from security perspective). In order to change this behavior for one particular button we should use

'#theme_wrappers' => array('mymodule_button'),

And then define your custom theming function

/** * Implements hook_theme(). */ function mymodule_theme() { return array( 'mymodule_button' => array( 'render element' => 'element', ), ); }   /** * Custom button theming function. */ function theme_mymodule_button($variables) { $element = $variables['element'];   $element['#attributes']['type'] = 'submit'; element_set_attributes($element, array('id', 'name')); $element['#attributes']['class'][] = 'form-' . $element['#button_type']; return '<button' . drupal_attributes($element['#attributes']) . '>' . $element['#value'] . '</button>'; }

Be aware that when you use this technique you take responsibility for making sure you do not display any potentially harmful html in the #value as you do not sanitize it.

Tags: drupal planetdrupal 7

Modules Unraveled: 128 The Z-Ray Developer Bar with Daniel Berman - Modules Unraveled Podcast

Planet Drupal - Thu, 2015/01/08 - 9:15am
Published: Thu, 01/08/15Download this episodeZ-Ray
  • So, let’s start out with the basics. What exactly is Z-Ray?

    • So Z-Ray is a cool new tech that we introduced just a few months back which gives developers deep insight into all the PHP elements constructing their page, including Drupal-specific elements.
    • It’s basically a toolbar that’s displayed right in front of you in your browser. No code changes needed. You don’t have to configure anything. Just open your app in a browser and you’ll see Z-Ray at the bottom of the page!
  • How does is work? Is there a module that you have to install on your site?

    • No. It’s not a module. Without going into too much detail: Z-Ray collects info while your app is being processed on the server side, and once the request is completed, Z-Ray’s JavaScript code is injected into the response with all the collected data.
    • There are other mechanisms at work, such as Ajax support, but as a whole that’s all there is to it. It’s also the limit of my technical understanding of how it works :-)
  • So what info does Z-Ray display? What are it’s main features?
    Well. There’re so many features in Z-Ray, and I don’t think we have the time to go over them all, but to mention just a few.

    • Z-Ray gives you info on SQL queries. You’ll see a query’s bound value, the result of the query, how long the query took, and how many rows in your code are affected by the query.
      You can even see a backtrace of the query to get the larger picture on how your code was executed.
    • Z-Ray also gives you all the errors generated by PHP itself, or those created by its core functions. You can also see errors for silenced expressions. Exceptions are also displayed.
    • What do we have for Drupal devs? Z-Ray will give you a list of loaded Drupal modules with invoked actions and hooks, a list of called Drupal functions, a list of used Drupal forms on the page, and some general user info.
    • We’re especially excited about Z-Ray Live! Until now we’ve spoken about using Z-Ray in a browser, right? But what if you’re developing APIs or a mobile app? No browser there. So Z-Ray Live! is a new feature accessible via a dedicated page in the Zend Server UI, with an embedded Z-Ray.
      So as soon as this page is loaded, Z-Ray records and displays any request made to the web server, never mind where its coming from - whether from a browser, a mobile device or a web-service client.
    • One of the coolest things about Z-Ray is that you can plug in your own customized extension. Even people in Zend itself have begun developing their own extensions so its pretty viral.
      By the way, all the code for the Drupal extension is available on Github, so feel free to fork it and send us a pull request.
    • There’s integration with IDEs, session and cookie data, request info, and so much more to talk about.
  • Is Z-Ray just for development? Or should it be used in production too?

    • Z-Ray was designed to be used both in dev and prod. While in development it works on every request, in production you can manually use Z-Ray using specially created access tokens. And it also periodically saves snapshots for important URLs - like the slowest requests on your web server, most time consuming requests, and so on. And again - with no changes to your code and no real implication on end-user experience or server performance.
  • OK, if I want to give it a shot, what does the installation process look like?

    • Z-Ray’s bundled with Zend Server, so to use Z-Ray you would need to download and install Zend Server - a total no brainer. Just like installing any other PHP stack.
  • So, how do you see Z-Ray helping Drupal developers?

    • At Zend we like to talk about left-shifting. This basically means that Z-Ray helps developers hit issues very early in the development cycle and way before going to staging and production.
    • We all know that getting clarity on all the Drupal elements working under the hood is extremely hard and takes loads of time. So at the end the day we believe that Z-Ray gives Drupal devs the visibility they need to properly profile their apps, identify bugs very early, and troubleshoot them.
Episode Links: Zend Server Z-RayDrupal Demo of Z-BarZend WebsiteZend Server Online HelpZ-Ray on YouTubeZ-Ray Drupal Extention on GithubDaniel on TwitterEmail DanielTags: ServerDevelopmentPerformanceplanet-drupal

Conocimiento Plus: Drupal 8: Reviewing and updating diff module

Planet Drupal - Thu, 2015/01/08 - 1:56am
I do not paint things, only the difference between things. -Henri Matisse Introduction How many times you have used the command diff or  git diff  to compare files?. In the simplest case, diff compares and analyzes the content of two files and prints the lines that are different. Essentially, it outputs a set of instructions […]

Sooper Drupal Themes: Drupal CMS Powerstart Tutorial 1: Introduction and Overview

Planet Drupal - Thu, 2015/01/08 - 12:20am
With Drupal CMS Powerstart you can build a beautiful responsive CMS website in 5 minutes powerstart-3dfoldout.jpg

That basically covers the primary goal of the CMS Powerstart distribution: to make Drupal easier and less intimidating to new users. Drupal has a problem: it is relatively difficult to set up and has a steep learning curve. This impedes Drupal's growth as a small-business CMS and by extension it is costing the Drupal community as a whole precious talent: beginning developers, designers and enthusiasts who learn Wordpress and develop awesome plugins and themes for Wordpress because it was too difficult to get started with Drupal.

