Mar 03 2008
Mar 03
Post by Cat Allman, Open Source Team

If you've ever wanted to hear what we on the Open Source team have to say "live and in person", you will get a chance next week at DrupalCon Boston '08. This twice annual conclave of Drupal developers is being held at the Boston Convention and Expo Center, March 3rd - 6th. Our fearless leader, Chris DiBona, is giving the keynote; "Open Source is Magic". Geek herder extraordinaire, Leslie Hawthorn will be speaking about Google Summer Of Code 2008, and the results of GHOP, the Google Highly Open Participation Contest. Come on down!

There will also be Googlers 2 weeks later in Chicago at PyCon. Guido van Rossum is giving the opening Plenary Keynote on March 14th, "Python 3000 And You", and our Brian 'Fitz' Fitzpatrick will be also be giving a keynote later in the conference. There will be a number of us in attendance - please say hi.

We hope to see you there!

Mar 03 2008
Mar 03

It's been a good, long while since I wrote a blog post. Between work and family, there just hasn't been time. I've been super busy for months now, but not without some benefits.

For one thing, I've been learning tons. I've been working on picking up more PHP and delving a bit more into backend Drupal work, as well as doing more accessibility and usability work and learning more about user experience design. I guess you could say I've been branching out every which way. As a reward for all that hard work, I'm going to DrupalCon in Boston. Although the conference doesn't start until tomorrow, Jon and I flew in for a long weekend to soak up some history and not a little seafood. I can now state pretty definitely that the Union Oyster House has the best clam chowder I've ever eaten, and Mike's Pastry has Boston Cream Pie to die for. Not to be missed. It might be cold here in Boston, but with good food and four whole days of Drupal learning, it's weather I'm happy to put up with.

Hi there,

I wanted to ask how the DrupalCon went and if there was anything particular that you walked away with that made you glad you went or was the whole event great all rounder.

Btw did you learn Drupal from book or from the web? I am trying to track down a good resource for learning Drupal that is hardcopy, can you suggest anything? or is web my best bet?

Mar 03 2008
Mar 03

It’s Sunday night and I’m on board the WiFi-equipped bus from Manhattan to Boston for DrupalCon Boston 2008. My Digital202 colleague Ben Horst is already there and the both of us are looking forward to a few solid days of learning, connecting with others in the community (many of whom we’ve worked with but never met) and diving into subjects like online communities, collaboration and the future of Drupal.

I wanted to share what we hope to bring to and gain from DrupalCon, and I think that this post will serve to help us make the right connections and participate in the right discussions. We had originally thought to lead a discussion on Drupal as the ultimate team collaboration platform, but have since decided to pull back from that. I felt we’d be more effective joining existing formal and “birds of a feather” sessions that are relevant, and connecting with other individuals and groups to share ideas and form relationships. Read on to learn about what motivates us and what you might hear us talking about at DrupalCon.

Some context. Digital202 is a full service web development shop headquartered in New York. We build gorgeous, interactive websites with a focus on online communities and social networks, and our geographically distributed model lets us work with great people around the world to get things done. We’ve built sites like and and more, and our portfolio is steadily growing. (We’re hiring! If you’re a Drupal rock star, get in touch!)

We’ve cultivated a trusted network of exceptional talent over the years, across a full spectrum of skills and expertise. We work with any number of people at any given time — from places all over the world, like India, Romania, Egypt, Hungary, Ukraine, across North America and elsewhere. We put great emphasis on the tools that help us all work together effectively, which lets us build great products and deliver superior value to our clients. We utilize issue tracking and revision control and other related components as necessary, as part of a broader team collaboration environment (called Workspace) that we’re working to improve and evolve. We’re all about the “future of work” and we pride ourselves on being able to maintain a distributed operation that is agile and effective.

From the start, I’d been fascinated by the ability to connect with others, regardless of where they were, to join forces and get things done. Even before I was swept up by the “dot com” boom as a young kid in Seattle, I was building software with others and leading special interest groups and communities. I went on to work for companies like (then Microsoft) and eventually started Digital202 in 1999. Naturally I sought to work with others to help my clients, and geographical location wasn’t much of a consideration. A colleague put me in touch with a family friend in India and soon I was actively working with our team there. This was all even before Thomas Friedman of The World is Flat fame says this phenomenon began. I felt that the greatest potential lay in openly finding ways to work with others to do great things. I’ve sought to work with others who share that mindset, and it’s a philosophy now deeply ingrained in our culture and our products.

At some point along the way, after a period of research and soul searching, we sharpened our vision, really defined what we wanted to dedicate our company to. Woven was founded, providing a name and an umbrella for our new overarching focus. Woven is dedicated to empowering people with the tools to work together effectively, regardless of geographical location. I believe that represents the greatest need and opportunity in our increasingly integrated world, and the way we can best give forth.

Digital202 continues as a growing consulting company and is effectively the “engine.” We help our clients build great community-based websites, and we’re strengthening our geographically distributed model so we can continue to deliver unparalleled results. As we’ve advanced, we’ve become well versed in the challenges of operating in a distributed fashion. At the same time we continue to identify solutions and these manifest in the form of processes and tools. We share this wisdom and these solutions under the Woven umbrella and we continue to work towards fostering a community of folks that share our vision and the goal of bettering the tools that let us work together effectively.

I believe Drupal has the potential to be the ultimate team collaboration environment. We’ve been experimenting in this realm and some of our work has resulted in contributions like Case Tracker. We’ve followed other activity in the community and what we see are excellent ideas, contributions, and talented individuals that are working towards this in some way. We also see that many of these are disparate efforts and that so much potential is left untapped because of lack of a defined objective and coordination amongst this segment of the community. There is great work being done on what we believe are important pieces: Project, the Version Control API, Organic Groups, the Chat API, and much more. There are various groups discussing issue tracking, project management, and so on. The Drupal project itself relies on the collaboration infrastructure.

I believe we need to coordinate our efforts and establish a roadmap towards developing a distribution of Drupal that aims to be the ultimate team collaboration environment. With “install profiles” in place since Drupal 5, the technological infrastructure is there. With Dries’ new startup Acquia promising to create and support Drupal distributions, I don’t think anyone in this community needs to be convinced that this is the right path. With the world where it’s at and team collaboration in such demand, I think the opportunity is clear. We’ve written about it here and elsewhere, Dries has stated he believes there is a clear opportunity here, many others have talked about this as well. Dries has said that Drupal core itself does not have a roadmap, but I imagine Dries would agree that distributions can and should have a roadmap.

I’ve got to wrap up this post, but I certainly do hope to continue this conversation with some of you. Let’s talk about how to coordinate our efforts, how to come together to strengthen a community, create that roadmap and build the ultimate team collaboration platform on Drupal. Drop me a note here, e-mail me at [email protected], or give me a call if you’re at DrupalCon.

Mar 03 2008
Mar 03

This is a list of sessions I'll be attending at Drupalcon tomorrow:

Site Building: Drupal Multimedia This session will show you how to bridge the gap between Drupal and multimedia. Drupal is cutting edge. Though support for multimedia out of the box is currently spotty, with a few contributed modules and some minor expertise, it can be used to create anything from a classy personal photo gallery to a hip music & video blog to a mega-corporate gaming and multimedia heaven. Community and Core: GHOP (Google Highly Open Participation) GHOP, which stands for Google Highly Open Participation, is a contest
which attempts to get high school students involved in open source
organizations such as Drupal. From November 2007 to February 2008, many 13-18 year olds did amazing work for Drupal, and many of them are
planning on being long-term members of the Drupal community. This
session will cover what GHOP students did for Drupal, and how their
becoming part of the community will strengthen Drupal. This session
will be a mix of presentations led by both GHOP admins and students,
and there will be a panel discussion about the GHOP experience. Mareting and Business: Making a Career out of Open Source Open Source software overview, the two license types, selling a solution, embedding, and sell services. Community and Core: OpenID and Identify in Drupal This session is about identity management in Drupal focused primarily
on the role of OpenID. With the release of Drupal 6 and the inclusion
of OpenID support in core, it’s time to look forward on the future of
digital identity, and how Drupal can best grow and expand to
accommodate the changes.

A number of other sesions on Monday sound very interesting, but sadly I can't be in two places at once!

Mar 01 2008
Mar 01

I arrived in Boston yesterday afternoon, absolutely exhausted after Usability testing at UMN -- which was amazing. See the report at 9am on Monday to hear why. It was snowing heavily here this morning. Today I need to prepare for my presentation on Scalable Theming and my parts of the Usability presentation, and try open another US bank account.

Here's my photoblog to date:

A few NEW cultural oddities I've noticed in the US since my last visit 5 years ago:

  • Airport pager: "The security threat level... is orange" -- talk about
    fear-mongering. No need for foreign terrorism in the US -- the local authorities are terrorizing plenty enough here!
  • Control-culture doesn't seem to be so severe this trip but is still grating. I think that's more to do with the people and places I'm mingling with though.
  • You can't seem to fill up a bottle with water anywhere. They seem to be getting the idea of 'being green' with recycle bins and signs to conserve hand-drying paper in the toilets and not leave the tap dripping, yet it's difficult NOT to go through several styrofoam, paper or plastic cups, bottles, plates and fast-food trays per day. I wonder how effective the recycling actually is here? Given the amount of extremely cheap "recyclable" materials consumed, and the fact that these materials usually aren't economically worth recycling, I suspect very little of it is actually recycled. Even where recycle bins are present. Meaning all the recycle bins do is make you feel less guilty about being a polluting consumer.
    • Most annoyingly of all for me, I can't fill up a bottle with tap water anywhere except a public bathroom, which 'feels' unhygenic, although probably isn't.
Feb 29 2008
Feb 29

Right now there are two big CMS systems which have been recently released. As you may or may not know Drupal and Joomla are the two biggest open source CMS solutions. They both have big communites, and both have been used by companies and individuals to make big and important websites. But what the biggest thing that comes to mind is what is the difference between these CMS systems?

