02 Feb 2023

feedSymfony Blog

SymfonyLive Paris 2023 - Announcement of all pre-conference workshops

SymfonyLive Paris 2023, conference in French language only, will take place in less than 2 months already, from March 23 to 24! Today we are excited to announced all the practical workshops that will take place during the pre-conference on March 21…

02 Feb 2023 4:20pm GMT

SymfonyLive Paris 2023 - Welcome to the wonderful world of distributed systems!

SymfonyLive Paris 2023, conference in French language only, will take place in less than 2 months already, from March 23 to 24! The schedule is currently being revealed as we go along. More details are available here. À l'approche de SymfonyLive…

02 Feb 2023 2:30pm GMT

feedDrupal.org aggregator

Evolving Web: How To Install Drupal WxT 4 for Canadian Government Websites

If you work with a federal government-related website in Canada, you invariably have to contend with two challenges. First, everything has to be bilingual in English and French. Second, everything has to meet AA-level conformance with WCAG 2.0 accessibility requirements.

This applies to any website under the umbrella of Canada.ca and a wide array of federally funded organizations, as well as many provincial and municipal organizations.

To address this need, Drupal contributors within the government sector in Canada created the Web Experience Toolkit distribution (Drupal WxT). This is a version of Drupal designed for the Canadian government and other organizations with these particular bilingual and accessibility requirements. It includes a theme that provides accessibility and responsive support, has built-in support for English and French and provides the look and feel of the Government of Canada.

Image
A web page with a “choose language” dropdown menu.

For developers tasked with Drupal-based Government of Canada websites or other sites with similar requirements, WxT is an invaluable tool.

How To Install Drupal WxT 4

There are several different ways to install this distribution. For the purposes of this post, we have done an installation in a Docker-based environment, but it can also be done with Docksal, Lando, DDEV, local Apache or composer.

1. Install in your environment composer and PHP dependencies for Drupal. It's important that you review the dependencies, as you will need PHP 8.1 for this process. See the latest PHP requirements here.

2. Execute the following command to create a project folder with the Drupal installation, using the WxT profile.

composer create-project drupalwxt/site-wxt:9.4.x-dev --no-interaction

3. Once you have the Drupal folder with the code, you can set up the environment as you want. If you are using Docksal, see the following project setup documentation.

4. When you access the site for the first time, the following installation UI will appear in the browser.

5. Choose a language and click on continue. You can then set up the database connection credentials, and the installation will start.

Image
A web page with a module being installed.

6. Enter the site information details.

Image
A web page with empty fields for site registration and site maintenance information.

7. Translations are then automatically imported.

Image
A web page with translation files in the process of being updated.

8. Select the WxT extensions that you plan to use for this particular site. These extensions can be modified as needed.

Image
A web page with a list of selectable extensions with empty clickable boxes.

9. When the WxT extension installation is complete, you'll be redirected to the site homepage as an admin user.

Features

Once you have completed the installation, you can begin to explore the many features of Drupal WxT. Here's an overview of the built-in functionality that the latest version, WxT 4, has to offer.

Need Help?

Want to brush up on your Drupal skills? We have training packages that can help your team take your site to the next level. Learn more about our training tracks.

You can also watch our free on-demand webinar on Drupal WxT, where we cover how to build and maintain accessible, multilingual, easy-to-use, and mobile-friendly websites.

+ more awesome articles by Evolving Web

02 Feb 2023 9:50am GMT

feedSymfony Blog

SymfonyLive Paris 2023 - From social to tech - a plea for atypical profiles

SymfonyLive Paris 2023, conference in French language only, will take place from March 23 & 24! As this event approaches we are pleased to announce you the next person joining the speaker team. Join us by registering now. More details about the…

02 Feb 2023 9:30am GMT

01 Feb 2023

feedDrupal.org aggregator

CTI Digital: Drupal 10 - What You Need To Know

The release of Drupal 10 has been highly anticipated by the Drupal community, and it was finally launched in December 2022. This latest version of the content management system brings several new features and functional improvements that will make content creation and management easier while also improving SEO, and driving conversions.

In this blog, we'll highlight the key benefits of Drupal 10 for marketers and website managers.

01 Feb 2023 3:29pm GMT

DrupalEasy: DrupalEasy Podcast S14E6 - Ryan Price - How to start a Drupal project the right way

Direct .mp3 file download.

We talk with Ryan Price about how to start a new Drupal project the right way, including development environment setup, code base setup, initial modules, Git setup, and common newbie mistakes.

URLs mentioned

DrupalEasy News

Audio transcript

We're using the machine-driven Amazon Transcribe service to provide an audio transcript of this episode.

Subscribe

Subscribe to our podcast on iTunes, Google Play or Miro. Listen to our podcast on Stitcher.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.