Another project that tries to make Drupal into something more comprehensible is Backdrop CMS, but I believe Drupal can be user-friendly and developer friendly without needing a fork. While Backdrop focuses on creating a more newbie-friendly code architecture I'm trying to focus on awesome tools Drupal offers to 'develop' websites without writing any code. 

If you are reading this, you probably at some point installed Drupal and realized that it's powerful modular architecture and contrib modules make it a way more extendable and customizable tool than say, Wordpress. We love Drupal because in many ways its better than the competition, better than Joomla, Django, sharepoint or Wordpress. Still, somehow even very prominent Drupal agencies choose to build their site in Wordpress. And they are right, for a small responsive website, you can download and customize a themeforest theme and be done much quicker than with Drupal. What does Wordpress have that we lack? A built in WYSIWYG editor, handy shortcodes, WYSIWYG site building tools... and an enormous selection of premium themes. But it doesn't have a fine-grained permission system, views (unless you shell out 100 dollars for a premium plugin), webform etc.

In flexibility and extendibility Drupal is still better than Wordpress, but I think Drupal doesn't have to lag behind in user-friendliness and that's why I built this distribution; to offer fully configured CMS components and responsive design out of the box. Building this distribution was a challenge but it also showed me that Drupal has potential outsmart Wordpress in the areas where Wordpress is currently better. A common complaint about themeforest Wordpress themes is that their installations are heavy and slow. Thanks to the configuration-in-code architecture of CMS Powerstart I was able to make a custom-build interface so that you only get the code you really need:

Just pick the features you plan to use in your project and download a customized build. 

What do I get? At a Glance
  • Responsive Design
  • Fully configured CKEditor 4 WYSIWYG
  • Light and heavy WYSIWYG profiles
  • Media library for content images
  • Shortcodes for graphical elements
  • Shortcodes for complete Bootstrap 3 support in content
  • Image resizing that matches Bootstrap grid
  • Integrates Views and blocks with Bootstrap 3
  • Blog component*
  • Events component
  • Event registrations component
  • Portfolio component
  • News component
  • Contact form component
  • Demo content
  • SEO Optimized
  • Frontend and backend performance optimized

*In CMS Powerstart a component is a fully configured feature, often including a content type and one or more views and whatever else is needed to create a user-friendly, good looking website component.

Author Empowerment WYSIWYG

Especially for beginning Drupal users, adding a WYSIWYG editor is a difficult task. Even experienced Drupal professionals can be surprised by some the capabilities of modern WYSIWYG systems like CKEditor 4. WYSIWYG editors are an important part of the author experience on your website and  CMS Powerstart has ships with 2 fully configured WYSIWYG profiles. There is a 'full' profile that offers a wide range of rich content tools and a 'simple' profile that shows a toolbar with only simple text editing tools. 


Shortcodes allow you to create rich content and layouts without using any HTML or CSS code. Using WYSIWYG integration you can even generate all the codes without having to remember  the codes. This is great for clients who want to have control over columns and buttons in long pages but it can also be great  for site builders who know HTML and CSS. I personally prefer to use shortcodes over HTML to great bootstrap grids within content because using the WYSIWYG button I get a form that listsall the breakpoints that bootstrap uses and I can easily fill in column sizes that fit the content I'm working on right now.

Other shortcodes I like to use as a site builder are Bootstrap tooltips, popovers, carousels and other interactive elements, because I don't know all the  syntax of these elements by heart. It's great to just highlight a text or image in CKEditor and then use the shortcode button to create a popover bubble with additional information.

Media Library

A media library is great because it allows you to re-use assets on your website without having to re-upload them for every page. The Drupal media module is pretty incredible, it pulls together uploaded files, it can integrate media from many internet sources including youtube, media, soundcloud etc. It also gives you a nice overview and history of files that are part of your website and gives you a sense of control over content added by yourself and other contributors on your website. The downside of the media module is it's complexity: It was a lot of work to create a nice basic media library experience in CMS Powerstart and the finaly product uses the latest development branch and a number of patches to create a smooth user experience and integration with Bootstrap 3 column sizes in the image resizing interfaces. Luckily for you, this is now available to you in the CMS WYSIWYG component in Powerstart. 

Site builder tools Plug and Play CMS Components

Drupal CMS Powerstart is built as a core distribution with add-on components. This architecture was chosen because from my experience with other Drupal distributions (and wordpress themes) I know that you often get much more features than you need. The result of this is not only a slower, heavier website but also an interface that is more complicated than it needs to be. If you want a website with a blog and a news section, you need need to have modules, content types, blocks and views for events and portfolio content. Your administration interface is cleaner and simpler if you only install the modules you will actually need, and that is what the custom build interface is for.