New Features for Joomla

The new Joomla 1.5 marks the first Joomla release which gets away from the mambo codebase. It has been completely rewritten from scratch.

Template parameters

Template parameters can be used to let administrators control the template structure. Administrators could switch color schemes, choose between a 2 or 3 column layout … or set the minimum width of the template.

Template Overrides

Simplified changing way an article is rendered and changing the table output to divs. Pagination rendering and module styles can also be extended.

Support for multiple css files

The template manager supports multiple css files and adds support for a special editor.css file that gets loaded by the wysiwyg editor in the administrator.

New Template architecture

It is now possible override all the html generated by the modules and components to suit his needs.
To allow this kind of functionality Joomla! 1.5 implements a solution called a ‘template view‘. Components and modules developed using this new API (application programming interface) can be automatically overridden by template designers. There are now two types of templates: the site templates and the extension templates. A site template defines the look and feel of your website while an extension template defines how a certain component or module gets rendered. The extension templates can be overridden in a site template. PHP code is now the template language of choice to implement presentation logic. patTemplate (the old template language) while still supported is now not used in core (it was slow, and it didn't work with PHP code).

Improved SEF URL implementation

Joomla now has even more capability for search engine friendly URLs. That means that even out of the box joomla can now have a better url than, something more like us (yes, that's right with the blank space).

UI Improvements

Joomla has added new perameters to theming elements. They have provided an easy way for themers to incorporate rounded corners. They also have a new menu system for the admin section. They also cleaned up the administrator section, so that it is cleaner. The new Joomla also has more icons and buttons added to the install process. And has ajaxified the installer.

UTF 8 Support

This means that more languages can be used on a Joomla site. And the installer can detect your language.

New Features For Drupal 6.0


The new Drupal 6 experience starts with the installer, which has been drastically improved. It now guides you through the initial setup steps, so starting a new Drupal site is significantly easier. Configuration parameters that used to be all over the place are now prompted for during the install so there are fewer steps necessary to get the site configured.

Improved Language Features

You will notice the improved language features as well, in both the installer and throughout using Drupal. Right to left (RTL) languages are now supported, interface translations are automatically imported, and you can translate your posts right from the built-in interface, without installing additional modules.


The OpenID client module has been added to core. This allows your users to sign on your site with their OpenID accounts.

Actions and triggers

A new Trigger module has been added to core. The Trigger module lets you assign flexible configurable actions to several events happening on your site (eg. send an email when a post gets published).

Update status

The highly popular Update status module is now in core. This informs you about the latest bug fix and security updates for modules and themes enabled on your site, so you can always keep your site secure and clean.

Menu system

The menu system was rewritten from scratch, making it much more efficient. The menu interface is nearly identical so aside from the performance improvements, you will only notice the underlying changes if you are a programmer.


Theming has been made more flexible and easier by moving most of PHPTemplate engine deeper into core. Default template files (.tpl.php) can now be implemented by modules and a handful have already been converted. If you don't like the way something looks, just find the .tpl file, copy it to your theme, and change the HTML.

Book and Forum changes

The book module and forum module have been reworked from the ground up: it is now possible to have any type of content in forums (polls for example) and the book administration is simplified.


There have been significant improvements in drupal caching, this includes the javascript aggregator can greatly increase loadtimes on sites with multiple javascript files.


So as you can see I have laid it all out there the major features with both releases and I leave it up to you to decide. I picked drupal, but it really depends on the project your working on.

If your a developer and would like more information on how to get up to speed with drupal, you can also check out my post on the fundamental concepts of drupal for a php developer.

Related Posts

While working on various projects with drupal I realized that there is really no one definitive place which lists the concepts that you need to become familiar with when dealing with drupal. So I decided that I would put them in one place for people who maybe are experienced php developers who are trying to learn to work with drupal for the first time.

Feb 29 2008
Feb 29

The sections of this tutorial are as follows:

  • Brief background on ApacheBench and performance of Drupal Anonymous vs Authenticated Users
  • Accessing the cookie containing the Drupal session ID
  • Passing the session cookie to ApacheBench
  • Verifying that the Drupal installation being benchmarked recognizes the cookie and is serving authenticated Pages

    ApacheBench, also known as 'ab', is a command line program bundled with the Apache Web Server that measures the performance of web servers by making HTTP requests to a user-specified URL. ApacheBench displays statistical information, such as the number of requests served per second and the amount of time taken to serve those requests, that is useful for evaluating (benchmarking) and tuning the performance of a webserver. ApacheBench does a decent job of simulating different types and levels of load on a sever.

    Many Drupal websites make use of Drupal's core caching functionality, which typically improves performance for anonymous users (users who are not-logged in) by a factor of 10 times, measured in requests served per second. The cache system achieves this performance improvement by storing the results of certain database queries in designated cache tables, allowing Drupal to avoid repeating expensive or frequently run database queries. Drupal does not cache page content for authenticated users because Drupal's permissions system (and node_access restrictions) can show different content depending on a user's role and because some elements of the page are user-specific. Since authenticated users are typically served non-cached pages, requests served to them are more resource intensive and therefore take longer to conduct than requests served to anonymous users.

   By default, ApacheBench requests pages as one or multiple concurrent anonymous users. Benchmarks of performance for anonymous users can be useful for a website that most users will access anonymously, but these data do not accurately describe the performance of websites that serve a significant percentage of their total pages served to authenticated users (as most community sites tend to do). By providing the Drupal session cookie information, ApacheBench can perform benchmarking tests as an authenticated Drupal user.

Accessing the cookie containing the session ID:

Note: These instructions are for the Mozilla Firefox browser.

1)Log into your Drupal installation using the account that you'd like ApacheBench to use when conducting its tests.

2)Open the Firefox preferences menu and browse to the 'Privacy' Tab

3)Click the 'Show Cookies' button

4)Browse the list of sites to find the site that you have just logged into.

5)Highlight the cookie associated with your site that has a 'Cookie Name' value beginning with 'SESS'. There should be only one of these cookies. If you have two cookies with names beginning with 'SESS' for the same Drupal website, you should clear both of these cookies (which will log you out of your Drupal site) and log back in to ensure that you are specifying the correct cookie in ApacheBench.

6)You'll see that your site's SESS cookie has both 'Name' and 'Content' values. You're going to copy each of these values individually and pass them inside of a command line parameter to ab. Note: Do not log out of your Drupal site before testing with ab, as doing so will invalidate the cookie information you have just copied!

Passing the session cookie to ApacheBench

   The 'C' parameter is used with ApacheBench to specify a cookie. This parameter is case sensitive, and should not be confused with 'c' (lowercase) which specifies the number of concurrent requests ApacheBench will make. You'll describe your site's cookie using the following format:


There is no space between the equals sign. Below is a completed example specifying that 400 requests will be made (-n 400) with 10 simultaneous requests (-c 10):

ab -n 400 -c 10 -C 'SESS5a2cb35dfce80bc682796cc451440ac0=d45b85c5be4c651ea2ad520947082e04'

Verifying that Drupal accepts the cookie and is serving pages to an authenticated user

    It's important to verify that Drupal recognizes and accepts the cookie that corresponds to your session. Once, while performing a set of ab authenticated Drupal user benchmarks, I adjusted a Drupal cache setting that increased the number of requests served per second for authenticated users from 5 to 60. I thought, “Wow! I've made an enormous improvement!” What I had actually done was switched from Drupal core session handling to Memcahe's session handling, which caused Drupal to not recognize my cookie. Drupal was actually serving anonymous pages, which accounted for the dramatic “performance improvement.” To avoid misunderstandings like this one, we'll use ApacheBench's verbose mode to confirm that Drupal is serving authenticated pages.

   In our theme directory, we'll add a PHP snippet to page.tpl.php below the HEAD tag, that will print, inside an HTML comment tag, the username and uid (user id) of the user currently viewing the page.

<?php global $user; print 'This is user: '. $user-??>name .' : UID:'. $user->uid; ?>

Then, we'll run ApacheBench with a verbosity level of 4 (parameter -v4), allowing us to view the HTTP response code and html that the server is sending to ab.

    Viewing the content of pages served to ab is also useful in determining the nature of failed responses and investigating suspiciously high numbers of requests served per second. Apache identifies certain types of failed requests by serving them with an unsuccessful (non-200) HTTP response code. (For more about HTTP response codes\status codes, see the W3's "Status Code Definitions" .) ApacheBench recognizes HTTP response codes and reports the number of responses that are marked as successful and unsuccessful by Apache. A reportedly high number of requests successfully served per second can indicate good server performance, but it's important to distinguish pages served with a 200 response code from those that are truly served successfully. In some situations, Apache is unaware of serious problems that occur in other parts of the server stack and will serve pages with an HTTP response code of 200 (successful) despite the fact these pages contain only a PHP fatal error. In these cases, Apache is “successfully” serving the PHP fatal error message.

    Drupal correctly specifies non-200 HTTP response codes when it is unable to connect to the database. Viewing the content of the benchmarked page allows the person performing the testing to view the specific error message that the site is displaying. This is useful in identifying that the problem is, for example, that the MySQL max_user_connections value has been reached, as opposed to other database connection errors, such as an Access Denied error.

