Skip to main content

Drupal News

News is provide by the latest from the Drupal Community and the latest developments happening around the world.

Talking Drupal: Talking Drupal #427 - Melissa Turns The Tables

4 Dec 2023

On today’s show we are turning the tables and Nic and John will be interviewed by our guest host Melissa Bent. We’ll also cover Content Model Documentation as our module of the week. For show notes visit: Topics What made you decide to start the podcast Who does what...

mandclu: Translatable Inline Lists in Drupal

4 Dec 2023

Mon, 12/04/2023 - 07:17 Translatable Inline Lists in Drupal One of the things that got me started using Drupal was its powerful ability to work...

LN Webworks: The Admin Toolbar - A Phenomenal Drupal Module for Website

4 Dec 2023

Drupal is a cutting-edge content management system (CMS) with many marvelous features and functionalities. Some are centered around causing customer delight while others are focused on promoting the ease of administration. The admin toolbar module is a remarkable feature that has simplified the... blog: Choosing the Best Drupal Approach: Headless or Decoupled?

4 Dec 2023

Choosing the Best Drupal Approach: Headless or Decoupled? kanapatrick Mon, 12/04/2023 - 10:18 Choosing the best Drupal approach for your project can be a daunting task. Do you choose a headless or decoupled approach? Both approaches have their pros and cons and it is important to...

Golems GABB: The Future of Content Management with Decentralized Autonomous Organizations (DAOs)

4 Dec 2023

The Future of Content Management with Decentralized Autonomous Organizations (DAOs) Editor Mon, 12/04/2023 - 11:07 Disclaimer: This blog is based on analyzing events that have taken place in the DAO market over the past few years. The DAO market is unpredictable,...

Samuel Mortenson: Meet Bookish, an install profile for static Drupal blogs

4 Dec 2023

For the last four years I’ve been working on a static site generator for Drupal called Tome. Unlike other generators Tome uses “vanilla” Drupal, which means that if you know how to build a Drupal site, you know how to build a Tome site! One downside of this is that when comparing a default install...

Samuel Mortenson: Drupal security testing for everyone

4 Dec 2023

I've just published a new project for performing static application security testing (SAST) on Drupal sites, mortenson/psalm-plugin-drupal. Using Psalm, custom plugins, funky scripts, and a lot of elbow grease, I think I have something that will help everyone write safer Drupal code.

Samuel Mortenson: Promoting jQuery JSON to JSONP to trigger XSS

4 Dec 2023

I’ve done quite a bit of security research for Drupal, and one area of exploitation that I often come back to is the AJAX API. Drupal’s AJAX API is built on top of jQuery, and lets developers easily add interactive behavior to the frontend.

Samuel Mortenson: Drupal Services SQL injection - don't trust abstractions

4 Dec 2023

Drupal doesn’t have many SQL injection vulnerabilities anymore, at least not since the original Drupalgeddon was released into the wild. So what makes Drupal so safe? Abstractions of course! The database abstraction layer or “DB layer” is used throughout core and contrib to make all sorts of...

Samuel Mortenson: Drupal services private file access bypass via IDOR

4 Dec 2023

There’s a feature in Drupal that not a lot of people know about, but is a great target for security research - private files. Private files allow you to upload files to a non-public directory on your server, then serve them through Drupal instead of through your HTTP server. Drupal is then able to...