Drupal Association blog: 2019 Drupal Association at-large election winner announced

Planet Drupal - Mon, 2019/09/09 - 1:49pm

The staff and board of the Drupal Association would like to congratulate our newest At-Large board member:

Leslie Glynn

Leslie has more than 30 years of experience in the tech field as a software developer and project manager. She has been a freelance Drupal Project Manager and Site Builder since 2012. Glynn is very active in the Drupal community as an event organizer (Design 4 Drupal, Boston and NEDCamp), sprint organizer, mentor, trainer and volunteer. She is the winner of the 2019 Aaron Winborn Award. This annual award recognizes an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community.

Being a volunteer at numerous Drupal camps and DrupalCons has given me the opportunity to meet and learn from many diverse members of the Drupal community. I hope to bring that knowledge and experience to my work on Drupal Association initiatives. One of the things I would like to help with is growing Drupal adoption through new initiatives that reach out to under-represented and diverse groups through an increased presence at secondary schools and universities and to groups such as "Girls Who Code" and other groups in the tech space.

We are all looking forward to working with you, Leslie.

Thank you to all our candidates

On behalf of all the staff and board of the Drupal Association, and I’m sure the rest of the Drupal community, I would like to thank all of those people who stood for election this year. It truly is a big commitment to contribution and one to be applauded. We wish you well for 2019 and hope to see you back in 2020!

About the Elections Methodology: Instant Run-off Voting (IRV)

Elections for the Community-at-large positions on the Drupal Association Board are conducted through Instant Run-off Voting. This means that voters can rank candidates according to their preference. When tabulating ballots, the voters' top-ranked choices are considered first. If no candidate has more than 50% of the vote, the candidate with the lowest votes is eliminated. Then the ballots are tabulated again, with all the ballots that had the eliminated candidate as their first rank now recalculated with their second rank choices. This process is repeated until only two candidates remain and a clear winner can be determined. This voting method helps to ensure that the candidate who is most preferred by the most number of voters is ultimately elected. You can learn more about IRV (also known as Alternative Vote) in this video.

Detailed Voting Results

There were 12 candidates in contention for the single vacancy among the two community-at-large seats on the Board. 1,050 voters cast their ballots out of a pool of 49,498 eligible voters (2.2%).

The full results output is below. The system allows for candidates to keep their name hidden, if they choose, so we replaced the names of those who did with a candidate number:

The number of voters is 1050 and there were 998 valid votes and 52 empty votes. Removed withdrawn candidate Tushar Thatikonda from the ballots. Counting votes using Instant Runoff Voting. R|Candi|Candi|Imre |Brian|Candi|Shada|Ahmad|Candi|Alann|Manji|Lesli|Exhau |date |date |Gmeli| Gilb|date |b Ash| Khal|date |a Bur|t Sin|e Gly|sted |4 |3 |g Mei|ert |2 |raf |il |1 |ke |gh |nn | | | |jling| | | | | | | | | | | | | | | | | | | | | ========================================================================== 1| 71| 74| 166| 119| 36| 45| 7| 115| 67| 116| 182| 0 |----------------------------------------------------------------------- | Count of first choices. ========================================================================== 2| 71| 75| 167| 120| 36| 46| | 116| 67| 117| 183| 0 |----------------------------------------------------------------------- | Count after eliminating Ahmad Khalil and transferring votes. ========================================================================== 3| 72| 76| 177| 124| | 47| | 118| 68| 117| 185| 14 |----------------------------------------------------------------------- | Count after eliminating Candidate 2 and transferring votes. ========================================================================== 4| 74| 76| 178| 125| | | | 132| 70| 130| 186| 27 |----------------------------------------------------------------------- | Count after eliminating Shadab Ashraf and transferring votes. ========================================================================== 5| 89| 77| 183| 133| | | | 142| | 131| 211| 32 |----------------------------------------------------------------------- | Count after eliminating Alanna Burke and transferring votes. ========================================================================== 6| 93| | 192| 134| | | | 151| | 134| 217| 77 |----------------------------------------------------------------------- | Count after eliminating Candidate 3 and transferring votes. ========================================================================== 7| | | 199| 149| | | | 177| | 136| 248| 89 |----------------------------------------------------------------------- | Count after eliminating Candidate 4 and transferring votes. ========================================================================== 8| | | 208| 163| | | | 228| | | 254| 145 |----------------------------------------------------------------------- | Count after eliminating Manjit Singh and transferring votes. ========================================================================== 9| | | 239| | | | | 247| | | 296| 216 |----------------------------------------------------------------------- | Count after eliminating Brian Gilbert and transferring votes. ========================================================================== 10| | | | | | | | 288| | | 359| 351 |----------------------------------------------------------------------- | Count after eliminating Imre Gmelig Meijling and transferring votes. | Final round is between Candidate 1 and Leslie Glynn. | Candidate Leslie Glynn is elected. Winner is Leslie Glynn.

