SymfonyLive Paris 2023, conference in French language only, will take place in less than 2 months already, from March 23 to 24! Today we are excited to announced all the practical workshops that will take place during the pre-conference on March 21…
02 Feb 2023 4:20pm GMT
SymfonyLive Paris 2023, conference in French language only, will take place in less than 2 months already, from March 23 to 24! The schedule is currently being revealed as we go along. More details are available here. À l'approche de SymfonyLive…
02 Feb 2023 2:30pm GMT
If you work with a federal government-related website in Canada, you invariably have to contend with two challenges. First, everything has to be bilingual in English and French. Second, everything has to meet AA-level conformance with WCAG 2.0 accessibility requirements.
This applies to any website under the umbrella of Canada.ca and a wide array of federally funded organizations, as well as many provincial and municipal organizations.
To address this need, Drupal contributors within the government sector in Canada created the Web Experience Toolkit distribution (Drupal WxT). This is a version of Drupal designed for the Canadian government and other organizations with these particular bilingual and accessibility requirements. It includes a theme that provides accessibility and responsive support, has built-in support for English and French and provides the look and feel of the Government of Canada.
For developers tasked with Drupal-based Government of Canada websites or other sites with similar requirements, WxT is an invaluable tool.
How To Install Drupal WxT 4
There are several different ways to install this distribution. For the purposes of this post, we have done an installation in a Docker-based environment, but it can also be done with Docksal, Lando, DDEV, local Apache or composer.
1. Install in your environment composer and PHP dependencies for Drupal. It's important that you review the dependencies, as you will need PHP 8.1 for this process. See the latest PHP requirements here.
2. Execute the following command to create a project folder with the Drupal installation, using the WxT profile.
composer create-project drupalwxt/site-wxt:9.4.x-dev --no-interaction
3. Once you have the Drupal folder with the code, you can set up the environment as you want. If you are using Docksal, see the following project setup documentation.
4. When you access the site for the first time, the following installation UI will appear in the browser.
5. Choose a language and click on continue. You can then set up the database connection credentials, and the installation will start.
6. Enter the site information details.
7. Translations are then automatically imported.
8. Select the WxT extensions that you plan to use for this particular site. These extensions can be modified as needed.
9. When the WxT extension installation is complete, you'll be redirected to the site homepage as an admin user.
Features
Once you have completed the installation, you can begin to explore the many features of Drupal WxT. Here's an overview of the built-in functionality that the latest version, WxT 4, has to offer.
- WxT themes - Includes a GoC Public and Intranet WxT 3, 3.1 and the newer Bootstrap WxT 4 branch, as well as a plain (non-GoC) WxT theme.
- Multilingualism - Contains a French Canadian language pack, with many contributions from various government departments for common string elements, and has the ability to extend to more than 200 other languages.
- Migration - Can instantly pull content from static sites, TeamSite, OpenText, IBM/Domino and many other sources, thanks to fully automated bulk harvesting of CLF2 and WET3 templates.
- Content staging - You can run a full "staging > deploy" with no code to a live production environment by way of an administrative interface with a bulk scheduled rules engine or on-demand page by page.
- Workflow and moderation - Includes a sophisticated workflow for both simple and complex processes. This enables you to track "who did what when" with versioning and to compare differences in side-by-side revisions, based on your roles and permissions.
- Forms - Has a front-end capable of building and managing everything from simple user author-able feedback forms to comprehensive multifunction apps suitable for integration into legacy systems, with no code necessary.
- Layouts and editors - Enables content teams to manage their layouts and page components with intuitive drag-and-drop panels UI. Also includes a rich text editor with extensive features and user profile-based restrictions, including media file handling and markup blacklists and whitelists, which works with most rich text editors.
- Search - Extends easily with SearchAPI and is proven to work with Google Search and Solr for rich search application-like facets and filters. Enables you to ingest external indexes from other systems and securely present metadata for a unified search results, including full-text files.
- Responsiveness - Uses a mobile-first approach based on the Omega theme, adapting to different screen sizes and device capabilities. Also has touchscreen support, is optimized for performance and is building support for device-based mobile applications.
- Cross-browser compatibility - Has both front-end and back-end compatibility, supporting Google Chrome, Mozilla Firefox, Safari, and IE8+.
- Extensive default typography - Provides you with a wide range of typography options to customize your site.
- And of course … community-based add-ons - This is a big one. Because it's an open-source platform, you can choose from thousands of community-based addons available for free. You often even have options for common requirements.
Need Help?
Want to brush up on your Drupal skills? We have training packages that can help your team take your site to the next level. Learn more about our training tracks.
You can also watch our free on-demand webinar on Drupal WxT, where we cover how to build and maintain accessible, multilingual, easy-to-use, and mobile-friendly websites.
+ more awesome articles by Evolving Web
02 Feb 2023 9:50am GMT
SymfonyLive Paris 2023, conference in French language only, will take place from March 23 & 24! As this event approaches we are pleased to announce you the next person joining the speaker team. Join us by registering now. More details about the…
02 Feb 2023 9:30am GMT
The release of Drupal 10 has been highly anticipated by the Drupal community, and it was finally launched in December 2022. This latest version of the content management system brings several new features and functional improvements that will make content creation and management easier while also improving SEO, and driving conversions.
