Beware File::getFileUri()!

Ross Bale
9th Nov 2018

I'll keep this short and sweet, but we thought this would be a useful tip to share with the world as a potential security issue with the combined use of File::getFileUri() and FileSystem::realpath().

Consider the following code excerpt :

$file = File::load($some_file_uri);

if ($file) {
  $uri = $file->getFileUri();
  $file_realpath = \Drupal::service('file_system')->realpath($uri);
}

Seems pretty harmless right? Load up the file from $some_file_uri , If we have a valid file then get the URI and then grab the real path.

Wrong (potentially, depending on what you do with $file_realpath).

If $file is a valid file, but for whatever reason the file is...

Read more

Level up with PHPStorm

Part of the series
Level up your dev environment
Nathan Page
6th Nov 2018

There is a whole world of functionality that opens up when your editor can not only edit your code but understand it, and that's why we use PHPStorm. Read on for some thoughts, advice and tips for getting the most out of your IDE.

Read more

Level up your dev environment - top tools and tips from ComputerMinds

Part of the series
Level up your dev environment
Nathan Page
6th Nov 2018

The other day, I shared with the office that I was really blown away by Steve T's Zsh tip about installing a plugin that gives you a desktop toast notification when a long-running command in a zsh terminal completes.

So astounded I was, that I declared that we should put our heads together and share companywide our top tools and tips. No longer should the most useful things be kept quiet, and no longer shall I be content to miss out!

Everyone pitched in with a few ideas, and I thought it would be good to get them written up...

Read more

Quickly update Drupal core

James Williams
18th Oct 2018

If you've got a Drupal site, which you need to update quickly (for example, to address last night's security advisory!), here's a tip. Run this from the command line:

curl 'https://github.com/drupal/drupal/compare/7.59..7.60.patch' | patch -p1

This assumes your codebase was on Drupal 7.59 and you're currently in Drupal's root directory. If you're currently on a different version, adjust the numbers in the patch URL accordingly.

Don't forget to still run database updates via /update.php or drush updatedb !

The Drupal repo on github is a verbatim mirror of the official Drupal repo from git.drupal.org. Github supports comparing arbitrary git references,...

Read more