01 Feb 2023 3:21pm GMT

24 Jan 2023

feedPlanet PHP

Mastobot: For your Fediverse PHP posting needs

Mastobot: For your Fediverse PHP posting needs

Like much of the world I've been working to migrate off of Twitter to Mastodon and the rest of the Fediverse. Along with a new network is the need for new automation tools, and I've taken this opportunity to scratch my own itch and finally build an auto-posting bot for my own needs. And it is, of course, available as Free Software.

Announcing Mastobot! Your PHP-based Mastodon auto-poster.

Continue reading this post on PeakD.

Larry 23 January 2023 - 10:13pm

24 Jan 2023 4:13am GMT

12 Jan 2023

feedPlanet PHP

Knex (with MySQL) had a very scary SQL injection

Knex recently released a new version this week (2.4.0). Before this version, Knex had a pretty scary SQL injection. Knex currently has 1.3 million weekly downloads and is quite popular.

The security bug is probably one of the worst SQL injections I've seen in recent memory, especially considering the scope and popularity.

If you want to get straight to the details:

My understanding of this bug

If I understand the vulnerability correctly, I feel this can impact a very large number of sites using Knex. Even more so if you use Express.

I'll try to explain through a simple example. Say, you have MySQL table structured like this:

CREATE TABLE `users` (
  `id` int NOT NULL AUTO_INCREMENT,
  `name` varchar(100) DEFAULT NULL,
  PRIMARY KEY (`id`)
)

And you have a query that does a SELECT using Knex:

const lookupId = 2;

const result = await knex('users')
  .select(['id', 'name'])
  .where({
    id: lookupId
  });

You'd expect the query to end up roughly like this

SELECT `id`, `name` FROM `users` WHERE `id` = 2

The issue is when the user controls the value of lookupId. If somehow they can turn this into an object like this:

const lookupId = {
  name: 'foo'
}

You might expect an error from Knex, but instead it generates the following query:

SELECT `id`, `name` FROM `users` WHERE `id` = `name` = 'foo'

This query is not invalid. I don't fully understand fully understand MySQL's behavior, but it causes the WHERE clause to be ignored and the result is equivalent to:

SELECT `id`

Truncated by Planet PHP, read more at the original (another 8765 bytes)

12 Jan 2023 9:31pm GMT

10 Jan 2023

feedPlanet PHP

Xdebug Update: December 2022

Xdebug Update: December 2022

In this monthly update I explain what happened with Xdebug development in this past month. These are normally published on the first Tuesday on or after the 5th of each month.

Patreon and GitHub supporters will get it earlier, around the first of each month.

You can become a patron or support me through GitHub Sponsors. I am currently 45% towards my $2,500 per month goal. If you are leading a team or company, then it is also possible to support Xdebug through a subscription.

In the last month, I spend 25 hours on Xdebug, with 21 hours funded. Sponsorships are continuing to decline, which makes it harder for me to dedicate time for maintenance and development.

Xdebug 3.2

Xdebug 3.2.0 got released at the start of December, to coincide with the release of PHP 8.2 which it supports, after fixing a last crash with code coverage. Since then a few bugs were reported, which I have started to triage. A particularly complicated one seems to revolve on Windows with PHP loaded in Apache, where suddenly all modes are turned on without them having been activated through the xdebug.mode setting. This is a complicated issue that I hope to figure out and fix during January, resulting in the first patch release later this month.

Plans for the Year

Beyond that, I have spend some time away from the computer in the Dutch country side to recharge my battery. I hope to focus on redoing the profiler this year, as well as getting the "recorder" feature to a releasable state.

Smaller feature wise, I hope to implement file/path mappings on the Xdebug side to aide the debugging of generated files containing PHP code.

Xdebug Cloud

Xdebug Cloud is the Proxy As A Service platform to allow for debugging in more scenarios, where it is hard, or impossible, to have Xdebug make a connection to the IDE. It is continuing to operate as Beta release.

Packages start at £49/month, and I have recently introduced a package for larger companies. This has a larger initial set of tokens, and discounted extra tokens.

If you want to be kept up to date with Xdebug Cloud, please sign up to the mailinglist, which I will use to send out an update not more than once a month.

Xdebug Videos

I have published two new videos:

I have continued writing scripts for videos about Xdebug 3.2's features, and am also intending to make a video about "Running Xdebug in Production", as well as one on using the updated "xdebug.client_discovery_header" feature (from Xdebug 3.1).

You can find all previous videos on my YouTube channel.

Business Supporter Scheme and Funding

In December, no new business supporters signed up.

If you, or your company, would also like to support Xdebug, head over to the support page!

Besides business support, I also maintain a Patreon page, a profile on GitHub sponsors, as well as an OpenCollective organisation.

Become a Patron!

10 Jan 2023 9:06am GMT