Commons Team Improving Contrib & Core
by Ezra Barnett Gildesgame
As part of our day-to-day maintenance of Drupal Commons, we often assist with Drupal contributed modules that are included as part of Commons but not specific to the application, whether that means fixing bugs by writing or reviewing patches, or coordinating with other module maintainers and the Drupal Security team to help reduce the time between reported issues and security advisories.
Below is a partial list of popular Drupal modules that are included as part of Drupal Commons where the Commons team has done significant work recently, along with along with the usage of those modules as reported by the Drupal Update Status module. As the usage numbers show, even work towards a specific purpose or application - in this case Drupal Commons - can benefit the broader Drupal Community on the scale of hundreds of thousands of websites and even over a million websites.
- Drupal Core: over 1 million sites
- CTools: ~690,000 sites
- Entity API: 350,000+ sites
- CKeditor: 230,000+ sites
- Media Module: 150,000+ sites
- Entity Reference: ~130,000 sites
- File Entity: 40,000 - sites
- Organic Groups: 25,000 sites
Check out the full list here
Media module and Drupal Core
Devin from the Commons team took the lead on the enhancements to the underlying suite of Drupal Media modules, accomplishing the following:
- Made 60 commits and added 822 test assertions since the Alpha 3 version of the Media module
- Decoupled various functionalities of the Media module (WYSIWYG, Bulk File Uploading) and moved them into submodules improving performance when only certain capabilities are needed and enhancing code readability and testability.
- Added media-equivalent theme wrappers, markup and classes - the core file module provides lots of nice theming functions and classes which media now has as well.
- Added support for the “display” and “display by default” filefield options - these options are available on file and image fields but when using the media widget checking them wouldn’t do anything.
- Added support for file descriptions. File and image fields allow users to enter a description of the file for reference but the media widget had no place to enter the description - it now does.
- Added a custom multiple value behaviour - users would previously have to click “add another” each time they wanted to attach a new file, now a new “select media” button shows up soon as a file is attached.
- Added a value callback - when using the media element in a custom form, it was very difficult to find the ID of the file that was selected by the element. A value_callback was implemented which makes getting the FID simple.
- Added integration with the stand alone CKEditor module, benefitting 230,000+ sites
- Backported Drupal 8 performance improvements for private files to Drupal 7
- Both Devin and Jakob became co-mainatainers of the Drupal.org licensing Whitelist for 3rd party libraries, reviewing applications from several people and organizations outside of Acquia.
Ctools and Panels
The CTools and Panels modules are among the most popular contributed modules, with CTools part of Drupal core in Drupal 8 and as a result of that broad usage, there were roughly 40 issues in the CTools issue queue with patches from contributors that were awaiting review with some as old as two years. Indeed, sometimes a bottleneck to progress is not the ability of the community to write patches but the availability of other community members and maintainers to review those patches.
Jakob from the Commons team became a co-maintainer of the CTools and Panels Modules, reviewing those issues and making roughly 50 commits across the two projects and rolling new releases of both modules. Sometimes, becoming a co-maintainer can be a great way to help out if you’re able to make a significant commitment to review, re-roll and commit patches in the queue, even if you’re not volunteering to take complete ownership over the project.
Over the past few months, all of the engineers on the Commons team have helped by testing fixes and in some cases reporting issues towards the following Drupal security advisories:
- SA-CONTRIB-2014-043 - Custom Search - Cross Site Scripting (XSS)
- SA-CONTRIB-2013-095 - Organic Groups - Access bypass
- SA-CONTRIB-2013-065 - Organic Groups - Access Bypass
- SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass
- SA-CONTRIB-2014-001 - Entity API - Access Bypass
- SA-CONTRIB-2013-068 - Entity API - Access Bypass
- SA-CONTRIB-2013-096 - Entity reference - Access bypass
- SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass
We’ve also made several enhancements to the Message API suite of modules which powers 14,000 websites and several flagship Drupal distributions including Drupal Commerce and Open Atrium.
Small team, Big impact
The number of full-time engineers on the core Commons team is small relative to the impact we can have on shared community code, even when working to move our own products forward. While not every organization has two full-time product developer available, even allocating community resources part-time can have a major impact benefitting your own organization through improved code and strengthening your brand community karma.