Bootstrap 3

Nowadays any website that isn't responsive is leaving money on the table. More and more internet users access websites on their portable devices. Google has also started integrating mobile-friendliness in their results page rankings so possible you are even missing out on desktop users when your site is not mobile friendly. This is why CMS Powerstart has made responsiveness an integrated part of the project. The powerful Bootstrap 3 responsive grid system is used throughout the Powerstart components: views, fields, and blocks are responsive out of the box.

The WYSIWYG component also includes an extensive bootstrap shortcodes library, giving you access to all Bootstrap 3 components right in the WYSIWYG.

If you are not familiar with Bootstrap 3, you can still use Powerstart together with a custom theme and custom grid. Being a designer myself I used to dislike any grid frameworks because it limits what you can do creatively, but the 12 column grid in Bootstrap 3 is divisible by 2, 3, and 4, making it a hugely practicaly tool to translate any content smoothly to devices of all sizes. I previously used custom grid system tools like Susy and Singularity but now I feel confident I can create anything I need with the Bootstrap 3 system. Bootstrap isn't the best choice to create that unique 7 column layout that you have in mind for some funky design concept, but really when is the last time you actually used a unique layout system for an edgy design concept? It's not worth the hassle. 

Themes Works with any theme, 25 officially supported themes

The extra benefit you get from the officially supported themes is that I tested them and added code to the installer that puts blocks in the right regions. Powerstart is built to look as good as possible out of the box but to be as extendable as Drupal itself. This means you can develop themes (and modules) for CMS Powerstart as you would for any Drupal website. You can build a theme with or without Bootstrap 3 for Powerstart, but I would recommend giving Bootstrap a shot, it has proven to be a big time saver for me.

Premium Themes

Premium themes, especially the Glazed theme are available to take your Powerstart site to the next level, on a small budget. The Glazed premium theme is built for and with the CMS Powerstart distribution. It offers additional features including advanced theme options, premium shortcode elements and an advanced mega menu. The Glazed project and the CMS Powerstart distribution were developed together, and I hope that revenues generated from the premium themes club allow me to keep improving Powerstart, and to port it to Drupal 8. 

SEO done right

Drupal's SEO is not bad out of the box, but with additional modules and metatag configuration you can have top tier SEO, on par with the popular Wordpress+Yoast combination that is used by many SEO professionals. CMS Powerstart comes with automatic semantic path aliases and redirects, but also implements more advanced techniques to Drupal. For instance, the metatag module is used to limit duplicate content problems and focus your link power on the right pages. In the Events component this is done by putting no-index metatags on the Events archive views, which basically only contain duplicate content of your event pages. This makes sure your link juice is spent on actual event pages.  

100% Drupal

The CMS Powerstart project is a Drupal distribution. Distributions are installation profiles that install Drupal + a number of features that relate to a specific type of website. For example, for e-commerce there is Drupal Commerce and for advanced group/community websites there is Drupal Commons. Dries wrote about distributions in 2006:

The fact that Drupal 5.0 will support distributions is big, and most people have yet to see its full potential. I don't think that any other Open Source project has done something like this before -- or at least, not on the scale that we might end up doing this.

Dries Buytaert

Clearly there were high expectations of distributions in Drupal, even in 2006. From what I can see the concept of distributions did not really catch on as much as expected. I think this is in part because the framework to create distributions needed to mature but also because is not offering a good portal for distributions. That's why I chose to create a separate interface for composing and downloading CMS Powerstart. The one Distribution that did breaking through the 10.000 active users barrier is Drupal Commerce Kickstart, and it's easy to see why. They put a ton of effort into both the distribution and the installer. If CMS Powerstart gains some traction I hope to develop it into something of similar quality.

I will try to regulary write more tutorials to show you how Powerstart can be used to create awesome websites like and in record-breaking time. I promise the next tutorials will also be more tutorial-esque than this introduction.

Tags planet drupal planet cms powerstart sooperthemes Drupal Themes distributions Drupal 7.x

Drupal Watchdog: Backdrop CMS

Planet Drupal - Wed, 2015/01/07 - 8:17pm

Backdrop CMS is a fork of Drupal; it’s a Content Management System for the non-profits and small-to-medium sized businesses of the world. As Drupal moves itself closer to the Enterprise market, Backdrop CMS emerges to meet the needs of the little guys.

The goal of the project is to improve and simplify the code and architecture of Drupal 7 while minimizing the cost to the community. Backdrop was forked from an early version of Drupal 8, just before things started to change drastically: before the adoption of Symfony, before the conversion to PSR-0, and before widespread rewrites of many subsystems.
When Backdrop CMS is released, it will contain many of the same major new features as Drupal 8: configuration management, Views module in core, and rich text editing, to name a few. Each may have a few features the other does not, but the main difference between the two products is the underlying code.

We like to think of Backdrop CMS as the next logical step in Drupal's evolution. If you've worked with Drupal 7 code, the code in Backdrop will look very familiar to you. Modules and themes are written the same way as they were in Drupal 7, with a few minor improvements. You'll spot the differences caused by CMI and the new layout system, but you'll be able to find your way around the files easily. Drupal 8, on the other hand, is quite different.