It's worth noting that while ab provides useful information about a server's performance, that it does not predict exactly how a server will perform under load from actual users.

Questions? Comments? Corrections? I'm happy to hear from you.

Feb 28 2008
Feb 28

I seem to have gotten myself involved in a Drupal Multimedia Panel with Nate Huag, James Walkah, and Aaron Winborn. All of whom have contributed greatly to multimedia handling in Drupal.

I suspect we'll be telling people how to use our modules to do cool things. I'm not sure the level of expertise to plan on, but I'll probably try to cover a few imagefield/imagecache site recipes that I like, as well as touch on future development for filefield, derivative, and transformer.

Look forward to seeing some folk there.

Feb 28 2008
Feb 28

Sitting in the Is Beauty Truth? session at TED2008 today, I am reminded of a phone conference with TED Curator Chris Anderson last fall to bring him up to date on the status of one of the previous year's TED wishes.

When Sun wrapped up its formal role in developing the Open Architecture Network (OAN) it handed over a sustaining challenge to the site's owner and community leader, Architecture for Humanity (AFH).   When TEDOpen Architecture network Curator Chris Anderson asked Sun why the TED Prize winner was left in a lurch I gave a short answer, "It was primarily due to reasons of expediency".  In actual fact, Sun never walked away from AFH.  Sun was, and continues to be, committed to their success and continues to be involved.  As of today, we now we see a clear path to a sustaining model that leverages the Drupal community and frees AFH from the dependence cycle it was caught in with Sun.  I look forward to bringing that good news to Chris before the conference wraps up on Saturday.

The first step on this path is to refactor the site such that it runs on an unadulterated Drupal core.  To do that AFH and Sun have contracted with CivicActions to migrate the OAN from a hacked Drupal 4.7 to a clean Drupal 5.X.  (It was the hacking aspect that I explained away to Chris Anderson as "expediency".  Corners were cut, compromises were made, but AFH's and TED's primary goal, to launch the site at TED2007, was achieved.  Incidentally, of the three TED2006 prize winner, only AFH's wish was realized by TED2007.)  CivicActions won the bid to perform the migration by doing a professional and efficient assessment of the OAN's current state and the effort required to bring it up to the high standards of a showcase Drupal site.

My next few posts will describe the process of setting up this development environment as we open Chapter 2 in the OAN's odyssey.  I'll describe how we use OpenSolaris to enable efficient development, testing, and deployment for multiple contributors working on multiple tasks and timelines.

For more on why OpenSolaris was chosen as the development and deployment platform for the OAN, see this article on the Sun Developer Network, and this brief interview.

Feb 28 2008
Feb 28

Just noting that I updated my Drupal 6 test site to 6.1 following the security release. The update was painless.

Thanks to Drupal 6's new update functionality, the site itself checks to see if any updates to core or modules are necessary and let's you know.

And if you think it's problematic that 6.0 already had a security patch...I beg to differ: new "dot 0" releases of any software often have bugs, sometimes security related, and Drupal's quick 6.1 release just demonstrates that Drupal in particular and open source projects in general are often quicker to identify and patch security bugs than proprietary development teams.

Feb 28 2008
Feb 28

This snippet of code gives a brief example of how to rewrite components of the $links variable to make them prettier :) Specifically, here I’m overwriting the link generated by the Forward module. You can see the result below: the little envelope icon labelled “Email”. Normally, this would just say “Forward this page”, which is a bit… well, it could be better. Obviously, it’s nice to be able to change these things to taste.

There are two ways to achieve this result: using theme code in template.php, or inside of a helper module. First, I’ll discuss the module approach.

The helper module method is what I had originally used. It’s a little neater, in that you code it once and forget about it, and it doesn’t clutter up template.php’s _phptemplate_variables function, which can easily become bloated with code.

In the module, I’ve added a function to implement Drupal’s hook_link_alter() function. Here’s the code to do it:

function mymodule_link_alter(&$node, &$links) {
  foreach (
$links as $module => $link) {   // iterate over the $links array
    //drupal_set_message(print_r($links)); // uncomment to display your $links array

    // check if this element is the forward module's link

if ($module == 'forward_links') {
$title = t('Email this page to a friend');    // change the title to suit
$path = path_to_theme() . '/images/email.png' // make an image path

      // now update the links array
      // set the title to some html of the image and choice of link text

$links[$module]['title'] = theme('image', $path, $title, $title) . ' Email'; // let's set some attributes on the link
$links[$module]['attributes'] = array(
'title' => $title,
'class' => 'forward-page',
'rel' => 'nofollow',
// this must be set, so that l() interprets the image tag correctly
$links[$module]['html'] = TRUE;

Ok so really, this ought to be done in the theme layer. Like I said, it’s perhaps not as compact and neat, but here’s the code. It’s mostly the same, but note a couple of additions and changes: firstly, we are not changing $links – this is a pre-rendered string by the time it gets to the template.php. We need to get to the original goodies! Hence, we use $vars[&#039;node&#039;]-&gt;links[module-name][field-name].

Secondly, note that because we have now altered the value of one of the original links’ values, does not mean that the node’s $links is correct. This is the bit that caught me out! We must now regenerate the $links variable using the theme_links() function, as per the last line of code below. This mimics what phptemplate.engine does in core.

function _phptemplate_variables($hook, $vars = array()) {
  switch (
$hook) {
      foreach (
$vars['node']->links as $module => $link) {
        if (
$module == 'forward_links') {
$title = t('Email this page to a friend');
$path = path_to_theme() . '/images/email.png';
$vars['node']->links[$module]['title'] =
theme('image', $path, $title, $title) . ' Email';
$vars['node']->links[$module]['attributes'] =
'title' => $title, 'class' => 'forward-page', 'rel' => 'nofollow');
$vars['node']->links[$module]['html'] = TRUE;
$vars['links'] = theme('links', $vars['node']->links,
'class' => 'links inline'));

You can achieve this effect for anything that’s in the $links array. On this page (below), you can see the link I’ve described here, another for print-friendly pages and also a themed comment link.

Feb 27 2008
Feb 27
  • Advisory ID: DRUPAL-SA-2008-018
  • Project: Drupal core
  • Version: 6.0
  • Date: 2008-February-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities


Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages.

The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character, allowing users to inject arbitrary HTML and script code in certain pages.

Wikipedia has more information about cross site scripting (XSS).

Versions affected

  • Drupal 6.x before version 6.1.


Install the latest version:

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.

Reported by

  • Steve McKenzie discovered the ECMAScript issue
  • The Drupal security team


The security contact for Drupal can be reached at security at or via the form at

Feb 27 2008
Feb 27

Next week, more than 800 people will gather in Boston and talk about Drupal for four full days. This annual event is known as Drupalcon, and it will be the first one I'll be attending.

The sessions will cover how large organizations are involved with the open source project (like Google and IBM), how it can benefit any company (Profitable Web Development Process), where authentication systems are going today (OpenID and Identity), getting the speed you need (Performance Tuning), developing through automated testing (SimpleTest), how Flash can benefit from a backend system (Drupal and Flash/Flex), building AJAXy user interfaces (Drupal 6 AHAH), ensuring secure websites (Security), usability analysis (Administrator/User Friendliness), and much more.

I depart on Sunday afternoon from Toronto, and will be there Sunday night. I'll be wearing my Drupal Camp Toronto shirt, so I should be relatively easy to spot. I am looking forward to seeing you all in Boston!

Feb 27 2008
Feb 27

Kudos to walkah et al for their work on the Drupal OpenID module and getting OpenID into core for Drupal 6!

By default, OpenID in Drupal 5 and 6 defaults to present regular Drupal authentication first, giving the user the option to toggle to authenticate via OpenID.

That's the exact opposite of what I wanted to deploy on my blog: I want users to log in using OpenID unless they have a very good reason not to. Here's how I solved the problem in 5 easy steps using just the magic of a phptemplate theme to modify the authentication interfaces to default to OpenID.

Step 1: Override Authentication UI

First I added the following overrides in my theme's template.php file to specifiy that I would be overriding various interface elements.

// override the user log in form at /user
function phptemplate_user_login($form) {
return _phptemplate_callback('user_login', array('form' => $form));

// override the user registration form at /user/register
function phptemplate_user_register($form) {
return _phptemplate_callback('user_register', array('form' => $form));

// override the password reset form at /user/password
function phptemplate_user_pass($form) {
return _phptemplate_callback('user_pass', array('form' => $form));

// override the user log in block
function phptemplate_user_login_block($form) {
// show hint in form element
$form['openid_url']['#value'] = 'OpenID Login';
// remove hint in form element on focus
$form['openid_url']['#attributes'] = array('onfocus' => "javascript:openid_url.value=''");
return _phptemplate_callback('user_login_block', array('form' => $form));

Step 2: New User Log In Template

Next I added a template file to my theme directory called "user_login.tpl.php" as per my override in template.php above with the following code.

// reverse default form element visibility toggles set in openid module js
drupal_add_js('$(document).ready(function(){$("#edit-openid-url-wrapper").show();$("#edit-name-wrapper").hide();$("#edit-pass-wrapper").hide();$("a.openid-link").hide();$("a.user-link").show();});', 'inline');// render login form

Step 3: New User Registration Template

Next I added a template file to my theme directory called "user_register.tpl.php" as per my override in template.php above with the following message, giving a link for users to go get an OpenID because I don't want users to create local Drupal identities.

Establish your <a href="" title="Learn More about OpenID">OpenID</a> with a provider like <a href="" title="Visit"></a>. Then come back to this site and <a href="" title="Log in to this site">log in</a> with your new OpenID.

