In the community

After reading this from Ars Technica, which describes how a developer offered to 'help' the maintainer of an NPM module - and then slowly introduced malicious code to it - I can't help but wonder if the Drupal community is vulnerable to the exact same issue. Let's discuss! ###Please, don't touch my package NPM modules have been hacked at before, and it's not pretty when it happens. Because of the way we use packages, it's...

Let me take you on a journey. We'll pass by Drupal content renderer services, AJAX commands, javascript libraries and a popular front-end framework. If you've only heard of one or two of those things, come lean on the experience I took diving deep into Drupal. I'm pleased with where my adventure took me to, and maybe what I learned will be useful to you too. Here's the end result: a contact form, launched from a...

Developers spend what, maybe 30% of their time scouring the internet for documentation and answers to questions. What IF you didn't have to do that? You could save hours of time, right! Bring on Dash, the brilliant solution to that very problem.

OSX's Spotlight tool made searching files and starting tasks a dream. That dream, though, still had space for more. What if you could execute commands from Spotlight? Or do *really* clever things? Cue Alfred, stage left.

Everyone has their preferred command shell. The bravest amongst us probably has some highly customised craziness, and the more unsure probably are using the plain mac Terminal. Somewhere in between, though, lies a world of fun that really should be explored. There are some great tools out there, and one of our favourites is Zsh. Zsh is a shell that encapsulates all of BASH, and then a whole load of useful, 'standard' and 'other' features...

I'll keep this short and sweet, but we thought this would be a useful tip to share with the world as a potential security issue with the combined use of File::getFileUri() and FileSystem::realpath(). Consider the following code excerpt : $file = File::load($some_file_uri); if ($file) { $uri = $file->getFileUri(); $file_realpath = \Drupal::service('file_system')->realpath($uri); } Seems pretty harmless right? Load up the file from $some_file_uri , If we have a valid file then get the URI and then...

There is a whole world of functionality that opens up when your editor can not only edit your code but understand it, and that's why we use PHPStorm. Read on for some thoughts, advice and tips for getting the most out of your IDE.

The other day, I shared with the office that I was really blown away by Steve T's Zsh tip about installing a plugin that gives you a desktop toast notification when a long-running command in a zsh terminal completes. So astounded I was, that I declared that we should put our heads together and share companywide our top tools and tips. No longer should the most useful things be kept quiet, and no longer shall...

Update: this article's suggested method has serious shortcomings, use other methods when you can! For example, run the following with drush to just upgrade drupal core code (leaving database updates to be run separately): drush pm-updatecode drupal --check-updatedb=0 If you've got a Drupal site, which you need to update quickly (for example, to address last night's security advisory!), here's a tip. Run this from the command line: curl 'https://github.com/drupal/drupal/compare/7.59..7.60.patch' | patch -p1 This assumes your...

A client noticed the dates on their news articles were not being translated into the correct language. The name of the month would always appear in English, even though all the month names had themselves been translated and showed correctly elsewhere. The problem turned out to be down to the twig filter being used in the template to format the date. This is what we did have: ```twig {% set newsDate = node.getCreatedTime|date('j F Y')...