Provides a new substitution type for Linkit that will automatically
output a direct download link for the media if its a single file, and
link to the media page if there are multiple files attached to the
Personalization for blocks, view modes and more. In heavy development, more details soon to follow.
Drupal 8.2.7, a maintenance release which contains fixes for security vulnerabilities, is now available for download.Download Drupal 8.2.7
Update your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. See the 8.2.7 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.
- Advisory ID: DRUPAL-SA-CORE-2017-001
- Project: Drupal core
- Version: 8.x
- Date: 2017-March-15
When adding a private file via a configured text editor (like CKEditor), the editor will not correctly check access for the file being attached, resulting in an access bypass.Some admin paths were not protected with a CSRF token - Drupal 8 - Cross Site Request Forgery - Moderately Critical - CVE-2017-6379
Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.Remote code execution - Drupal 8 - Remote code execution - Moderately Critical - CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution.
This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed.
You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.Solution
Update to Drupal 8.2.7Reported by Editor module incorrectly checks access to inline private files - Drupal 8 - Access Bypass - Critical - CVE-2017-6377
- László Csécsy
- Wim Leers
- Alex Pott of the Drupal Security Team
- Klaus Purer of the Drupal Security Team
Updated the above text to link to the correct update directions.Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
This module is responsible for integrating the current site to the DREAM real-time messaging service, called Epsilon. The main purpose is the code modularization. In other words, the e-mail integration will not only depend on the current site.Get Started
To get started, you need to contact the DREAM team, requesting the Epsilon integration data for the current site.
Adds a user tab to assign a users content to another user.
Useful if you want to make an editor not an editor any more, but the new editor should get the author rights to the content of the "previous" editor.
Uniclass 2015 is a unified classification for the UK industry covering all construction sectors. This module brings Uniclass 2015 classification to Drupal 8.
This module allows you to render all your menus with jsTree library via blocks.
Once you have the module enabled you will have a new block for every menu you have on your Drupal site. This blocks will render its menu with jsTree. All blocks of this module have a name of style "jsTree menu: MENU_NAME".
You can switch between "default" and "proton" themes via admin form.
Adds a Font Awesome icon to fields with a description that allows users to toggle the display of the description.Configuration -> /admin/help_text/settings
Current config options:
- Font Awesome Icon
- Icon Size
- Icon Title Text
- Icon Alt Text
- Apply Only to Node Forms
This is a tiny module for Acquia clients that have GeoIP support installed on their load balancers. It changes Drupal's Vary response header to include the X-Geo-Country header. The effect of this is that the visitors of your site will get cached responses for only the country they are visiting from.
Provides Panels full-width style, layouts, and related utilities for use in a Panopoly site (or Panopoly-based distribution), making it easier to build modern full-width landing pages.
Currently includes support for "full width" style plugins, layouts and themes, where a region style can span the full width of the page.
If you want to try whole experience of Small Business Theme we suggest that you download our distribution (Drupal + Small Business Theme). This way you will get all the demo content and fully working website.
Druppio Small Business is theme for small business, personal portfolio etc.
Our vision was to present clear and simple first impression about business in one image.Technology
Small Business theme is written in SASS, compiled by GULP and use BrowserSync for development environment. For grid system we use susy and breakpoint.
Advance users can use it like this or simply rewrite the CSS files directly. If you are junior user you have a text field in theme admin where you can just add your css styles and it will be applied to theme.
You have detailed description of development environment in readme.txt file.Features
- Documentation included
- Browser compatibility
- Drupal 8 version
- Web Technology HTML5/CSS 3
- Fully responsive
- Easy setup
- Distribution download
You can simply download per-configured distribution (with Small Business theme) and everything will be set for you. The whole website with modules, views, blocks, theme and test content.
Everything you see in demo page on this site, will be seen when you download this distribution 1:1.Support
If you have any question feel free to contact us.
test upload module
oLogin is an All-in-one thrid-party login solution, site builders and developers can integrate social media account login ability to their drupal sites.
By default, oLogin integrate WeChat(WeiXin) QRCode login ability to Drupal, by add other add-ons, users can use other social media accounts to login Drupal.
Verti is a responsive theme for Drupal8, templated by HTML5 UP and drupalized by SeASerWeb.
- Full responsive theme (mobile, tablet and desktop breakpoints)
- HTML5 + CSS3
- Built on skelJS
- Super customizable
- Sidebar first
- Sidebar second
- Footer first
- Footer second
- Footer third