Step 4: New Password Recovery Template

Next I added a template file to my theme directory called "user_pass.tpl.php" as per my override in template.php above with the following message, giving a link for users to go recover their password from their OpenID provider.

Visit your <a href="" title="Learn More about OpenID">OpenID</a> provider to recover your password. Then come back to this site and <a href="" title="Log in to this site">log in</a> with your OpenID.

Step 5: New User Log In Block Template

Next I added a template file to my theme directory called "user_login_block.tpl.php" as per my override in template.php above with the following code.

// reverse default form element visibility toggles set in openid module javascript
();$("a.openid-link").hide();$("a.user-link").show();});', 'inline');// render select elements in login block

You're Done!

After these 5 steps, users are presented with OpenID authentication on my site and guided to getting an OpenID if they don't have one already. A user with a local, Drupal identity can still toggle to authenticate on the now obscured /user login form, but only an existing user with the proper access can create new local Drupal users.

My dream for OpenID in Drupal core is to have admin UI that allows various configurations which make any necessary changes to the user authentication UI:

  • prefer OpenID authentication, allow Drupal
  • prefer Drupal authentication, allow OpenID
  • allow only OpenID authentication
  • allow only Drupal authentication (this case would be covered by just not enabling the OpenID module)

Let me know if you have more questions about or suggestions for this solution.

Feb 27 2008
Feb 27

Currently there are three options for creating error pages in the Drupal system, that I know of. I’m going to show here which I think is the best, for reasons of usability, performance and general webmaster sanity. At the foot of this article, there’s some free code too!

The options:

Drupal’s build in error page support

Drupal provides, out of the box, two fields in the Error Reporting configuration screen. These fields can be set to any internal Drupal path. Usually, they will be set to point the user to a page created specifically for the purpose.

The downside to this is that these will now be nodes in the system, and as such they will show up in popular content lists, site searches and the like. This is clearly not desirable.

Update: I have been made aware of an outstanding issue in Drupal core with error pages. This issue means that a user without “access content” permissions cannot access 403 error pages that are created as nodes. This is true in Drupal 5.x and even 6.1, and is another weak point for this mechanism.

Search404 module

Until very recently I was using search404 but I became less than pleased with the results. To start with, I thought I was aiding usability, but as it transpires… not really. The real killer for me is that search404 often gives me empty search result sets, because the path elements just don’t relate specifically enough to the content.

For instance, the node “/blog/my-drupal-article” will almost certainly contain all the words “my drupal article”, but may not contain the word “blog”, except in the path. This means the search doesn’t catch that article, so you get no results. Given that every 404 page the module generates incurs a DB query automatically, this query is effectively just trash, but cannot be disabled.

Customerror module

Customerror module skirts round the issues of having nodes as error pages. The module makes error handling pages available as custom paths inside Drupal. These aren’t nodes, so we have no issues there.

The configuration screen offers up two textarea fields which will contain the page content to be rendered on each of the 403 and 404 page errors. The key to making this more special than just a plain text or html page is the availability of PHP processing for these fields whilst not requiring nodes for the task.

Ok, so what I’m doing here is recommending customerror as the best choice for this task. That said, let’s throw down some code and make this more useful.

To start, visit the standard Drupal error reporting page at “/admin/settings/error-reporting”. Here, set the default error page fields to “customerror/403” and “customerror/404” respectively, if you’re going to override both these pages.

Now, on the Custom Error module’s config page at “/admin/settings/customerror”, enable both checkboxes that say “Allow PHP code to be executed for 40x”. Now let’s look at handling the 404 error. I’ve added the following code for this site, in the “Description for 404” textarea, and a suitably snappy title in the other field: “404 Not Found Error: No content found at the requested URL”.

<p>Sorry, no content was found at the requested path - it's possible that you've requested this page in error.</p>

<p>Use the search form below, or go to the <a href="">home page.</a></p>

// check that the search module exists and the user has permission to hit the form
if (module_exists('search') && user_access('search content')) {
// cool! - customerror doesn't trash the page request and the full path is available
$path = $_REQUEST['destination'];
// bin anything that's not alphanumeric and replace with spaces
$keys = strtolower(preg_replace('/[^a-zA-Z0-9-]+/', ' ', $path));

  // retrieve the search form using the data we've pull from the request
  // note that we can override the label for the search terms field here too
print drupal_get_form('search_form', NULL, $keys, 'node', 'Search terms');

In the 403 error fields, we adopt a similar technique. I’ve used “403 Forbidden Error: Access to this page is denied” for the title. Here we display different content depending on whether or not the user is logged in. If you’re running a site with lots of members, you can uncomment the user login line towards the bottom and the login form will be rendered on the 403 page!

<?php global $user; ?>
<?php if ($user->uid): ?> 
  <p>Sorry <?php print $user->name; ?>, you don't have permission to view the page you've just tried to access.</p>
  <p>If you feel that you have received this message in error, please
    <a href="">contact us</a> with specific details so that we may review your access to this web site.</p>
<?php else: ?>
  <p>This page may be available to clients and registered users only. Please select from one of the other options available to you below.</p>
    <li><a href="<?php print drupal_get_destination(); ?>">Login</a> to view this page</li>
    <li>Use the <a href="">search</a> facility</li>
    <li>Go to the <a href="">home page</a></li>
    <li>Go to the <a href="">site map</a></li>
<?php //print drupal_get_form('user_login'); ?>
<?php endif; ?>

Now we’ve got friendly, usable error pages that are helpful and don’t scare off visitors!

Updated 24th April 2008

Feb 27 2008
Feb 27

While chatting in IRC the other night, I found that Adam Light and I will be on the same flight through Chicago on our way to Drupalcon. So, if anyone else is scheduled for United 534 leaving Chicago at 1:10pm leave a comment. Adam and I plan to share a cab to the hotel as they are reasonably close and Public transport in a city new to me on a Sunday night after being up 14-16 hours just doesn't seem to hold an appeal for me. I plan on wearing my BADCAMP07 Drupal shirt so should be easy to spot.

On the downside, it appears that ChipIn has been having issues for the past 16 hours and timing out when people try and donate :(. It does seem to be working now so if you are still interested in helping out my travel fund I'd appreciate it.

Overall this schedule does work nicely. My in-laws are coming up to keep my wife company while I am gone (I suspect they are here to visit with the grand kids).

Feb 23 2008
Feb 23

Quite frequently I’ve been asked about putting images into site “sections”, depending on path or menu trail. Look up, that “Blog” image is what I’m talking about. It’s on all blog related pages. So, here goes – it’s nice to be able to finally offer this information here.

The first main chunk of code attempts to get a menu item and build an image link from that. The second chunk assumes failure of the first and tries again using a partial path method.

If all nodes on your site have menu entries, you can use that piece of code independently. Likewise, if all your nodes can be identified by the first bit of the path, the second chunk will stand alone.

I have got a mixture of the two on this site. A lot of the entries have menu entries, but the blog and portfolio section do not. Therefore, the image links on those sections are powered by the second chunk.

Note: this code expects to find sites/default/files of the GIF type in a directory ‘images/sections’ within my own theme directory. It also will only pick up sites/default/files that have names which are all lower case. In the case of menu entries that contain spaces, those will be replaced with hyphens, so if the menu link is “Site Map”, the image name will have to be “site-map.gif”. Path-based is really dependant on how you are using aliases (e.g. your pathauto.module setup) and isn’t really inside the scope of this article. You’ll have to figure that out yourself.

Okay; in order to not crowd up _phptemplate_variables(), I add just this one line of code in template.php inside that function (under ‘page’ – see here for details):

['section_link'] = get_section_link();

Then, elsewhere in that file, this code:

function get_section_link() {
// MENU - attempt to make a section link from a menu item, for this page
  // get active menu trail into an array
$menu_items = _menu_get_active_trail(); // $menu_items[1] is the top parent of our menu container, e.g. primary links
  // this gets the required menu item into an array
$link_array = menu_item_link($menu_items[1], FALSE); // whip out spaces and make the name lower case
$section_name = strtolower($link_array['title']);
$section_name = str_replace(' ', '-', $section_name);

  if (

$section_link = render_link($section_name)) {
// PATH - if we've not returned, we couldn't make a valid link from menu
  // let's try a path approach instead?
if (module_exists('path')) { // dependency for drupal_get_path_alias $sections = array(); // an empty array to collect stuff in

    // get all the top level links in the primary nav (id of 2) into a array

$primary_nav = menu_primary_links(1, 2); // iterate over the array and pull out the top level paths
foreach ($primary_nav as $menu) { // get the first element of the aliased path for this menu item
$path_element = explode('/', drupal_get_path_alias($menu['href'])); // put the first chunk of each path onto an array
$sections[] = $path_element[0];
// get the aliased path for the page we're on
$section = explode('/', drupal_get_path_alias($_GET['q']));
$section_name = $section[0]; // if the path matches a nav item, create a section image
if (in_array($section_name, $sections)) {
      if (
$section_link = render_link($section_name)) {


render_link($section_name) {
// construct the image's path (mine are GIFs stored in a subdir of my theme)
$image_path = path_to_theme() . '/images/sections/' . $section_name . '.gif'; // make some text for the image's alt & title tags (SEO, accessibility)
$image_alt = $section_name . t( ' section');
$image_title = $section_name . t( ' section link'); // render image html using theme_image (returns NULL if file doesn't exist)
$section_image = theme('image', $image_path, $image_alt, $image_title); // if the image rendered ok, render link using above variables
return ($section_image) ? l($section_image, $link_array['href'],
'title' => $image_title), NULL, NULL, FALSE, TRUE) : NULL;

Then finally in page.tpl.php (and any other page templates) we can use the variable in the “Drupal Way”, and print our variable where we like!

