I am using Drupal 8.9.15 (with composer and Docker).
The problem is that the vurenabilities dependency check tool detects about 200 issues and most of them are realted to Drupal, and most of them to jqueryui which is used by Drupal, for example:
/web/core/assets/vendor/jquery.ui/node_modules/grunt-html/vnu.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
/web/core/assets/vendor/jquery.ui/node_modules/babel-core/node_modules/lodash/package.json
/web/core/node_modules/ftp/package.json
Why is it happening if Drupal is secure CMS?
Is it possible to fix it somehow? I see that the packages are downloading automatically to node_modules in drupal core directory.
This is unfortunately part of the reason that it's recommended to upgrade to Drupal 9 (believe me, the path is much better than from 7 -> 8).
It's known by the Drupal community that jQuery UI is no longer supported as mentioned in this change record. The recommended course of action is to upgrade to Drupal 9.
To answer your question, "Why is it happening if Drupal is secure CMS?" Well, it is as secure as it can be and as secure as its end users allow it to be. When Drupal 8 was released, jQuery UI was still supported. Now that Drupal 9 is released, jQuery UI is not part of core.
If you upgrade to Drupal 9, the security issues with jQuery UI will no longer be of concern.
Now, this is only for Drupal Core. There may still be some contrib modules that use jQuery UI elements, but that is not the responsibility of the core maintainers to watch for. However, as listed in the change record, they have mentioned a few contrib modules that still use those assets.
Related
We have developed 2 WordPress plugins which are using same composer package.
Depending on plugin versions the package included in plugin may be changed, we constantly add new functionality to our package.
The problem is that for example plugin A have version 1.0.0 of package, and plugin B have version 1.0.1, WordPress loads only one package , from plugin which loaded first, so if plugin A loaded first then plugin B will use version 1.0.0 package.
We are including autoload.php on both plugins.
Is it possible to do some configuration in WordPress or from composer side to make every plugin load and work with package included on his vendor folder ?
Is it possible to do some configuration in WordPress or from composer side to make every plugin load and work with package included on his vendor folder ?
In general no. The option about namespace rewriting has already been given by Chris Haas, so if you need to rely on different code behind the same global static names, you have to provide a different name for each version.
Another option is you align both plugins to rely on the same dependency version-stability. The example you give with 1.0.0 and 1.0.1 versions, the API should be compatible and it should not be an issue (if the package follows semantic versioning).
From the context of your question, it seems the dependency has not yet matured enough that this is an option practically.
Instead it should be possible to have the plugin which is currently based on 1.0.0 to use 1.0.1 as well. Then the version conflict is solved, as now it is the same version and can use the same names. This may not be an ideal solution, but could get you back to a working version fast and gives you more room to consider a better way in the future (e.g. having a build for those plugins that use scoping).
Additionally you could/should wrap all access to third-party libraries once in your own code so that such problems aren't that deep reaching (dependency issues tend to be harder to resolve). This methodology is independent to Wordpress or Composer, just a recommendation on how to interface to third-party dependencies (or even Wordpress itself[1], which you may know better).
If however what you ask here is already such a wrapper you build your own (e.g. in form of a composer package), consider to adhere to semantic versioning and stabilize its API first.
PHP has no built-in utility to create archives apart from PHAR, e.g. that you can have imports via names but to different code. This is likely also the reason why Composer does not support it and instead provides PSR-0/PSR-4, classmap and file inclusion autoload configuration.
As you have the scenario to share the same namespaces across the plugins - there is no other option actually as it runs in the same PHP process - the first one wins. You may however make your own plugins interoperable so that they can establish a loading order in their own hierarchy, e.g. to prefix the one autoloader before the other conditionally if it exists.
I'd probably go with scoping in the first place and only share build utilities between the plugins nowadays and have a nice package for each plugin afterwards. Yes, scoping can be PITA, but if you have this early on, you don't have to solve this later which is much harder.
Compare for the level of WordPress plugins WordPress Plugin: How do I avoid "tight coupling"? and Multiple Custom Metabox Help - both well dated so it is easier to not take code verbatim but to develop own conclusions.
I have a question regarding TYPO3 9 (and future versions) and PSR-15.
AFAIK most of the backend modules implement a handleRequest method for backend module controllers that have the same signature as PSR-15's RequestHandlerInterface.
Is it intended in future versions to implement this interface and does anything speak against implementing for my own backend modules?
I’m rebuilding an entire backend module for compatibility with TYPO3 9 and would like to be sure that such an approach is viable in future version s (at least until TYPO3 10).
The module itself worked for almost 10 years without any bigger overhaul, but with BaseScriptClass being deprecated, I see no other choice.
Thanks for your feedback.
Using requests and response is the way to go. This is nothing invented by TYPO3 but a standard which is implemented, see https://www.php-fig.org/psr/psr-15/. Stuff like GeneralUtility::_GET will be deprecated or even removed probably in version 10.
Getting back to your question: Yes use that in your backend modules! Currently the core tries to remove less extbase, especially in the backend because of various reasons and this is also the way to go for extensions. Check out e.g. the backend module of the redirects extension or site module. A custom extension I currently implement is https://github.com/georgringer/site_management which follows also those principles.