Agiledrop.com Blog: Our blog posts from August 2019

Planet Drupal - Mon, 2019/09/09 - 12:14pm

We’re back with an overview of the blog posts we wrote last month. If there are some you particularly enjoyed, this is the perfect opportunity to revisit them, as well as catch up on the ones you might have missed.


OSTraining: Theming a Drupal 8 View with CSS Grid

Planet Drupal - Mon, 2019/09/09 - 10:33am

Some different modules and plugins can alter the display of a view in Drupal, for instance, to alternate the order of image and text every new row, or to build some kind of stacked layout. 

It is possible to alter the display of a view with just some lines of CSS code instead. This approach has many advantages, being the fact of not having to install and update a module, the most relevant one.

Keep reading to learn how!


Chromatic: Structuring Front-end Teams

Planet Drupal - Mon, 2019/09/09 - 9:00am

The front-end domain has arguably reached a tipping point in its evolution that beckons its patrons to reconsider whether teams are structured optimally.


Lullabot: Behind the Screens: Episode 9321

Planet Drupal - Mon, 2019/09/09 - 9:00am

Why spend time on Drupal's UI? New Lullabot, Cristina Chumillas, tells us about the UI initiative and why it's important, explains the new Claro theme, and describes the strangest thing she's ever eaten.


Consensus Enterprises: Try Aegir now with the new Dev VM

Planet Drupal - Mon, 2019/09/09 - 6:00am
Have you been looking for a self-hosted solution for hosting and managing Drupal sites? Would you like be able able to upgrade all of your sites at once with a single button click? Are you tired of dealing with all of the proprietary Drupal hosting providers that won’t let you customize your set-up? Wouldn’t it be nice if all of your sites had free automatically-updating HTTPS certificates? You probably know that Aegir can do all of this, but it’s now trivial to set up a temporary trial instance to see how it works.

MXD120: Removing changefreq, lastmod, and priority From XML Sitemap

Planet Drupal - Sat, 2019/09/07 - 8:03pm
A simple hook for removing changefreq, lastmod, and priority from sitemap.xml

Hook 42: Web Accessibility at BADCamp

Planet Drupal - Fri, 2019/09/06 - 7:04pm
Web Accessibility at BADCamp Lindsey Gemmill Fri, 09/06/2019 - 19:45

Code Karate: Using Drupal as your Gatsby Data Source

Planet Drupal - Fri, 2019/09/06 - 5:03pm
Episode Number: 3

In this episode, we learn how to set up your Gatsby website to pull data from Drupal. We will cover:

  1. Setting up JSON:API on your Drupal site
  2. Installing the gatsby-source-drupal plugin
  3. Configuring the gatsby-source-drupal plugin
  4. Use GraphiQL to view your Drupal data
  5. Load Article nodes using gatsby-node.js
  6. Create Article Template to pull in Article data
Tags: GatsbyJSReactDrupalDrupal 8Drupal Planet

Dries Buytaert: WYSIWYG media embedding in Drupal 8.8

Planet Drupal - Fri, 2019/09/06 - 3:30pm

I'm excited to share that when Drupal 8.8 drops in December, Drupal's WYSIWYG editor will allow media embedding.

You may wonder: Why is that worth announcing on your blog? It's just one new button in my WYSIWYG editor..

It's a big deal because Drupal's media management has been going through a decade-long transformation. The addition of WYSIWYG integration completes the final milestone. You can read more about it on Wim's blog post.

Drupal 8.8 should ship with complete media management, which is fantastic news for site builders and content authors who have long wanted a simpler way to embed media in Drupal.

Congratulations to the Media Initiative team for this significant achievement!


Promet Source: Anatomy of a Web Accessibility Audit

Planet Drupal - Fri, 2019/09/06 - 3:44am
Diagnosing a website for accessibility and fixing any issues that are uncovered is not a one-size-fits-all endeavor.  Every site has a distinct set of strengths and challenges. Plus, site owners vary widely in their level of expertise and the availability of resources that can be devoted to accessibility -- which includes diagnosing the site, making the necessary modifications, and ensuring that the tools and expertise are in place to maintain compliance.  That’s why flexibility is an essential criteria when seeking ADA Section 508 accessibility solutions.