<?php if ($section_link): ?>
  <div id="sectionTitle">
    <?php print $section_link; ?>
<?php endif; ?>

Feb 22 2008
Feb 22

I hope to briefly cover some of the history and evolution of Drupal documentation, knowing the history is often important to understanding the present. Spend more time going over some of the present challenges of creating and maintaining documentation and debunk some persistent myths.

While the session is just over an hour, I hope to have feedback and participation, get some more people participating in one of the easiest ways to get started contributing to Drupal.

On Friday there is a code sprint, if you scroll down towards the bottom there is mention of non-developer activities and a documentation sprint so bring your laptops and get ready to participate.

I'd also like to add a thank you to those who have helped me out by contributing to my travel fund to get me there.

Feb 22 2008
Feb 22

As we mentioned last week, many of the mentoring organizations participating in the Google Highly Open Participation Contest had a difficult time choosing their Grand Prize Winners. All of our projects had stellar participants, and we're pleased to join them in sharing kudos with their unofficial "runner-ups."

Angela Byron and Adam Light from the Drupal project sent us these accolades:

Jimmy Berry

Jimmy Berry was a pleasure to work with over the course of GHOP. He has a real knack of coming in, tackling a difficult task that's been long-neglected (such as SimpleTest coverage for most of Drupal core, or the new Git back-end for our Version Control API module), and knocking it completely out of the park. Jimmy rocketed his way up the Drupal learning curve and is now one of our best new contributors.

Edward Yang

Edward Z. Yang already has open source development experience, as the developer for the HTML Purifier project. During his time with the Drupal project over the course of GHOP, he has shown a penchant for impeccable code quality, and takes incredible pride in his work, always going above and beyond (often way above and beyond) what has been asked for by the task description, as particularly evidenced by his work on the Coder Format module.

Charlie Gordon

If GHOP were based solely on community participation, Charlie Gordon would far and away take the prize. In addition to suggesting tasks and helping to answer other students' questions, he also spear-headed efforts to setup the Drupal community's successor to the GHOP contest, DROP. Oh yeah, and he also kicked butt on several GHOP coding tasks, and made very short work of everything from writing SimpleTests to porting Revision Moderation module to 6, and even creating and maintaining the new Citation Filter module.

Wilson Lee

Wilson Lee took on a wide variety of GHOP tasks ranging from documentation to code to marketing. Kourge did a particularly awesome job on a marketing
presentation for Drupal 6 (.zip) and a Core Hooks Cheatsheet (.zip) which will be of great use to Drupal module developers everywhere. Kourge was also frequently found in our IRC channels and helped other students find answers to their questions.

Dmitri G.

Dmitri G. was actually too *young* to participate in GHOP, being only 12 years old, so wasn't eligible to claim any tasks or prizes. However, he more than made up for that by helping to mentor and guide the GHOP students throughout the duration of the contest. So we'd like to name him as honorary GHOP runner-up.

Feb 22 2008
Feb 22

I have a client whose sysadmin is adamant about using Lighttpd as a webserver, whose site also uses imagecache.

There are some major differences in Lighttpd's rewrite system compared to Apache's rewrite system. The difference that is most important is the lack of the file exists check provided by the -f flag to apache's rewrite conditions.

The way imagecache works is to dynamically generate images that don't exist when they're requested from it's url namespace. So if you request and it doesn't exist the url rules rewrite it as
and drupal passes the request to imagecache. If the file does exist Apache just serves it directly.

Since Lighttpd's rewrite rules do not support this file exists flag they are unsuitable to solving our problem. I tried setting up several different variations of rewrite rules, specialized 404 handling.

So after installing mod_magnet, and editing the url prefixing for my local installation everything works wonderfully...

While everything is working I still have some concerns that make me want to do some benchmarks against lighthttpd and apache.

My concern is that mod_magnet seems to have a heavy performance cost, like 25% less requests per second according to the Benchmarks section of

When I consider it in light of the performance benchmarks at,
I start wondering if lighttpd + mod_magnet +fcgi really has a performance advantage over apache2 + fcgi + mod_rewrite.

I would expect lighttpd to have a smaller memory footprint, but a minimally configured apache + fcgi has a pretty small memory footprint compared to running mod_php....

Now that I have a working lighttpd install I may try to do some benchmarks to ease my mind.

Feb 21 2008
Feb 21

This is the result of seeing one too many 'For Drupal to really succeed' posts. Drupal is already a success. There is certainly room to get better and grow more, but Drupal has already succeeded.

When listening to interviews with musicians who have a new 'hit' album/song I often get a sense that the interviewer has this fundamental assumption that the artist just started playing/singing last month. When you listen carefully, you find that the artist has been working at their craft for years. So it goes with Drupal and Drupal's success.

For the time I have been with the Drupal community we have had a steady progression of success. In my first few years, the community took pride in the fact that sites could be built by skilled developers with no indication that it was using Drupal (Yes, many hobbyists often implemented sites that were obviously Drupal). Calls to put 'tagging' into the code to more easily identify Drupal based sites were often met with resistance. The prevailing attitude was to focus on quality and capability rather then count implementations.

What really attracted me to the project was a combination of things. Initially it was that I could run it on IIS. What kept me, besides being able to get it working, was the community and that the project had a defined mission and principles. When I first entered the IT field, I thought things like missions statements and principles were silly. Over time, I have found they are actually tremendously important for keeping a projects focus and not wandering to far afield. They help keep everyone near the same place in regards to how a project grows and evolves.

From the history page, we know that the 1.0.0 release was in 2001. A summary from the CHANGELOG.txt shows we are now at 13 full version release from the initial 1.0.0. and each one is our best yet.

  • Drupal 6.0, 2008-02-13
  • Drupal 5.0, 2007-01-15 - First release using X.y versioning
  • Drupal 4.7.0, 2006-05-01 - Last released version using X.Y.z for major release numbers.
  • Drupal 4.6.0, 2005-04-15
  • Drupal 4.5.0, 2004-10-18
  • Drupal 4.4.0, 2004-04-01
  • Drupal 4.3.0, 2003-11-01
  • Drupal 4.2.0, 2003-08-01
  • Drupal 4.1.0, 2003-02-01
  • Drupal 4.0.0, 2002-06-15
  • Drupal 3.0.0, 2001-09-15
  • Drupal 2.0.0, 2001-03-15
  • Drupal 1.0.0, 2001-01-15 - Initial release

The development cycle is so very funny in it's predictability too;

  • The developers contributing to core already have ideas and code for the next version for things that didn't get in this release.
  • The edge implementors working with the code are already discovering areas that could use a closer look and perhaps a better solution based on work they are doing for clients.
  • Contributed module developers are updating modules or hoping that others will supply them with patches and testing so that the less involved members of our community can catch up and start using the latest version.
  • Newer folks are trying to figure out which to go with, Drupal 5 or Drupal 6.
  • Non-participants are lining up to point out and decry how unusable things are because module x/y/z isn't updated and it's unconscionable that anyone would release something without it and demanding that someone do something (and being ignored because frankly that type of complaining isn't interesting)

Scattered through the forums you will see this pretty much every release. It can be fun helping people through this process of discovery. Many can and do become awesome contributors and build lasting relationships. Others, well, we see some others every release saying the same old thing, but oddly, never in the contribute category.

Drupal has already had success. As long as people continue to contribute to the project; donate time, code, reviews, support, documentation and other things we will really continue to really succeed. We can do better, but that too is a universal saying.

Feb 21 2008
Feb 21

For those of us who spend half the day on the command line and the other half working with Drupal. I have this setup now on my server.


Feb 20 2008
Feb 20

Drupal 6 was released last week and everyone has been talking about how much greater it is than the previous release.  I particularly like how powerful the new menu system is, the new caching and performance features, and all the new AJAXy goodness.  But what is coming up next year in Drupal 7? This is a list of issues on that I am looking forward to see in the next release...

Add hook_file() This would allow for a very nice File API, allowing us to interact with files at a new level. Handle File Uploads in Form API Right now when you have a file field in Forms API, nothing is returned when you submit it. It would be nice if Forms API handled some of that. Descriptions for Permissions This would allow modules to description their permission sets in the administration section. Data API Providing a common interface for all data types within Drupal (Nodes, Users, Taxonomy, etc). Add PDO This would severely increase performance, allow more database abstraction, and get more PHP5 goodness into Drupal. External JavaScript files for drupal_add_js() Make it easy to reference external JavaScript files through drupal_add_js() and then cache them. Custom CSS and JS for Blocks Adding CSS and JS for blocks through hook_init() isn't very clean, so this will fix that. Examples for form fields Having an example for every form field would allow better usability for Drupal. Hook Registry Increase performance in Drupal even more.

With these additions, and the implementation of a web service platform in core, we'll have ourselves a slick Drupal 7 release. What are you looking forward to in Drupal 7?

Feb 20 2008
Feb 20

20th Feb

First up, congratulations everyone on the release of Drupal 6.0! Its a biggy - so many others have already beat me to it listing new features and pointing out some interesting reading involving the release, so I'll not repeat it all over. Here's a few links I found worth a read:

And for those who want to turn their attention to what's in store for Drupal over the next twelve months, development is now open for Drupal 7. Make sure you also take a look at Dries' State of Drupal presentation in Barcelona.

So, as we at Leafish start to play with the latest and greatest release and think about upgrading our sites, our attention shifts from core to contrib... Ooh, the excitement! There's already some early birds and there's certainly some concerns over the state of key modules like CCK, Views and Image.