When Drupal 7 was first released, adoption was slow. It was so slow that the overall number of Drupal installs actually declined for a while. A lot of contributors complained about the scope of changes, and Drupal 7 versions of modules and themes were painfully slow to appear. Yes, there are some complaints after every major release. Change is hard. But big changes are significantly harder.


Blink Reaction: Part Three: Getting your Site onto the VM

Planet Drupal - Wed, 2015/01/07 - 7:16pm

In the last post, we got our VM up and running. Now we need to configure a hostname for it, as well as upload our site to the VM so we can start developing!

Configuring your Host OS

There’s one more step you need to perform in order for VDD to function properly on your system. You need to modify your machine’s hosts file so that you can visit your new VM by hostname instead of by typing in an IP Address.


Aten Design Group: How to Easily Create Drupal Webforms in Code

Planet Drupal - Wed, 2015/01/07 - 4:10pm

Drupal webforms are useful in a variety of contexts, but the most typical context is something like a contact form: user-facing functionality that needs to exist when a site launches, and be easily edited by a site owner post-launch. In that context, webforms should be created automatically for a smooth, predictable launch. There are a few ways you can do that, including the Webform Features module, the Universally Unique IDentifier (UUID) module or custom code, maybe following documentation on

When making webforms on a recent site, none of these options appealed to me. I wanted to manage webforms in code pre-launch, then hand them to a content editor to manage (outside code) post-launch. The Features-based options for creating webforms were okay pre-launch, but would add overhead post-launch. And creating a webform node from scratch seemed overly complicated to manage pre-launch. So I wrote the interface I wanted for creating and managing Drupal webforms, and it's now in the Config in Code (CINC) module for anyone to use.

Here's the example linked above from, implemented in this new CINC-based approach:

$webform = CINC::init('Webform')->machine_name('Contact Us');   $components = array();   $components[] = CINC::init('WebformComponent')->set('form_key', 'gender') ->set('type', 'select') ->set('mandatory', 1) ->set('extra.items', "Mrs|Mrs\nMiss|Miss\nMr|Mr") ->set('extra.aslist', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'name') ->set('name', 'Last name') ->set('mandatory', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'first_name') ->set('mandatory', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'city');   $components[] = CINC::init('WebformComponent')->set('form_key', 'country') ->set('type', 'select') ->set('extra.options_source', 'countries') ->set('extra.aslist', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'email_address') ->set('type', 'email') ->set('mandatory', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'subject') ->set('type', 'select') ->set('extra.items', "s1|Subject 1\nother|Other") ->set('extra.aslist', 1) ->set('mandatory', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'message') ->set('type', 'textarea') ->set('mandatory', 1);   $components[] = CINC::init('WebformComponent')->set('form_key', 'mandatory_fields') ->set('type', 'markup') ->set('value', '<p>Fields with * are mandatory</p>') ->set('extra.format', 'full_html');   foreach ($components as $index => $component) { $webform->add_component( $component->set('weight', $index * 5)->set('extra.title_display', 'inline') ); }   $webform->add_email('somebody@example.tld');   $webform->create();

The line count on that (52) is less than a third of the non-CINC example on (170), and did not require any time clicking around in a browser to create and export the webform. The code is also far more readable than both a Features export and starting from scratch, which makes it more maintainable. You may look at that "city" component and think I left something out, but that's really the entire code needed for a textfield with a name matching its form_key. Sensible defaults are nice.

As an added bonus, the CINC interface can also be used to read, update, and delete existing webforms. So if you need your Drupal webforms in code and Features isn't the best option for some reason, I invite you to enjoy the ease of creating webforms programmatically with CINC.


Jonathan Brown: Using HD Bitcoin wallets with Drupal Coin Tools

Planet Drupal - Wed, 2015/01/07 - 2:10pm

Previously: Drupal / Bitcoin BIP 70 / PKI certificates

Each Coin Tools payment needs its own Bitcoin address. This is necessary so that it is clear whether or not the payment has been completed. It is also important for preserving anonymity.

In order to participate in the Bitcoin network, a Drupal website must talk to a Bitcoin node. Currently Coin Tools utilises the reference implementation, bitcoind.

bitcoind has wallet functionality built in. In fact, it was originally released as a desktop wallet for Microsoft Windows. By default, bitcoind will pre-generate a pool of 100 pairs of addresses and corresponding private keys. This pool will be increased as necessary.

This presents a number of problems. If data-loss were to occur on the server, the private keys could be unrecoverable and therefore the funds stored on the addresses would be unspendable. If a hacker gains access to the server they could copy the keys and steal the funds. The private keys can be encrypted, but the password is exposed on the server when generating new keys and spending funds.

To solve these problems, key pairs could be pre-generated in a secure environment and then the public addresses uploaded to the server.

Logistically this is challenging. A much more robust solution to this problem is to use Hierarchical Deterministic Wallets as described in BIP 32 (with draft extensions in BIPs 43, 44 & 45).

HD wallets are composed of a tree of pairs of extended public (xpub) and extended private (xprv) keys derived from a single seed or mnemonic sentence. An xprv can generate its child xpubs and child xprvs. An xpub can only generate its child xpubs. Any extended key can be converted into it's non-extended variant that cannot generate children.