Agaric Collective: How to debug Drupal migrations - Part 1

Planet Drupal - Fri, 2019/09/06 - 1:02am

Throughout the series we have shown many examples. I do not recall any of them working on the first try. When working on Drupal migrations, it is often the case that things do not work right away. Today’s article is the first of a two part series on debugging Drupal migrations. We start giving some recommendations of things to do before diving deep into debugging. Then, we are going to talk about migrate messages and presented the log process plugin. Let’s get started.

Minimizing the surface for errors

The Migrate API is a very powerful ETL framework that interacts with many systems provided by Drupal core and contributed modules. This adds layers of abstraction that can make the debugging process more complicated compared to other systems. For instance, if something fails with a remote JSON migration, the error might be produced in the Migrate API, the Entity API, the Migrate Plus module, the Migrate Tools module, or even the Guzzle HTTP Client library that fetches the file. For a more concrete example, while working on a recent article, I stumbled upon an issue that involved three modules. The problem was that when trying to rollback a CSV migration from the user interface an exception will be thrown making the operation fail. This is related to an issue in the core Migrate API that manifests itself when rollback operations are initiated from the interface provided by Migrate Plus. Then, the issue causes a condition in the Migrate Source CSV plugin that fails and the exception is thrown.

In general, you should aim to minimize the surface for errors. One way to do this by starting the migration with the minimum possible set up. For example, if you are going to migrate nodes, start by configuring the source plugin, one field (the title), and the destination. When that works, keep migrating one field at a time. If the field has multiple subfields, you can even migrate one subfield at a time. Commit every progress to version control so you can go back to a working state if things go wrong. Read this article for more recommendations on writing migrations.

What to check first?

Debugging is a process that might involve many steps. There are a few things that you should check before diving too deep into trying to find the root of the problem. Let’s begin with making sure that changes to your migrations are properly detected by the system. One common question I see people ask is where to place the migration definition files. Should they go in the migrations or config/install directory of your custom module? The answer to this is whether you want to manage your migrations as code or configuration. Your choice will determine the workflow to follow for changes in the migration files to take effect. Migrations managed in code go in the migrations directory and require rebuilding caches for changes to take effect. On the other hand, migrations managed in configuration are placed in the config/install directory and require configuration synchronization for changes to take effect. So, make sure to follow the right workflow.

After verifying that your changes are being applied, the next thing to do is verify that the modules that provide your plugins are enabled and the plugins themselves are properly configured. Look for typos in the configuration options. Always refer to the official documentation to know which options are available and find the proper spelling of them. Other places to look at is the code for the plugin definition or articles like the ones in this series documenting how to use them. Things to keep in mind include proper indentation of the configuration options. An extra whitespace or a wrong indentation level can break the migration. You can either get a fatal error or the migration can fail silently without producing the expected results. Something else to be mindful is the version of the modules you are using because the configuration options might change per version. For example, the newly released 8.x-3.x branch of Migrate Source CSV changed various configuration options as described in this change record. And the 8.x-5.x branch of Migrate Plus changed some configurations for plugin related with DOM manipulation as described in this change record. Keeping an eye on the issue queue and change records for the different modules you use is always a good idea.

If the problem persists, look for reports of similar problems in the issue queue. Make sure to include closed issues as well in case your problem has been fixed or documented already. Remember that a problem in a module can affect a different module. Keeping an eye on the issue queue and change records for all the modules you use is always a good idea. Another place ask questions is the #migrate channel in Drupal slack. The support that is offered there is fantastic.

Migration messages

If nothing else has worked, it is time to investigate what is going wrong. In case the migration outputs an error or a stacktrace to the terminal, you can use that to search in the code base where the problem might originate. But if there is no output or if the output is not useful, the next thing to do is check the migration messages.

The Migrate API allows plugins to log messages to the database in case an error occurs. Not every plugin leverages this functionality, but it is always worth checking if a plugin in your migration wrote messages that could give you a hint of what went wrong. Some plugins like skip_on_empty and skip_row_if_not_set even expose a configuration option to specify messages to log. To check the migration messages use the following Drush command: drush migrate:messages [migration_id]. If you are managing migrations as configuration, the interface provided by Migrate Plus also exposes them.

Messages are logged separately per migration, even if you run multiple migrations at once. This could happen if you execute dependencies or use groups or tags. In those cases, errors might be produced in more than one migration. You will have to look at the messages for each of them individually.