Last time round for Drupal 5.x I had a whopper of a table which I didn't maintain once sepeck pointed out the fantastic effort Michelle put into a similar list on Once again, there's a pretty comprehensive list over there: check out the Contributed modules status - 6.x page. Its a wiki page, so if you're a module maintainer or are already getting your hands dirty with Drupal 6 patches/ports get updating! And if you're not getting your hands dirty, why not?

So this time this table only contains the more important modules we use, but I hope it’ll be of use to some other peeps out there.

Feb 19 2008
Feb 19

Whilst installing Drupal 6.0 on Solaris Express Developer Edition (SXDE) 1/08 I ran into a few glitches with the brand new Webstack, which makes it's debut in this build of OpenSolaris.  (SXDE is Sun's distro of OpenSolaris.  It's the best way to get access to all the latest stuff in a relatively feature complete distro of OpenSolaris without having to build the whole O/S yourself.)  With the advent of Webstack integration you don't need a separate download to get all the AMP stack integration and optimizations previously only available in Coolstack.

The executive summary of the solution to the Drupal 6.0 install glitches is:

  1. Edit  /etc/php5/5.2.4/php.ini  to add '.' and Drupal's base dir (/opt/drupal-6.0, in my case) to PHP's include_path:
    include_path = ".:/usr/php5/5.2.4/include/php:/opt/drupal-6.0"  
  2. Spoof PHP into thinking it's using an older MySQL client:
    ln -sf /usr/mysql/5.0/lib/mysql/ \\ 

Now, with these fixes in place, I have the advantages of the Service Management Framework (SMF) and DTrace, plus an AMP stack compiled with optimizations for Solaris and the processor architecture (AMD64, in my case). 

If you're interested in a more detailed account of the glitches and fixes, read on...

The first glitch prevented the Drupal index.php page from rendering, and appeared in the apache error_log as:

PHP Warning:  include_once() [<a href='function.include'>function.include</a>]: Failed opening 
'includes/' for inclusion (include_path='/usr/php5/5.2.4/include/php'

which was remedied by adding '.' to the include path in include_path in /etc/php5/5.2.4/php.ini

include_path = ".:/usr/php5/5.2.4/include/php" 

Then, proceeding to the database setup, MySQL gave an error:

"Client does not support authentication protocol requested"

This was easily resolved by the procedure posted on, but that's a compromise on MySQL password strength, so not ideal.   This allowed me to proceed to the next glitch, which apache error_log explained as:

" httpd: fatal: relocation error: file 
/usr/php5/5.2.4/modules/ symbol
mysql_set_local_infile_handler: referenced symbol not found"
After much hair pulling, Sriram pointed me to the solution he worked out for the same problem with MediaWiki installation:
ln -sf /usr/mysql/5.0/lib/mysql/ \\

and another addition to include_path in /etc/php5/5.2.4/php.ini to add Drupal's base dir

include_path = ".:/usr/php5/5.2.4/include/php:/opt/drupal-6.0" 

Turns out that spoofing the library name like this also solved the "Client does not support authentication protocol ..." problem too, so I'm back to full MySQL password strength.

After these three simple but obscure fixes it was all clean sailing.  I now have Drupal running in six zones across two separate instances of SXDE 1/08 using the latest Webstack. 

Feb 19 2008
Feb 19

The Drupal community is very active and always looking for new ways to improve the system. In D6 the user is an important player: i18n, the new drag&drop capability, better performace.

With the support of companies like Sun, Drupal has a very bright future.



Posted by theBorg on February 20, 2008 at 04:23 AM PST #

Feb 18 2008
Feb 18

In this short video Search Engine Marketer Brian Chappell recommends some basic SEO measures for a Drupal site. Since Drupal is very search engine friendly out of the box, there are not many things you need to do.

Brian recommends to activate the core path module and to additionally install the Page Title, Global Redirect, and Meta Tags modules. In his accompanying blog post are also some notes on the .htaccess and robots.txt files.

I haven't used the Page Title module yet, but agree that Path, Global Redirect, and Meta Tags (nodewords) should be installed and activated, and also the XML Sitemap module.

Last year I wrote about SEO modules for Drupal and other CMS with some more modules that are worth taking a look at. There is also the SEO Checklist module by Ben Finklea to help you make your Drupal site even more search engine friendly.

One hint from me. Make your site friendly for yourself and your users first. Then take care of the bots, if you feel like doing so.


I lost some comments on this post, that were mistakenly classified as spam by the spam protection I am using. Greg Knaddison, a.k.a. greggles, pointed to his free Drupal SEO video-course, where he covers the most important Drupal core settings and contributed modules for optimizing your site. Check it out!

Feb 18 2008
Feb 18

[Update: this had the wrong tag to get on Planet Drupal]

I'm really looking forward to DrupalCon Boston 2008. The highlight for me will likely be meeting a bunch of really great people I have come to know, respect and be inspired by;

  • Everyone at CivicActions; My awesome colleagues and team-mates for the last 6 months.
  • Dries Buytaert; For obvious reasons.
  • Karoly Chx Negyesi; It's been great having your support on SoU. I want to put a voice to your words, code-comments and even php code!
  • Folk from the Usability Group; Eigentor, Gaele, SteveJB, Yoroy, CousinHub and many others.
  • Neil Drumm; You're usability discussion at BADcamp (I listened to the podcast) was inspiring and interesting for me.
  • Kent Bye; You have contributed a lot of videos and screenshots that have been inspiring for me. Then there's Backtrace Vizualizer which is just amazing.
  • Angie Webchick Byron; You're never-ending support is inspiring and motivating. Where do you get all that energy from?
  • And too many others to list here...

I leave this coming Sunday night (in less than 6 days) for Frisko via AKL and LAX, where I'll overnight. I go onto Minneapolis on Monday for the usability testing at the UMN, where I'll arrive in time, albeit a bit late, for the Twin-cities drupal meetup with Dries, the 'usability team' and local drupal folk.

On Friday 29th, it's off to Boston. I'm still looking for something to do for the weekend. I was thinking of heading to NYC to see the big apple, Montreal Canada just cause I've never been there, Vermont for a day's riding the slopes, or maybe hanging out in Boston to site-see, see if I can open a US bank account, and maybe scratch my apple-itch helping the RCS folk unlock or brick their iPhones.

Monday 3rd of course brings on the Main Event. Saturday 8th sees me on a plane back to Frisko for the night. On Sunday 9th I'll have most of the day free to site-see before getting on a plane home to Christchurch on Sunday evening.

Feb 18 2008
Feb 18

I've just committed the first code for the new comment alter taxonomy module. This module will allow users with certain permissions to change taxonomy terms associated with a node from comments on that node. The main motivation behind this module was to make it possible to have labels/tags on project issues like "needs doxygen", "benchmark", and "newbie", etc. Instead of just adding this functionality to the project issue tracking module itself, I thought it would make more sense to create a generalized module that works for all node types, not just project issue nodes.

I've written this up in a bit more detail at I'd love to get some feedback on potential use cases for this module as well as feedback on certain design decisions I made.

Here's a screenshot of an example issue where a term has been altered via a comment.
Comment alter taxonomy example

AttachmentSize 56.81 KB
Feb 17 2008
Feb 17
There was naïveté in the air, on the floor, everywhere. [?]

18th Feb



Feb 16 2008
Feb 16

After the Google Highly Open Participation (GHOP) contest ended, we've got a huge influx of new contributors in Drupal. The positive influence the GHOP brought was truly amazing. To keep the beat rolling, DROP was created. Standing for Drupal Really Open Participation, we continue the goodness of a task-based system and pancakes.

This is a really brilliant idea. It serves as an incentive for regular contributors. It interests new contributors. It gives recognition. These are all successful traits of GHOP that DROP wishes to carry on. I've personally already claimed one task and plan to work on more once I have the first one cleared.

So what can you do to help? Read on.

  • Complete some tasks. Feeling like coding? Look no further than for some open tasks to curb your coding urge!
  • Propose new tasks. Have a very good idea that doesn't exist in reality yet? Give someone a chance to pull it into the plane of reality by creating a task. Remember to get an account to do so.
  • Give feedback. Anyone who wants to butt in and provide constructive criticism is welcomed.

So rock on at DROP and improve Drupal!

Feb 16 2008
Feb 16

Drupal has seen a number of books written about it in the last 18 months or so, the sign of a healthy platform. The latest of these books is Drupal 5 Themes, by Ric Shreves, published by Packt Publishing. The book covers the process of making a Drupal site look how you want it, known as theming. Theming Drupal is a multi-step process, due to the flexibility and customizability of Drupal itself. This book serves as a fine introduction to the process and methods of Drupal theming; however, it is not without its rough patches.

The book is lean, right around 250 pages, and even that is including a completely superfluous appendix, and some other sections that could have easily be kept out without too much loss of content. Starting out with the obligatory and well done introduction section, we quickly move right in to customizing the themes that come with Drupal, and how to install a contributed theme. While we could have done without the hand-holding as we look at the basic parts of theme configuration, it is a fine introduction to the amount of configuration possible without delving into theming itself. The author takes us through a fictional client’s requirements for a site, and shows how those design elements would be implemented in Drupal, without writing any code.

A brief discussion of the various theming engines that are available is suitably brief enough, as Drupal theming today revolves around PHPTemplate, and, soon, it’s time to start delving into Drupal’s custom templating language. PHPTemplate was written specially for Drupal, and it deftly balances flexibility and power, as it remains easy for developers and designers alike to work with it. Some discussion of block visibility serves as a good example of those places where Drupal allows developers to get down into code without modifying Drupal itself. While it’s a fine discussion, the author fails to mention the , which has lots of other examples for a budding themer to snack on.