I have Drupal 6 site.
By mistake, I have deleted view, which is very crucial.
http://www.chetan.co.in/admin/build/views/edit/category_grid?destination=category-home#views-tab-page_1
How do I undo this delete operation.
Any help highly appreciated.
Take Note: Drupal 6 is no longer officially supported by the community. While there are some places that are offering long term support for Drupal 6, you should plan to move to Drupal 7 or 8 soon.
You'll most likely need to rebuild the view; Drupal doesn't have a feature to undelete a structure like a view.
That said there are a couple places the view might still exist:
If you have backups of the database from before the delete, you can load a backup to a new location and export the view from the backup and import it into the production site.
If you don't have a backup, stop what you're doing and solve that problem before your situation gets worse.
If the view is in a feature (module built with the features module),
you can revert the feature through drush or the features interface.
If the view came from a module another way you might be able to
re-install the module (but uninstall may have side effects that are
worse).
Joomla 1.5 will reach the end of its life in a short term and many site are being upgrade to a 1.7 or 2.5 version. We are trying to figure out how we can upgrade our sites. Unfortunately the developers of Joomla, who are doing a great job, haven't kept backwards compatibility high on their requirementslist.
We know there are many resources describing how to migrate a Joomla site to version X from version 1.5. But in our company we have about 120 Joomla sites. With all the migration steps that have to be done to the templates, custom written code and the third party modules we use this would be a hell of a job to migrate. So we are looking into methods and techniques that would make our (upgrade) job easier.
I can't imagine we are the only one with this problem so I am looking for more information on migrating these sites on a large scale. We can't be the only one who are struggling with this.
To give some detail, for upgrading of the minor versions we used the Vendor branches technique which worked awesome. In short, in our SVN repository we have a folder containing the current Joomla release. In the same repository we have a folder containing our own Joomla version with some custom code adjustments. Every project is based on that custom version. With the use of version branching we could easily update all our projects to the latest Joomla version.
For the major upgrade this technique won't be suitable. For instance we expect that some projects won't be upgraded to the new Joomla version for compability issues.
A way to solve this for the 2.5 branch could be to create two new folders with the 2.5 release of Joomla and our own customized 2.5 version. Each migrated project then would be branched of the 2.5 customized version. The migration process would be tedious and for sure be a manual drill.
We are afraid that we have to do this for every major release of Joomla so this won't be a real solution.
A solution we are thinking of is using phar and composer to create the project. If we succesfully can create a joomla phar as library and put custom development in an other phar, upgrading should be as simple as replacing the phar. Third party modules should be put into a phar archive also for easy updating. If modules don't support this, we are going to phar it ourself.
Of course we know that Joomla has a new, integrated update mechanism. We are looking into this mechanism but doubt we can use it since we have some custom patches to core code or module functionality.
To summarize this post, we have two challenges we'd love to get some feedback of.
How would you sggest upgrading 120+ sites to the latest release of Joomla
How do you manage Joomla updates if you have a large number of Joomla sites to maintain
The bad news is that there is no automated upgrade path from Joomla 1.5 to 2.5, as the changes are so drastic that they are almost like night and day. The template changes are such that you may have to rewrite them from scratch. Do not forget that 2.5 does a number of things differently too so you may also face a learning curve.
My suggestion would be to have a tiered migration plan and only migrate the sites that you need to or can justify the costs of the migration as the components, modules and plugins you use.
When doing so you need to watch the release schedule which provides a Long Term Release every 18 months each of which will most probably break backward compatibility from the previous versions, so you will end up with sites at 1.5, 2.5, 3.x etc
I believe that phar can be used in order to distribute a new upgraded version - but it will not help you in the upgrade process itself.
My (painful) experience with a migration from 1.5 to 1.7 taught me that not only the code changes were dramatic but also the DB changes (structure!), ACL implementation etc etc. The template will probably be the least of your problems.
My question back to you is, why do you want to upgrade ALL the websites ? if a specific website needs tools/plugins that are available only on higher versions of Joomla then I guess it's a good enough reason. But to upgrade all the websites will be, like you anticipate, a project from hell...
I tried the Audio module at http://www.drupal.org/project/audio but I'm looking for alternatives if better ones exist.
My problem with the Audio module is that the current release (and the past 5 releases) seem to have all been released as unsable.
The second problem is that the player itself that plays the audio is not showing when I display the node. I thought it was a theme problem, but when reverting back to Garland, the player is still invisible.
Any solutions or alternatives?
It's hard to say much about a module from it's release names. Some module developers don't like to release stable releases, as they then are saying, this module is bug free. They don't have the same commitment if user's should have issues, as the module is a unstable version. There have been talks about making a guideline/codex for module development and when modules should be regarded as stable releases.
Anyways in your example, if you look at the usage of the project, you'll find that July 4th had 2,958 sites using the 6.x branch of the module. that's a fairly high number, so you shouldn't worry too much about the module being all that unstable.
Your problem with the player, could be a theming / settings issue. If you want help with that, you should write a more specific question about that, including what you've tried/done etc.