128 posts tagged with "Drupal"

I shipped a Drupal 10/11-safe Pathauto delete action because alias cleanup is exactly the kind of workflow that quietly breaks during major-version transitions.

I built Project Context Connector, a Drupal module that makes site configuration programmatically accessible to AI agents, automation scripts, and monitoring tools through multiple interfaces including native Model Context Protocol support.

Every AI coding tool has its own config format for MCP servers. Claude uses JSON, Codex uses TOML, Gemini uses a different JSON schema. Setting up the same 18 servers across all three means editing three files, remembering three formats, and hoping you didn't typo a credential. I built mcp-web-setup to do it once.

LLM prompts are full of repeated English grammar. Every "If a module exists, then recommend it. Do NOT reinvent the wheel." burns tokens on words the model already understands. I built CPF (Compact Prompt Format) to replace that grammar with operators and abbreviations that LLMs decode natively — cutting token costs by 30-50% with zero runtime dependencies.

Drupal is finally moving project issue management from the custom-built Drupal.org queue to GitLab issues. This is one of the biggest infrastructure shifts the project has made in years, and it was overdue.

Upgrading Drupal Commerce from 3.2 to 3.3 can take a healthy site straight to WSOD, and that is exactly the kind of release risk you need to pre-plan for.

The biggest takeaway: serving Sa11y CSS/JS locally in Drupal gives you more predictable accessibility checks, especially when external asset delivery is unreliable or restricted.

Dries Buytaert, the founder of Drupal, recently addressed a growing problem: AI-generated contributions are flooding open-source projects with low-value reports and patches that lack expertise. The human bottleneck — the reviewer — becomes the point of failure for the entire ecosystem.

WordPress malware campaigns share a pattern. Attackers exploit one vulnerable plugin, drop a backdoor, then pivot across the entire installation. Most site owners discover the breach weeks later, after search engines have already flagged the domain.

For over a decade, Drupal developers have relied on Drupal.ajax — a powerful but heavy abstraction layer over jQuery — to handle dynamic interactions. With jQuery's slow sunset and the rise of "HTML-over-the-wire" paradigms, the HTMX in Drupal Core initiative is the most sensible thing to happen to Drupal's frontend in years.

I built a proof-of-concept module to test what this migration actually looks like in practice.

Drupal 12 lands mid-2026. The deprecation list is long, the database API is changing, and most teams will not discover their exposure until the upgrade breaks something in production. Static analysis catches the problems early. But terminal output is not enough when you need to share findings with project managers, clients, or stakeholders who do not read diffs.

The Drupal 12 Readiness CLI now ships with an HTML report generator, GitHub Actions CI across three PHP versions, and coverage for all 32 deprecated database API functions.

Today I contributed a fix for a subtle but impactful operator precedence bug in Drupal Core's DefaultTableMapping class. The bug affects how SQL table names are constructed when a database prefix is used and entity type tables are not explicitly configured.

Drupal 12 is on the horizon, and with it comes the final removal of a long-standing legacy layer: the procedural Database API wrappers. If your codebase still relies on db_query(), db_select(), or db_insert(), you are looking at a hard break when D12 lands. These functions have been deprecated since Drupal 8, but they have stuck around for backward compatibility. That grace period is ending.

AI is making vulnerability discovery faster and cheaper. That is the easy part. The hard part is what happens next: an open-source maintainer with limited hours receives a flood of security reports and must decide which ones deserve immediate attention, which are false positives, and which can wait.

I built a lightweight WordPress plugin that encourages users to follow a site on Google News and set it as a preferred source. When a user follows your publication, they are more likely to see your content in Discover and "For You" feeds. This plugin makes adding that CTA a one-step operation.

I had two collections of plain arrays and needed to associate them relationally, but I was not working with Eloquent models. Laravel's Collection class is powerful, but it has no built-in way to express a one-to-many relationship between two arbitrary datasets. I built laravel-collection-has-many to fix that.

The first version of Drupal AI Content Impact Analyzer was a minimal proof-of-concept: a single scoring function, no tests, no documentation worth mentioning. It proved the idea worked. It did not prove the idea was useful to editors who need to know exactly why a piece of content scores the way it does. The upgrade rewrites the core into a 6-dimension scoring engine that tells editors precisely what to fix.

The honeymoon phase of "generate everything with AI" is officially over, as major platforms like WordPress and Cloudflare are now forced to build guardrails against the resulting tide of low-quality "slop."

The AI model landscape just shifted again with the simultaneous drop of Opus 4.6 and Codex 5.3, and for once, the "System Card" is more interesting than the marketing splash page.

I tore apart CVE-2025-9318 — a critical SQL injection in the Quiz and Survey Master WordPress plugin affecting every version up to 10.3.1. Classic $wpdb concatenation, trivially exploitable by any authenticated subscriber.