Drupal Resources

Drupal Resources

Drupal Security Advisories

Project: Search AutocompleteDate: 2018-October-17Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingCVE IDs: CVE-2018-7603Description: 

This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc..).

The module doesn't sufficiently filter user-entered text among the autocompletion items...

Project: HTML MailDate: 2018-October-17Security risk: Critical 17∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Remote Code ExecutionDescription: 

The HTML Mail module lets you theme your messages the same way you theme the rest of your website.

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

This issue is related to the Drupal Core release...

Project: Mime MailDate: 2018-October-17Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: 

The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments.

The module doesn't sufficiently sanitized some variables for shell arguments when sending email, which could lead to arbitrary remote code execution.

This issue is related to...

Recent Article

This articles features links and information from the Peerless design Security presentation from various Drupal Camps in the Eastern US. Audio from New Jersey's impromptu presentation can be found on the Drupal Camp NJ site for 2014. The PDF version contains all info removed to accommodate time constraints. The entire presentation is available in a white paper available here.

Drupal Weekly Drop

Issue 360 - October, 11th 2018
Issue 359 - October, 4th 2018
Issue 358 - September, 27th 2018

Planet Drupal

Simple Website Approach Using a Headless CMS: Part 1 I strongly believe that the path for innovation requires a mix of experimentation, sweat, and failure. Without experimenting with new solutions, new technologies, new tools, we are limiting our ability to improve, arresting our potential to be better, to be faster, and sadly ensuring that we stay rooted in systems, processes and...
What Are Some Good Ways to Write Secure Drupal Code? Most Common Vulnerabilities and Secure Coding Practices radu.simileanu Fri, 08/24/2018 - 08:44

With the Drupalgeddon2 "trauma" still “haunting” us all — both Drupal developers and Drupal end-users — we've convinced ourselves that prevention is, indeed, (way) better than recovery. And, after we've put together, here...

Drupal 8 will actively complain when your site does not have a hash_salt configured, which usually gets generated when installing the site. (The complaint, mind you, might be fairly obscure; your site might just say "The website encountered an unexpected error. Please try again later." Depending on your error reporting settings, the message might be a bit more helpful). If, for example, you "install" a site by copying over a database and files, you will not have this.

What our clients are saying

I'm so happy we chose to work with PEERLESS Design.
...we just want you to know that we are appreciative!
...took my less than mediocre site and completely revamped it into a beautiful, professional, and easy-to-navigate site
" PDI provides us prompt, effective and efficient service in maintaining our Drupal based website."
...continued to monitor it closely and is still always available to help me if I have any questions
...creative, independent, responsive...
I had a very tight deadline and budget, and they met it, seemingly with ease.
...dedicated, competent and driven to get the job done and done well.
...provided us with excellent, expert service in a professional and personable manner.
I love directing our customers to our new site knowing that they are going to be able to find exactly what they are looking for...
I would highly recommend her for any position requiring IT design and development
Thanks so much for everything!
I realized that I had picked the right company to work with soon after beginning a project with Peerless Design, Inc.
I have seen the first layouts and they are awesome...
...able to translate technical information in an accessible way...
A great experience and a much improved website.
...a pleasure to work with, combining patience (for my busy schedule and at times overwhelmed brain) with her strong motivation and energy to keep me going
I would highly recommend her for any position requiring IT design and development
...your punctuality, your casual and open personalities, and both your hard copy and online portfolios speak very highly of you and your business as well
...can do anything any other designer can do and generally quicker, cheaper and better.
...very responsive to our questions and needs
...I have no doubt we will have the best site in the 2010 election of any PA candidate
...able to take my abstract ideas and add their expertise to bring them to life in a way that was better than I could have imagined!
... incredibly impressed with what you brought to the table
... they also made suggestions which showed me that they fully understood what I wanted to accomplish.