Developers spend what, maybe 30% of their time scouring the internet for documentation and answers to questions. What IF you didn't have to do that? You could save hours of time, right!

Bring on Dash, the brilliant solution to that very problem.

OSX's Spotlight tool made searching files and starting tasks a dream. That dream, though, still had space for more. What if you could execute commands from Spotlight? Or do *really* clever things?

Cue Alfred, stage left.

Everyone has their preferred command shell. The bravest amongst us probably has some highly customised craziness, and the more unsure probably are using the plain mac Terminal. Somewhere in between, though, lies a world of fun that really should be explored. There are some great tools out there, and one of our favourites is Zsh.

Zsh is a shell that encapsulates all of BASH, and then a whole load of useful, 'standard' and 'other' features. Generally it's been nice to work with, though I must confess I've not by any means plumbed the depths of what it's capable of.

What...

I'll keep this short and sweet, but we thought this would be a useful tip to share with the world as a potential security issue with the combined use of File::getFileUri() and FileSystem::realpath().

Consider the following code excerpt :

$file = File::load($some_file_uri);

if ($file) {
  $uri = $file->getFileUri();
  $file_realpath = \Drupal::service('file_system')->realpath($uri);
}

Seems pretty harmless right? Load up the file from $some_file_uri , If we have a valid file then get the URI and then grab the real path.

Wrong (potentially, depending on what you do with $file_realpath).

If $file is a valid file, but for whatever reason the file is...