We also get a very good idea in Chapter 3 on how just a little bit of well-placed code here and there can make a big difference in Drupal themes. Working with the , the author takes us through the theme’s files to show where the key points of control lie.

Chapter four is a list of core css files and theme functions. It is also completely superfluous. It could be replaced with a couple of grep or find commands, or a tutorial for finding theme functions on , which would have longer-lasting benefits for a Drupal themer. A representative of the content in this chapter is:

Formats the content of an administrative block.

Formats an administrative page for viewing.

It’s 18 pages of your life that you’ll never get back.

That’s followed by what is easily the standout section of the book. Chapter 5 is all about overriding css and theme functions, and is a terrific discussion on what’s available to the themer, and how to get at it. It’s chock full of great information and examples, showing how the default “Garland” theme takes the PHPTemplate engine and overrides parts of it itself, and shows how you and your theme could do the very same thing. It’s an empowering overview of taking control of the theming process.

Chapter six focuses on designing a theme around the Zen, creating a subtheme. Just a bit of code and some new CSS, and we have a completely different looking site. The big problem here is that the theme we come up with is pretty ugly. Nevertheless, it does show how big results can come from a little tweaking.

Now that we’ve taken a pre-written theme and designed a subtheme around it, Chapter seven is all about creating a theme from scratch. Starting with the bare basics and moving into discussions of what variables PHPTemplate makes available, and even how to make your own variables available, this is a grand discussion that shows the full power of the templating engine and how much power is actually there. Again, though, what we’re creating won’t be winning any design awards, but I suppose that’s beside the point.

The last chapter is about theming the various forms in Drupal, and this again is excellent. There are several steps in the process that can be used to change how forms work, and the author expertly goes through each way, showing where each one is most appropriate, and showing fine examples in the process. If the whole book were this well written, it’d be a bible of Drupal theming. Unfortunately, it’s not. The chapter also devolves into unneeded screenshots of most of the Drupal forms, and what functions are used to build them.

The book ends with a totally unnecessary appendix of every CSS selector included in Drupal core. Once again, a nice grep command could easily have been used to build this content.

  • Chapters 5, 7, and 8 are quite useful, even to an old three-digit-uid user like me. Overriding is a big part of Drupal, not just theming, and it’s taken on in great style and fine discussion. PHPTemplate is one of the shining stars in Drupal, everyone who uses it owes Adrian a beverage, and the fact that you can use a few pages to talk about how to create an entire Drupal theme from scratch shows its amazing power. It would be hard to get such things wrong, and this book does not. It shows a good knowledge of PHPTemplate and what it’s very good for. And, though forms aren’t something that get themed a lot, we have in this book a fantastic reference on how, where, and why you’d theme forms in Drupal.
  • Starting with the Zen theme is practically Best Practice when it comes to theming Drupal, and the author here goes into some depth with this theme, showing code and where some good CSS overriding can make a big difference. It’s also a wise move to show that the Zen theme is not the last word in theming, and it is possible and even advantageous to create your own theme from scratch.
  • As noted above, there are several places where I thought the content was superfluous. Chapter four could be reduced to a few grep statements, or a discussion of While chapter 8 starts off with some fine discussion, it ends up with a bunch of screenshots of forms in Drupal, and where they are in the code. While there might be some good information in here, the screenshots, and number of them, seem over done. Appendix A could also be reduced to a few grep statements, as it simply lists the CSS selectors in all of the css files within Drupal core.
  • No book on Drupal is complete without a discussion of Drupal contributions. This book does spend a good deal of quality time with the Zen theme, that is the first and last time contributions are mentioned to any depth. Looming very large in their absence are CCK and Views, two modules that practically every Drupal site will need in its lifespan, and two modules which are complex to theme, and yet very themeable. Any book on Drupal theming that does not even mention these two modules, let alone not show any examples of theming them, is woefully incomplete. Yes, they’re not core, but neither is the book called “Drupal 5 Core Theming.”
  • The graphics in the book are of poor quality. The places where lightly-colored text are used (such as the Garland theme) are very hard to read, and the file listing screenshots are badly pixellated. Every screenshot looks like the poor-quality placeholder images were never swapped out for high quality images.
  • The themes we end up designing in the book are, well, ugly. I realize that’s not the point, but I think that, if the book’s going to discuss theming and design a theme or two, I would want the themes to be of good quality.
  • Just a week or so after I received this book on Drupal 5 Theming, Drupal 6.0 was released. Most of the discussion in the book still applies, as the theming exercises themselves focus on the Zen theme and CSS, but large portions of the book, particularly Chapters 5 and 7, which might be the best part of the book, will need to be rewritten, as Drupal 6 has dramatically increased the number of .tpl.php files, and in the process has made overriding these pieces much easier. Themes themselves have changed in Drupal 6, requiring corresponding .info files, requiring registration via hook_theme(), and in the removal of _phptemplate_callback(). Readers coming to Drupal 6 with this book would be well-advised to keep the appropriate open in a tab while reading and experimenting.

There are great parts of this book, and there are horrible parts of this book. While I think that there’s more wrong than right, the parts that are right are very right and worth the price of the book. Someone new to Drupal theming, someone who’s just not sure what to do, someone who thinks they can just change the color in Garland or mess with Bluemarine and call it a day, these people will get a great deal of worthwhile information out of the 250 or so pages. The book is geared towards people with a good background in HTML and CSS, and it does mention that a ‘basic’ knowledge of PHP is helpful. It’s to PHPTemplate’s credit that most themers won’t need to touch too much code, and what needs done is typically simple logic and not difficult. Those places where you can get deep in to PHP and Drupal coding are properly glossed over. Drupal 5 Themes leaves room for an advanced theming book, and that is the appropriate time to have such discussion.

All in all, I do recommend this book to people who are looking at Drupal and want to know how they can change the look of it to fit their design. It does show the power of the Drupal theming layer, and how much Drupal’s output can be changed through, not just CSS, but some simple and well-placed PHP code as well. Drupal 5 Themes is a worthwhile introduction to Drupal theming, and deserves its place among the current crop of Drupal books.

Feb 16 2008
Feb 16

The importance of project management tools is almost never fully appreciated. I am shocked at how common it is for a group of developers to go working without version control, ticket tracking, development documentation and so on. The very first thing I do when working with a new client is to make sure that they get these tools in place if they haven't already.

Those who are used to working without a complete set of project management tools never fail to appreciate the benefits of them once they are introduced. I consider it next to impossible for a team to work together without managing code and tasks in an efficient and highly organized way.[img_assist|nid=155|title=|desc=|link=none|align=right|width=250|height=156]

Hopefully you do not need to be sold on this idea and are using CVS or SVN to manage your project already. You likely have some sort of ticket system. It is a little less likely that you have both of these components integrated with each other.

When it comes to choosing a solution for project management software, a die-hard Drupal user has a dilemna. On one hand, Drupal seems as though it should be the perfect solution. It's fully customizable, has lots of nifty project management related modules and, most importantly, it's Drupal! Why would you not use it? "Eating your own dogfood" is the way to go, right? Meh...

Drupal is generally considered a content management system. Personally, I like to refer to it as a website management system. It is great at managing website related stuff like users, posts, permissions, categorization, and so on. Using contrib modules, you can customize and enhance this core functionality to almost no end. But at the end of the day, Drupal is designed to handle web content and the users that are accessing it. That's what a content management system is (and if content is king, that would make Drupal... well... God).

Managing a project, on the other hand, is a much different business from managing a website. Yes, you have many shared properties such as content and users. But the essence of project management involves things that have nothing to do with website management such as a revision controlled code base edited by multiple users, a need for efficient ticket management, and ideally full integration of everything. Essentials also include stuff like a nice repository browser, user management interface for repository access, fancy reporting for tickets, organization of tasks by milestone, date, person, severity, etc...

It's a very tall order. Yes, you can do all this in Drupal, but not very well. You can piece together something that sorta kinda resembles a project management solution, but in the end, you need to invest a relatively large amount of time to create something that is less than ideal and will require ongoing tweaking and modification. Unless your business is creating an effective project management solution in Drupal (something I dream of!), you should not be using Drupal for project management.

I'm a one man shop, and I do not have time to spare. I cannot justify spending any time at all kludging together a project management solution for a client when there are already far superior solutions available at low cost. I would much rather pay someone a few bucks a month and be done with it. Let them deal with SVN administration and enhancements; let me focus on my primary task which is building cool sites with Drupal.

While there are numerous project management related service providers out there (Fogbugz, Basecamp , Beanstalk to name a few), I want to talk about my personal favorite, Unfuddle. Unfuddle has taken obvious inspiration from the folks over at 37signals, innovators of the simple, clean, effective, it-just-works web application. Unfuddle is an instant project management solution that takes minutes to set up and costs a few dollars a month. The time you'll save in not having to set up SVN and manage SVN users alone makes it worth every penny.

[img_assist|nid=156|title=|desc=|link=none|align=left|width=250|height=221]What you get with a solution such as unfuddle is a ready-to-use repository with integrated documentation, ticketing and reporting. It takes seconds to set up a new user account with permission levels fit for everyone from a developer (gimme root!) or a suit (look but don't touch).

From a single interface, you can browse code, tickets and documentation. Every component integrates with the others. You can even resolve a ticket with an SVN commit message, saving you the trouble of having to go and edit the ticket after your commit! Users can individually subscribe to whatever level of email notificaton they would like to recieve and how often. The developer can shut off all notifications while the manager can get a nice daily summary each morning of milestone completion progress, new tickets, added documentation and so on. The project manager can glance over one of the ticket reports and group tickets into milestones for reasonable short vs long term goals.

