Crafting a strong defense.
A couple issues ago security was an unofficial theme. Thanks to the multiple vulnerabilities discovered in ImageMagick recently that theme is making a return. Happily, the P&T team responded to the news quickly with a post about it plus with a security update to Craft.
If security isn't your thing, there are plenty of other Craft articles and plugins to check out. If you like bad puns as much as I do, there's a great one in the Plugged In section.
Let's hit the links.
New Security Features in Craft
In response to the recent ImageMagick vulnerabilities, Craft 2.6.2784 now does MIME type verification on images before any processing.
Additionally, Craft now requires an elevated user session, meaning that the user must have entered their password in the past 5 minutes for a number of juicy-to-hackers actions, like, changing your password.
If you're writing a plugin that can benefit from this added level of security, call
$this->requireElevatedSession() in your controller.
Huge number of sites imperiled by critical image-processing vulnerability
ArsTechnica reports on the ImageMagick mess. (Thankfully, Craft 2.6.2784 is a one-click install away.)
Tools, tips, and fundamentals
Troubleshooting and debugging errors in PHP
Everybody does it. Debugging. Watch the Straight Up Hangout for more.
Moving from WordPress to Craft
Gregor Terrill on moving to a better place.
Perfecting your technique
Modularity With Craft
Josip Anić discusses how "writing CSS using a scalable, modular method" changed his general coding style and Craft development process.
Another StraightUp Hangout to keep you sharp.
Heroku Buildpack for CraftCMS
This is a helper buildpack for installing and keeping an updated version of Craft CMS without committing it to your repo.
Generator Craft Install
Andrew Welch, author of the impressive Pluginfactory.io, which is a Yeoman generator behind the scenes, flexes his Yeoman skills again with his new generator for Craft CMS installs.
Code Review: Retour Plugin
StraightUp Hangouts has kicked off a new series called Code Review where they will dissect someone's code publicly and hopefully we can all get better by it. The Retour Plugin gets the treatment in this episode.
Keep environment variables (and DB info) out of the repo
From the Craft Cookbook: You have multiple environments, and you want to keep environment-specific data out of your Git repo. What do you do?
Store your private data inside a git repository
This link actually belongs in the It’s not Craft, but it’s interesting section at the end of the newsletter, but it's a good followup to the previous link. This solution to sensitive data in git repos takes the encryption route for privacy.
Pic Puller for Craft
Add authorized Instagram image & video feeds to your site. Plus use the Instagram Image Browser field type to add Instagram media into individual entries.
A plugin for Craft CMS based on jQuery FocusPoint.
"Am I using this field? Where am I using this field?" You no longer have to wonder because Inventory will show you exactly where your fields are being used.
Craft .json snippets for Atom
Snippets for Atom helps you quickly generate .json models for Craft. It works well with the Generator for Craft CMS mentioned in Issue 15.
A Craft Commerce plugin that allows you to add multiple products to your cart.
A comprehensive recipe FieldType for Craft CMS that includes metric/imperial conversion, portion calculation, and JSON-LD microdata support.
Use Laravel Collections in Craft CMS Plugins.
Doxter is a markdown plugin designed to improve the way you write documentation. Fast and consistent Github Flavored Markdown Parsing.
An Ace Editor field type for Craft CMS. (Apologies, Mr. Frehley.)
SimpleText: Simple textarea field type
Sometimes you just want a box to type in.
User Creator plugin for Craft CMS
This plugin allows you to generate users en masse, simply.
Craft Twig Perversion
Making twig do things it really shouldn't. Break, continue, and return tags.
FieldNotes provides a field type where the field input is replaced with a custom note. Use it wherever you need to add some extra content to your publish layouts.
Customize your entry forms for your users with inline instructions.
The Craft Advantage
Why We’re Choosing Craft
Pump Interactive explains why.
Why we recommend CraftCMS for website builds
Clearbold explains why.
Total entries: 1026
You'll need to click "I am not a robot" to see the results, but then look at that list and shudder.
It’s not Craft, but it’s interesting.
HTTP/2 reality check
Frank Lämmer searches for truth in HTTP2.
Font Face Observer
Use scroll events to detect font loads efficiently with minimum overhead.
Why Static Website Generators Are The Next Big Thing
"The biggest missing piece of the puzzle... is content editing... Because of this, many websites built with static website generators currently end up being migrated to a dynamic CMS."
Yeah, that updating-your-site thing is kind of important.