Let’s consider the following example. In the source there is a field called src_decimal_number with values like 3.1415, 2.7182, and 1.4142. It is needed to separate the number into two components: the integer part (3) and the decimal part (1415). For this, we are going to use the extract process plugin. Errors will be purposely introduced to demonstrate the workflow to check messages and update migrations. The following example shows the process plugin configuration and the output produced by trying to import the migration:

# Source values: 3.1415, 2.7182, and 1.4142 psf_number_components: plugin: explode source: src_decimal_number $ drush mim ud_migrations_debug [notice] Processed 3 items (0 created, 0 updated, 3 failed, 0 ignored) - done with 'ud_migrations_debug' In MigrateToolsCommands.php line 811: ud_migrations_debug Migration - 3 failed.

The error produced in the console does not say much. Let’s see if any messages were logged using: drush migrate:messages ud_migrations_debug. In the previous example, the messages will look like this:

------------------- ------- -------------------- Source IDs Hash Level Message ------------------- ------- -------------------- 7ad742e...732e755 1 delimiter is empty 2d3ec2b...5e53703 1 delimiter is empty 12a042f...1432a5f 1 delimiter is empty ------------------------------------------------

In this case, the migration messages are good enough to let us know what is wrong. The required delimiter configuration option was not set. When an error occurs, usually you need to perform at least three steps:

  • Rollback the migration. This will also clear the messages.
  • Make changes to definition file and make they are applied. This will depend on whether you are managing the migrations as code or configuration.
  • Import the migration again.

Let’s say we performed these steps, but we got an error again. The following snippet shows the updated plugin configuration and the messages that were logged:

psf_number_components: plugin: explode source: src_decimal_number delimiter: '.' ------------------- ------- ------------------------------------ Source IDs Hash Level Message ------------------- ------- ------------------------------------ 7ad742e...732e755 1 3.1415000000000002 is not a string 2d3ec2b...5e53703 1 2.7181999999999999 is not a string 12a042f...1432a5f 1 1.4141999999999999 is not a string ----------------------------------------------------------------

The new error occurs because the explode operation works on strings, but we are providing numbers. One way to fix this is to update the source to add quotes around the number so it is treated as a string. This is of course not ideal and many times not even possible. A better way to make it work is setting the strict option to false in the plugin configuration. This will make sure to cast the input value to a string before applying the explode operation. This demonstrates the importance of reading the plugin documentation to know which options are at your disposal. Of course, you can also have a look at the plugin code to see how it works.

Note: Sometimes the error produces an non-recoverable condition. The migration can be left in a status of "Importing" or "Reverting". Refer to this article to learn how to fix this condition.

The log process plugin

In the example, adding the extra configuration option will make the import operation finish without errors. But, how can you be sure the expected values are being produced? Not getting an error does not necessarily mean that the migration works as expected. It is possible that the transformations being applied do not yield the values we think or the format that Drupal expects. This is particularly true if you have complex process plugin chains. As a reminder, we want to separate a decimal number from the source like 3.1415 into its components: 3 and 1415.

The log process plugin can be used for checking the outcome of plugin transformations. This plugin offered by the core Migrate API does two things. First, it logs the value it receives to the messages table. Second, the value is returned unchanged so that it can be used in process chains. The following snippets show how to use the log plugin and what is stored in the messages table:

psf_number_components: - plugin: explode source: src_decimal_number delimiter: '.' strict: false - plugin: log ------------------- ------- -------- Source IDs Hash Level Message ------------------- ------- -------- 7ad742e...732e755 1 3 7ad742e...732e755 1 1415 2d3ec2b...5e53703 1 2 2d3ec2b...5e53703 1 7182 12a042f...1432a5f 1 1 2d3ec2b...5e53703 1 4142 ------------------------------------

Because the explode plugin produces an array, each of the elements is logged individually. And sure enough, in the output you can see the numbers being separated as expected.

The log plugin can be used to verify that source values are being read properly and process plugin chains produce the expected results. Use it as part of your debugging strategy, but make sure to remove it when done with the verifications. It makes the migration to run slower because it has to write to the database. The overhead is not needed once you verify things are working as expected.

In the next article, we are going to cover the Migrate Devel module, the debug process plugin, recommendations for using a proper debugger like XDebug, and the migrate:fields-source Drush command.