A non-extended public key can be converted into a payment address. A non-extended private key can be used to spend funds that are held on the payment address it is associated with.

An example extended public key is:

An example extended private key is:

Extended key pairs are also considered to be either hardened or non-hardened. One of the properties of extended keys is that if an attacker knows a non-hardened private key and the parent xpub, they are able to determine the parent xprv.

In situations where private keys are to be distributed, for example within a company, hardened derivation must be used to prevent other private keys at the same level from being determined.

A further property of extended keys is that xpubs are not capable of generating hardened child public keys at all. This is fine because in an untrusted environment (with only a non-hardened xpub) no private keys will be present.

Payment addresses in an HD wallet can be considered to be either internal or external. External addresses are used when funds are being paid into an account from outside the wallet. Internal addresses are used as change addresses.

The default wallet layout is shown below:

HD wallets have many use-cases and BIP 32 identifies several.

"Unsecure money receiver" is the use-case to solve the problem described in this blog post.

The idea is to maintain an HD wallet in a secure environment. An account would be created in this wallet for the purpose of receiving payments in a specific Coin Tools payment type. The xpub for external addresses from this account would then be exported and added to the configuration of the payment type within Drupal.

Despite the obvious complexity of HD wallets, the concept of creating an account for a specific person, organisation or reason and exporting the xpub is actually very simple. The key point is that only one authority should be making payments into an specific xpub, otherwise addresses would be used multiple times. Scanning for unused addresses would not be an effective strategy to prevent this. Stealth addresses could become a solution for allocation of payment addresses without an authority.

Coin Tools can "interrogate" the provided xpub. The results of this process will be displayed, including the first four addresses that can be generated from the xpub and the relative path of the next address Coin Tools will generate:

Every key pair in the wallet has a path specifying the indexes at each level in the hierarchy, for example M/44'/0'/0'/0/3. Absolute paths have either an m or M as their first component. Relative paths have an index as their first component. In the example above we can see that the xpub has a depth of 3, so relative paths start with describing the index at depth 4.

A ' or H character after an index in the path indicates that the index is actually i+231. This means that keys at this level have hardened derivation.

According to BIP 43 (draft), the index at level 1 should be the hardened index of the BIP that describes the layout of the hierarchy beneath it. In the example above it is 44, meaning that it is using the layout from BIP 44 instead of the default one from BIP 32.

Despite the fact that many wallets are now HD, support for exporting account xpubs is currently quite low. However, some HD wallets that do not allow xpubs to be exported for regular accounts will allow xpubs to be exported from multisig accounts, for example Coinkite. In the future Coin Tools will support generation of addresses from multisig xpubs.

The only wallets that I know of that will export an xpub from a non-multisig account are Wallet32 and Electrum.

Both these wallets export xpubs that allow derivation of both the external (0/i) and internal (1/i) addresses. This is useful for watching an account balance but means that an entity making the payments into the account has greater ability to spy on subsequent transactions than would otherwise be possible. Coin Tools is currently hard coded to use the relative path 0/i. This will need to be made configurable as Coinkite xpubs do not need any prefix on the index.

It is essential that the addresses generated by Coin Tools match those generated by the wallet otherwise the account will not receive the payments. The xpub in the previous screenshot was exported from a Wallet32 account. In the following screenshot we can see that the addresses displayed in Wallet32 are the same as those generated by Coin Tools:

In theory when an xpub is imported the addresses should be scanned to make sure the xpub has not been used before. However, bitcoind does not maintain the correct indexes to be able to quickly list transactions for arbitrary addresses. When Coin Tools needs to receive a payment on an address from an xpub, it adds it as a watch-only address using the "importaddress" bitcoind command. The "rescan" parameter is set to false which means that transactions that happened before the address was added are not detectable. If this parameter is set to true it can take many minutes even on an SSD to import each address.

Coin Tools uses the Drupal State API to maintain the next index for each xpub. If there are more unreceived payments in a row than the gap limit of the wallet software, the wallet will loose track of later payments. To avoid this happening, payments that expire should maybe have their addresses put in a pool for re-use. However this may cause a problem if someone records the payment address and then satisfies the payment at a later time after it has expired.

Of course, if a hacker gained access to the web server they could change an xpub to their own. This would mean that until the problem was detected and the service shut down the hacker would be receiving the funds instead of the intended recipient. While damaging, this would be nowhere near as bad as the total loss of a hot wallet.

In order to facilitate handling of HD wallets, Coin Tools was converted to use the BitWasp PHP Bitcoin library instead of Gogulski.


Kristian Polso: Integrating Twitter feed to your Drupal site

Planet Drupal - Wed, 2015/01/07 - 8:00am
Twitter API can be a major PITA sometimes, but luckily there are modules for Drupal that makes integrating it to your website easy.

Drupal core announcements: Drupal core critical issues sprint in Princeton, Jan. 29 to Feb. 1

Planet Drupal - Wed, 2015/01/07 - 4:24am
Start:  2015-01-29 (All day) - 2015-02-01 (All day) America/New_York Sprint Organizers:  pwolanin davidhernandez

Timed to coincide with the 4th DrupalCamp NJ and focusing on issues that were not addressed at the recent sprint in Ghent, Belgium.