In this blog, we'll highlight the key benefits of Drupal 10 for marketers and website managers.
01 Feb 2023 3:29pm GMT
Direct .mp3 file download.
We talk with Ryan Price about how to start a new Drupal project the right way, including development environment setup, code base setup, initial modules, Git setup, and common newbie mistakes.
URLs mentioned
DrupalEasy News
We're using the machine-driven Amazon Transcribe service to provide an audio transcript of this episode.
Subscribe
Subscribe to our podcast on iTunes, Google Play or Miro. Listen to our podcast on Stitcher.
If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.
01 Feb 2023 3:21pm GMT
Mastobot: For your Fediverse PHP posting needs
Like much of the world I've been working to migrate off of Twitter to Mastodon and the rest of the Fediverse. Along with a new network is the need for new automation tools, and I've taken this opportunity to scratch my own itch and finally build an auto-posting bot for my own needs. And it is, of course, available as Free Software.
Announcing Mastobot! Your PHP-based Mastodon auto-poster.
Continue reading this post on PeakD.
Larry 23 January 2023 - 10:13pm
24 Jan 2023 4:13am GMT
Knex recently released a new version this week (2.4.0). Before this version, Knex had a pretty scary SQL injection. Knex currently has 1.3 million weekly downloads and is quite popular.
The security bug is probably one of the worst SQL injections I've seen in recent memory, especially considering the scope and popularity.
If you want to get straight to the details:
My understanding of this bug
If I understand the vulnerability correctly, I feel this can impact a very large number of sites using Knex. Even more so if you use Express.
I'll try to explain through a simple example. Say, you have MySQL table structured like this:
CREATE TABLE `users` (
`id` int NOT NULL AUTO_INCREMENT,
`name` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`)
)
And you have a query that does a SELECT using Knex:
const lookupId = 2;
const result = await knex('users')
.select(['id', 'name'])
.where({
id: lookupId
});
You'd expect the query to end up roughly like this
SELECT `id`, `name` FROM `users` WHERE `id` = 2
The issue is when the user controls the value of lookupId. If somehow they can turn this into an object like this:
const lookupId = {
name: 'foo'
}
You might expect an error from Knex, but instead it generates the following query:
SELECT `id`, `name` FROM `users` WHERE `id` = `name` = 'foo'
This query is not invalid. I don't fully understand fully understand MySQL's behavior, but it causes the WHERE clause to be ignored and the result is equivalent to:
Truncated by Planet PHP, read more at the original (another 8765 bytes)
12 Jan 2023 9:31pm GMT
Xdebug Update: December 2022
London, UK
Tuesday, January 10th 2023, 09:06 GMT
In this monthly update I explain what happened with Xdebug development in this past month. These are normally published on the first Tuesday on or after the 5th of each month.
Patreon and GitHub supporters will get it earlier, around the first of each month.
You can become a patron or support me through GitHub Sponsors. I am currently 45% towards my $2,500 per month goal. If you are leading a team or company, then it is also possible to support Xdebug through a subscription.
In the last month, I spend 25 hours on Xdebug, with 21 hours funded. Sponsorships are continuing to decline, which makes it harder for me to dedicate time for maintenance and development.
Xdebug 3.2
Xdebug 3.2.0 got released at the start of December, to coincide with the release of PHP 8.2 which it supports, after fixing a last crash with code coverage. Since then a few bugs were reported, which I have started to triage. A particularly complicated one seems to revolve on Windows with PHP loaded in Apache, where suddenly all modes are turned on without them having been activated through the xdebug.mode setting. This is a complicated issue that I hope to figure out and fix during January, resulting in the first patch release later this month.
Plans for the Year
Beyond that, I have spend some time away from the computer in the Dutch country side to recharge my battery. I hope to focus on redoing the profiler this year, as well as getting the "recorder" feature to a releasable state.
Smaller feature wise, I hope to implement file/path mappings on the Xdebug side to aide the debugging of generated files containing PHP code.
Xdebug Cloud
Xdebug Cloud is the Proxy As A Service platform to allow for debugging in more scenarios, where it is hard, or impossible, to have Xdebug make a connection to the IDE. It is continuing to operate as Beta release.
Packages start at £49/month, and I have recently introduced a package for larger companies. This has a larger initial set of tokens, and discounted extra tokens.
If you want to be kept up to date with Xdebug Cloud, please sign up to the mailinglist, which I will use to send out an update not more than once a month.
Xdebug Videos
I have published two new videos:
I have continued writing scripts for videos about Xdebug 3.2's features, and am also intending to make a video about "Running Xdebug in Production", as well as one on using the updated "xdebug.client_discovery_header" feature (from Xdebug 3.1).
You can find all previous videos on my YouTube channel.
Business Supporter Scheme and Funding
In December, no new business supporters signed up.
If you, or your company, would also like to support Xdebug, head over to the support page!
Besides business support, I also maintain a Patreon page, a profile on GitHub sponsors, as well as an OpenCollective organisation.
10 Jan 2023 9:06am GMT