What did you learn in today’s blog post? What workflow do you follow to debug a migration issue? Have you ever used the log process plugin for debugging purposes? If so, how did it help to solve the issue? Share your answers in the comments. Also, I would be grateful if you shared this blog post with others.

Next: How to debug Drupal migrations - Part 2

This blog post series, cross-posted at UnderstandDrupal.com as well as here on Agaric.coop, is made possible thanks to these generous sponsors: Drupalize.me by Osio Labs has online tutorials about migrations, among other topics, and Agaric provides migration trainings, among other services.  Contact Understand Drupal if your organization would like to support this documentation project, whether it is the migration series or other topics.

Read more and discuss at agaric.coop.


wishdesk.com: Infinite scrolling in Drupal 8 with Views Infinite Scroll module

Planet Drupal - Thu, 2019/09/05 - 4:26pm
Let’s see what infinite scrolling is and how to design it with the help of the Views Infinite Scroll Drupal 8 module. 

Chromatic: Don't break your cache, use BigPipe instead.

Planet Drupal - Thu, 2019/09/05 - 9:00am

Serving dynamic content, while maintaining the cacheability of a Drupal 8 site, used to be a tedious task. Drupal 8 did introduce a Lazy Builder way back when, but using it requires a fair amount of coding. Instead, we’ll take advantage of the BigPipe module which was included as a stable module since Drupal 8.3.


Code Karate: Drupal 8 Field Defaults Module

Planet Drupal - Thu, 2019/09/05 - 2:52am
Episode Number: 230

The Drupal 8 Field Defaults module is a handy little module that allows you to bulk update the default values of a Drupal field. This is helpful if you have ever added a field to a content type or entity and wished you could have the default value apply to all the existing content on your Drupal site.

Tags: DrupalDrupal 8Site BuildingDrupal Planet

Lullabot: Test Driven Development for Decoupled Drupal

Planet Drupal - Wed, 2019/09/04 - 9:46pm

In early Spring of 2019, I had a moment of clarity. Not only was I going to be working on a decoupled Drupal project, but we were going to be fulfilling one of the promises of a decoupled architecture. Our team was going to be replacing a back-end system consisting of Drupal 7, Java, and MongoDB with a single Drupal 8 site. The React website at universalkids.com (and the only consumer of this API, now and in the future) was only going to change by changing its base API URL.


Security public service announcements: Various 3rd Party Vulnerabilities - PSA-2019-09-04

Planet Drupal - Wed, 2019/09/04 - 4:59pm
Date: 2019-September-04Vulnerability: Various 3rd Party VulnerabilitiesDescription: 

In June of 2011, the Drupal Security Team issued Public Service Advisory PSA-2011-002 - External libraries and plugins.

8 years later that is still the policy of the Drupal Security team. As Drupal core and modules leverage 3rd party code more and more it seems like an important time to remind site owners that they are responsible for monitoring security of 3rd party libraries. Here is the advice from 2011 which is even more relevant today:

Just like there's a need to diligently follow announcements and update contributed modules downloaded from Drupal.org, there's also a need to follow announcements by vendors of third-party libraries or plugins that are required by such modules.

Drupal's update module has no functionality to alert you to these announcements. The Drupal security team will not release announcements about security issues in external libraries and plugins.

Current PHPUnit/Mailchimp library exploit

Recently we have become aware of a vulnerability that is being actively exploited on some Drupal sites. The vulnerability is in PHPUnit and has a CVE# CVE-2017-9841. The exploit targets Drupal sites that currently or previously used the Mailchimp or Mailchimp commerce module and still have a vulnerable version of the file sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php. See below for details on whether a file is vulnerable or not. The vulnerable file might be at other paths on your individual site, but an automated attack exists that is looking for that specific path. This attack can execute PHP on the server.


Follow release announcements by the vendors of the external libraries and plugins you use.

In this specific case, check for the existence of a file named eval-stdin.php and check its contents. If they match the new version in this commit then it is safe. If the file reads from php://input then the codebase is vulnerable. This is not an indication of a site being compromised, just of it being vulnerable. To fix this vulnerability, update your libraries. In particular you should ensure the Mailchimp and Mailchimp Ecommerce modules and their libraries are updated.

If you discover your site has been compromised, we have a guide of how to remediate a compromised site.

Also see the Drupal core project page.

Reported By: Coordinated By: 

InternetDevels: Building user profiles in Drupal 8 with new core modules

Planet Drupal - Wed, 2019/09/04 - 4:59pm

Your website’s users are its dearest treasure. Drupal 8 offers everything to make your users happy and satisfied.

Read more