The focus of this sprint will be resolving critical issues around menu, menu link, and routing issues in Drupal 8.

Dates: Wednesday, January 29 through Sunday, February 1
Location: Princeton University in Princeton, NJ. (See the camp website for details.)
Travel: From Newark Airport (EWR), a good option is the Newark Airport to Princeton Junction train.

Confirmed attendees for this area of focus include pwolanin, dawehner, kgoel, and mpdonadio. Additional attendees may include xjm, Wim Leers, effulgentsia, and beejeebus.

Most of the travel expenses for attendees to work on menu, menu link, and routing issues are being paid for by a grant from the new Drupal Association Drupal 8 Accelerate program.

Additionally, local participants plan to work on core issues related to finishing the "Classy" theme in core so that the base "Stark" theme lives up to its name and serves as a true blank slate of HTML.

We only have limited additional space available, so please contact pwolanin if you'd like to participate in the sprint. Everyone is welcome attend the camp (while tickets last!) and the Drupal mentoring and collaboration day on Feb 1.

Many of the expected attendees participated in person or remote at this past summer's Drupal 8 at the Jersey Shore sprint.

AttachmentSize jerseyshore-gallery1.jpg162.94 KB

Capgemini Engineering: Drupal 8 in 2 steps

Planet Drupal - Wed, 2015/01/07 - 1:00am

Drupal 8 is the latest version of Drupal, a modern, PHP 5.4-boasting, REST-capable, object-oriented powerhouse. The concepts are still the same as the previous versions but the approach is now different. Drupal 8 comes with a modern Object Oriented Programming (OOP) approach to most parts of the system thanks to the use of the Symfony2 framework.

I took part in the Drupalcon in Amsterdam and I enjoyed a number of really interesting talks about Drupal 8, among those ‘Drupal 8: The Crash Course’ realized and presented by Larry Garfield. In this post the idea is to recap few key points of his talk as I think they are important to fully understand the basics of this new Drupal version. In case you are interested you can also watch the full talk.

How do I define a module?

In Drupal 8 to define a module we need only a YAML (.info.yml) file:


name: D8 Test Module description: D8 Test Module type: module core: 8.x package: Custom

In Drupal 8 the .module file is not required anymore, so with only the .info.yml file the module is ready to be enabled.

How do I make a page?

Start creating a controller extending the ControllerBase class and return the output of the page:


namespace Drupal\d8_example_module\Controller; use Drupal\Core\Controller\ControllerBase; class D8ExampleModuleController extends ControllerBase { public function test_page($from, $to) { $message = $this->t('%from to %to', [ '%from' => $from, '%to' => $to, ]); return $message; } }

Once this is done, within the .routing.yml file we can define the path, the content, the title and the permissions:


d8_example_module.test_page: path: '/test-page/{from}/{to}' defaults: _content: 'Drupal\d8_example_module\Controller\D8ExampleModuleController::test_page' _title: 'Test Page!' requirements: _permission: 'access content' How do I make content themeable?

We still have the hook_theme() function to define our theme:


/** * Implements hook_theme(). */ function d8_example_module_theme() { $theme['d8_example_module_page_theme'] = [ 'variables' => ['from' => NULL, 'to' => NULL], 'template' => 'd8-theme-page', ]; return $theme; }

For the template page Drupal 8 uses Twig, a third-party template language used by many PHP projects. For more info about Twig have a look at Twig in Drupal 8. One of the cool parts of Twig is that we can do string translation directly in the template file:


<section> {% trans %} <strong>{{ from }}</strong> to <em>{{ to }}</em> {% endtrans %} </section>

And then we assign the theme to the page:


namespace Drupal\d8_example_module\Controller; use Drupal\Core\Controller\ControllerBase; class D8ExampleModuleController extends ControllerBase { public function test_page($from, $to) { return [ '#theme' => 'd8_example_module_page_theme', '#from' => $from, '#to' => $to, ]; } } How do I define a variable?

Drupal 8 has a whole new configuration system that uses human-readable YAML (.yml) text files to store configuration items. For more info have a look at Managing configuration in Drupal 8.

We define variables in config/install/*.settings.yml:


default_count: 3

The variables will be stored in the database during the installation of the module. We define the schema for the variables in config/schema/*.settings.yml:


d8_example_module.settings: type: mapping label: 'D8 Example Module settings' mapping: default_count: type: integer label: 'Default count' How do I make a form?

To create a form we extend a ConfigFormBase class:


namespace Drupal\d8_example_module\Form; use Drupal\Core\Form\ConfigFormBase; use Drupal\Core\Form\FormStateInterface; class TestForm extends ConfigFormBase { public function getFormId() { return 'test_form'; } public function buildForm(array $form, FormStateInterface $form_state) { $config = $this->config('d8_example_module.settings'); $form['default_count'] = [ '#type' => 'number', '#title' => $this->t('Default count'), '#default_value' => $config->get('default_count'), ]; return parent::buildForm($form, $form_state); } public function submitForm(array &$form, FormStateInterface $form_state) { parent::submitForm($form, $form_state); $config = $this->config('d8_example_module.settings'); $config->set('default_count', $form_state->getValue('default_count')); $config->save(); } }

Then within the .routing.yml file we can define the path, the content, the title and the permissions:


d8_example_module.test_form: path: /admin/config/system/test-form defaults: _form: 'Drupal\d8_example_module\Form\TestForm' _title: 'Test Form' requirements: _permission: 'configure_form'

We use another YAML file (.permissions.yml) to define permissions:


'configure_form': title: 'Access to Test Form' description: 'Set the Default Count variable'

We also use another YAML file ( to define menu links:


d8_example_module.test_form: title: 'Test Form' description: 'Set the Default Count variable' route_name: d8_example_module.test_form parent: system.admin_config_system How do I make a block?