SVN comments link back to the tickets they are related to. Tickets contain links to the changesets that resolved them. Viewing these changesets, you can see a beautiful code diff and quickly see what fixed the problem. Senior team members can quickly and easily review code changes submitted by junior staff.

With tools like this available these days, it's just not worth it spending any effort whatever on a lesser solution.

Feb 16 2008
Feb 16

Would you like to learn Drupal 6 as quickly as possible? You have already learned the basics but you would like to advance further? Or you’d rather learn the new features of Drupal 6? Then this announcement is especially for you.

I am issuing my tutorial video on Drupal 6 later this year (2008) in the first half of 2009, whose title is Drupal Miracle: Step by Step Drupal 6 Tutorial Videos. This will include over 10 hours of video!

The Drupal Association will recieve a 20% of commission for each copy sold. As a result, these videos will not only increase the number of Drupal developers, but also provide financial support to the Drupal Association. That is a double advantage!

The target audience of the Drupal Miracle are those Drupal developers who are on beginner-intermediate level. “Intermediate” developers are those who have already acquired the basics and would like to improve their knowledge further, to build more complex sites. However, I also would like complete beginners to be able to learn from the videos. Therefore, I am definitely creating the teaching material in a way that can aid complete beginners.

I am going to work on one Drupal based website during the whole training to provide a real life example. The videos will demonstrate how you can construct a complex website with the aid of Drupal, which is for “real” usage. I am going to discuss in detail the most important modules like Views, CCK, Organic Groups, Panels and many other useful modules.

One of the main parts of the instructional material is going to be the demonstration of the above modules through real tasks and how to getting lots of modules to work together. Two other highly valuable pieces will be theming the site - taking an existing design and implementing it as a Drupal theme - and the basics of module development.

The videos can be watched online with a browser through the member area. There are several advantages of these online Flash videos:

  • You can immediately access the videos from everywhere in the world, you do not have to wait for delivery
  • There are no delivery costs
  • You get future updates of the videos free of charge (e.g. correction of faults, expansions)

Why is the teaching video the best means of education? The answer is: you can learn the given teaching material quickly and easily as you see each operation with your own eyes. If needed, you can stop, rewind and play again any of the videos whenever you would like to. If you are a visual type (as most of the people are) you cannot find a better teaching method.

Until the videos are ready, it is worth checking the blog for the emerging free of charge Drupal 6 videos. Subscribe to the RSS feed so you won't miss the videos!

You may also want to watch some of the previous videos that I've made including the SEO Course. The Drupal SEO Course is more than 1 hour video about how you can quickly and easily make your Drupal site search engine friendly, or what those faults are which cause your site to perform badly in the search engines. Sign up for our free SEO course in the right sidebar!

UPDATE (February 15th, 2009): The key module, Panels 3 for Drupal 6 is still missing. Therefore the release date of Drupal Miracle delayed. However, we plan to release the videos later this year (2009). Very sorry for the delay. We understand that we announced the videos very early, but without the modules we cannot record the videos (We hoped that the key modules will be ready earlier). Subscribe to the RSS feed so you won't miss any updates about the videos!

Feb 16 2008
Feb 16

For those of you who haven't read the front page post yet, DROP is a new program that encourages and helps people get involved in the Drupal community! DROP is basically a continuation of GHOP, only extended so that everyone, not just 13-18 year old high school students, can participate.

Have you ever wanted to contribute to Drupal, but weren't sure where to begin? Developers, have you ever seen small tasks on that you don't have time for but that are important nonetheless, and would be good for people just starting to learn Drupal? Then DROP is for you. DROP is an organization of small tasks from, both documentation tasks and coding tasks—and everyone can participate in it, either by proposing DROP tasks, mentoring them, or doing them. No matter what your skill level and experience with Drupal is, you can find some way to benefit from this new program. Read on to learn more about this program, or click here to go to the DROP site's about page.

Spearheaded by GHOP students and encouraged by GHOP admins, this new Drupal-specific program is bound to be a success. Already, we have many tasks awaiting doing—so when you're ready, or when you have time, or when you're just bored, remember—some bite-sized Drupal tasks are available for you to do. And if you come across an applicable issue on, feel free to mark it as:

DROP Task: [[Rest of title here]]

and add it to the tracker.

Get involved!

So, what are you waiting for? Get involved now! Create an account at the new site, and begin proposing, claiming, and/or mentoring tasks! If you have been helped a lot by Drupal and the Drupal community, then this is the perfect opportunity for you to begin to give back—and join that community rather then be helped by it. Or, if you're a more seasoned developer, there are more difficult tasks too—everyone can find a task appropriate to their skill set and experience level.

For mentors and students, communication can take place either at the issue, or on channel #drupal in IRC. If you are unsure whether something would make a good DROP task or not, you can post it to the DROP project issue queue. The DROP project page is also used for tracking oddball DROP tasks with no home issue queue of their own.

Any questions? Comments? Concerns? Feel free to leave a comment below; I'll answer as soon as I possibly can! And in the meantime, I'm looking forward to seeing you all participate in DROP!

Feb 16 2008
Feb 16

In an earlier discussion about commenting Kris mentioned using pingback, but...

Spam is a problematic issue. I had to enable comment moderation not because the Captcha was too easy to come by, but because apparently real people are adding genuine comments and are actively abusing the URL field to point to their commercial (or virus-infected) websites.

These comments are looking pretty normal, thanking me in person for a specific article about a subject or even pointing out an issue. Hardly the work of an automated process. These people are either being paid or directly profit from commenting on blogs.

After enabling comment moderation the number of spam averaged to 3 to 4 a day. Moderation helps me not to go and look for these comments and prevents harm to innocent visitors, but unfortunately diminishes real interaction between readers (and me).

Pingbacks are actually a much easier way to distribute spam with less effort and for that reason alone I have no intention to enable it (or even use it moderated). I am too busy with moderating my comments, thank you :-)

After consideration and discussing with others having identical feelings, I concluded that it was not just the fact that one is commenting on someone else's blog article, but also the manner (addressing, self-promotion and confrontation). I realise that this is more a style-related discussion and more based on perspective and personal likings than merely the burden of having comments linked unidirectional.

De gustibus et coloribus non disputandum est.

Feb 15 2008
Feb 15

Now come the fun part.... whenaremymodulesgonnabeupgraded!

For an initial test, I updated my site on a test site and it went very smoothly. Picked up settings and everything. I tried image module but it turns out that while image module will evidently work on a new install, it's not quite there yet for updates.

I really rely on Drupal core and image module. I can do without the others but Tagadelic is one I've been enjoying, so I may actually take a shot at it with coder module as a guide and see how far I get before it gets update. That does depend on my family, friends and work schedule though so perhaps it's a mere pipe dream.

Theming looks to be way more fun and much easier. My site, while personal has some definite areas, maybe it's time to change the theme in those areas a bit? Hmmm.... so much to do, so much to consider, so little time.

Feb 15 2008
Feb 15

Somewhat in the heat of the moment I decided to move to Drupal6. I was not really planning on doing it until after a few months, but somehow the excitement took over to just make a copy of the database and test-run it on the copy.

I started over with the fresh Drupal6 codebase, copied over the relevant content from my settings.php and pointed it to the copy of the database. Without installing any module I just did an update and it simply worked.

My theme was gone ofcourse, putting my Burnt theme back (with my own CSS modifications) was simple. Some of the blocks were missing because I actually forgot to put the modules in place. So I looked for the ones that existed: AutopathPathauto, Captcha, Event and Token. And was lucky enough that only these were necessary for all of the functionality. Sadly the Recent blocks module seems to be unmaintained, so I switched to the default Popular content block, not the same but good enough for me.

Then I did another update for the new modules. I got a problem with the Event module update, which looked as if a second run could cope with it and indeed, a second run reported no errors.

In the end, I was so excited of the result that I just switched the old Drupal5 with the new and shining Drupal6 one, et voilà...

No major problems for me. The site looks mostly identical :-)

Update: There is a minor issue with the included Update status module. Drupal tells me that my Burnt v6.x-1.6 theme is out-of-date and I should 'upgrade' to Burnt v6.x-1.5. I guess I have got a newer release than Drupal has in its database. A simple version comparison could prevent this.

Update 2: I noticed the Comment notify module is also missing for Drupal6. The upgrade-excitement is still justified. I am not listening to you. Lalala...

Feb 14 2008
Feb 14

Yesterday, Drupal 6.0 was officially released - check out this screencast to get a 29-minute tour on the new features in this release.

We'd like to congratulate the Drupal Developer Team and Community for reaching this milestone and are happy that the MySQL Server continues to serve well as the database backend for this awesome content management platform!

I had the pleasure of evaluating and reviewing a previous release of Drupal for the Open Source Content Management System Award from Packt Publishing and it has been one of my favourites.

Keep up the good work!

Feb 14 2008
Feb 14

If you like Drupal, but you don't really know how so many people are able to contribute on average 4 new modules a day, or use their creativity to create a new theme, patch a bug, or something else. There's a commitment I have taken on that doesn't take any thought, learning, or insight.

I have made a commitment to donate to the Drupal Association every week (I get paid every week). The budget is the big item on the Drupal Association's plate and the Drupal 2008 wishlist, voted on by members of, is a big point of guidance for that budget. Make the same commitment and you'll help ensure things like updates to hardware, a redesign, and conferences of various sizes can grow.


About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web