To create a block we extend a ConfigFormBase class:


namespace Drupal\d8_example_module\Plugin\Block; use Drupal\Core\Block\BlockBase; /** * Test Block. * * @Block( * id = "test_block", * admin_label = @Translation("Test Block"), * category = @Translation("System") * ) */ class TestBlock extends BlockBase { public function build() { return [ '#markup' => $this->t('Block content...'), ]; } }

In this way the block is ready to be configured in the CMS (/admin/structure/block). Here is an example of a more complex block:

namespace Drupal\d8_example_module\Plugin\Block; use Drupal\Core\Block\BlockBase; use Drupal\Core\Form\FormStateInterface; /** * Test Block. * * @Block( * id = "test_block", * admin_label = @Translation("Test Block"), * category = @Translation("System") * ) */ class TestBlock extends BlockBase { public function defaultConfiguration() { return ['enabled' => 1]; } public function blockForm($form, FormStateInterface $form_state) { $form['enabled'] = [ '#type' => 'checkbox', '#title' => $this->t('Configuration enabled'), '#default_value' => $this->configuration['enabled'], ]; return $form; } public function blockSubmit($form, FormStateInterface $form_state) { $this->configuration['enabled'] = (bool)$form_state->getValue('enabled'); } public function build() { if ($this->configuration['enabled']) { $message = $this->t('Configuration enabled'); } else { $message = $this->t('Configuration disabled'); } return [ '#markup' => $message, ]; } } Structure of a module

The structure of a module should look like the example module d8_example_module:

d8_example_module | |- config | |- install | |- d8_example_module.setting.yaml | |- schema | |- d8_example_module.settings.yaml | |- src | |- Controller | |- D8ExampleModuleController.php | |- Form | |- TestForm.php | |- Plugin | |- Block | |- TestBlock.php | |- templates | |- d8-theme-page.html.twig | |- | |- | |- d8_example_module.module | |- d8_example_module.permissions.yml | |- d8_example_module.routing.yml

Drupal 8 in 2 steps: Extend a base Class or implement an Interface and tell Drupal about it.

Download the example module

Drupal 8 in 2 steps was originally published by Capgemini at Capgemini on January 07, 2015.


PreviousNext: Drupal Testing Roadmap

Planet Drupal - Tue, 2015/01/06 - 11:19pm

Recently the patch to bring Mink based testing to drupal core went green. As result of that Lee Rowlands (@larowlan), Nick Schuch (@wesome1989), Adam Hoenich (@djphenaproxima), and myself (@grom358) had a discussion to create a roadmap for improving testing in Drupal core. Here is what we discussed.


Mediacurrent: Introducing the Mediacurrent Contrib Committee

Planet Drupal - Tue, 2015/01/06 - 10:21pm

After Mediacurrent's excellent retreat in October 2014 it was decided to set up some internal committees to help organize various company initiatives. Several of these committees were fairly straight forward - marketing, training, porting our corporate site to D8, etc, but I felt that one had been overlooked - a committee for organizing our contrib efforts.


Drupal Watchdog: PHP and JavaScript Closures

Planet Drupal - Tue, 2015/01/06 - 10:17pm

PHP closures are pretty simple as they are barely more than syntactic sugar over the following:

class Something { function __construct($x) { $this->x = $x; } function __invoke($y) { extract(get_object_vars($this)); // Your closure here. } }


function something ($y) use ($x) { // Your closure here. }

So closures are objects with a small difference: they are automatically constructed and once constructed they can not be changed and the only thing you can do with them is call them. Now it should be easy to see how variables work: variables given in use() are copied to properties on the object. If $x is an object itself then of course only its handler is copied so changing from inside the closure affects it everywhere else, exactly like how objects work in any other operation. All this is quite consistent on how PHP works and relatively simple to understand.

function foo() { $x = 1; $y = function() use (&$x) { $x++; print "in $x\n"; }; $y(); print "$x\n"; return $y; } $func = foo(); $func(); print "$x\n";

JavaScript is just a little different. First of all, there is no explicit import, every variable from the parent scope is imported. Second, since everything is an object, changing these variables affects the variables in the parent scope.

function foo() { var x = 1; var y = function() { x++; console.log('in' + x);} y(); console.log(x); return y; } func = foo(); func(); console.log(x); Flow Control

In both languages returning from a closure will simply return to the caller. If the closure is called in a loop then the loop will continue. Short of throwing an exception the closure can’t stop such a loop. See Smalltalk for an example of a language where this is different. Obviously, Common Lisp can do both kinds of returns and the syntax is succinct and easy to understand. Obviously again, Ruby can do both and the syntax is extremely obscure.

About $this / this

Since PHP 5.4, you can use $this in closure. Just imagine that one is passed in via use() and everything will be fine. So $this always means the object it is defined in even if the closure is passed to another method on another object. If necessary then a new closure can be created with a new $this variable: Closure::bind($closure, $newthis) or $closure->bindTo($newthis):

class foo { protected $x = 1; function bar() { return function() { $this->x++; print "$this->x\n";}; } } $func = (new foo)->bar(); $func(); class bar { protected $x = 10; } $func2 = $func->bindTo(new bar, "bar"); // "bar" allows the closure to access protected things $func2();

JavaScript this means the defining scope however it can be changed when calling the closures via the call or apply methods of the closure. This doesn't have a PHP equivalent. Your favorite framework or native DOM handling will often do this for you. each in jQuery sets this to the current object, event handlers will get the current event in this etc. ES5.1 in 2011 introduced the bind method on function objects which behaves exactly like bindTo in PHP: something.bind(newThis) returns a new closure with this being set to newThis. Examples:

function foo() { x = 1; var y = function() { this.x++; console.log(this.x);} y(); return y; } var func = foo(); func(); var func = function() { this.x++; console.log(this.x);}{x:1}); o = {x:10}; var func2 = func.bindTo(o); func2(); Tags:  PHP JavaScript Closures

Drupal core announcements: Ghent critical issue sprint recap

Planet Drupal - Tue, 2015/01/06 - 10:08pm

Last month, 13 sprinters gathered in Ghent, Belgium for a very focused sprint designed to accelerate work on issues blocking the release of Drupal 8. The sprint was a great burst of momentum for the core critical queue -- we went from 115 critical issues at the start of the sprint to only 81 as of today. That means we have 30% fewer critical issues than we did a month ago.

During the 5-day sprint, we worked on an impressive 51 critical issues, 28 of which are already fixed. Of particular note are the 18 upgrade path blockers that we moved forward (that's 70% of the issues blocking a beta-to-beta upgrade path during that time).

Sprint goals: Accomplished!

Before the sprint, we set some goals for the progress we wanted to make on upgrade path blockers for the Entity Field API, Configuration system, and Views. Here's how we did on each of these goals:

Views data structure and Entity Field API integration

We decoupled Views' entity field data from the SQL table structure by storing entity field information in the view configuration. This will make it possible for Views to detect when the entity field schema has changed and respond to the changes (as well as allowing better support for non-SQL databases). We also defined the entity schema changes that Views will need to support, and work is underway to support them.

Content and configuration dependencies in Views

We added content and configuration dependencies to Views so that Views that use entity display modes, field formatters, user roles, and so on can be safely deployed. We also discussed how to store deployable references to entities (for example, the taxonomy term displayed at the top of taxonomy/term/* listings) based on the shared needs of Views and Entity Reference. A patch to implement the proposed API in Views is nearly ready.

Global settings.php overrides

We had a fruitful discussion that clarified the problem space and culminated in splitting the issue into two steps. We retitled and resummarized the original issue into the second step, and began work on the first step. While getting an initial patch for the first step to pass tests, we uncovered several blocker issues, each of which has now been committed. The patch for this issue is now up for review.

Configuration schema

All hidden configuration schema issues are now fixed and will not regress, because all tests now have strict schema checking enabled by default!
To help people get started with config schemas, Gábor Hojtsy also created a very handy cheat sheet that provides the most crucial information at a glance.

Data integrity on module uninstallation

The two critical bugs in this problem space are now fixed:

To implement both of the above, we created a new ModuleUninstallValidatorInterface. We also have a non-critical issue to better integrate those validators when a module is being uninstalled as part of a configuration import.

NOT NULL constraints for entity base fields

Thanks to fast collaboration between plach, amateescu, yched, and fago (which was greatly assisted by having them all together in-person), a patch that fixes the fatal error bug has now been committed. This required resolving some trickiness with entity reference fields, whose target_id property is simultaneously required but not known while in the process of referencing a not-yet-saved entity. The solution results in a more semantically correct API and better delineation of responsibilities between field types, field definitions, and storage handlers for identifying and implementing required-ness.

The UN of Chocolate

We worked hard at the sprint, but also managed to fit in some international chocolate comparisons, with Swiss, Hungarian, and Belgian sweets to power all that coding. Contributor pfrenssen also pledged not to shave until 8.0.0 (1 cm of beard per beta?), and Berdir shared just how brimming with criticals his issue tracker became. We even learned a bit about the history of Ghent, thanks to swentel and his father-in-law.


The sprint was sponsored by the Drupal Association and Wunderkraut.

The following organizations also contributed their employees' time to participate in the sprint:

Finally, thanks to all the sprinters: alexpott, amateescu, Berdir, bircher, dawehner, fago, Gábor Hojtsy, pfrenssen, plach, swentel, Wim Leers, xjm, and yched!

What's next?

With the record-breaking productivity of our sprint, we know that more sprints like these will help get Drupal 8 done. The Drupal Association's D8 Accelerate progam will include more critical issue sprints in 2015. Watch for an upcoming sprint on menu and routing criticals at DrupalCamp New Jersey later this month!