Introduction
Crafting a strong defense.
A couple issues ago security was an unofficial theme. Thanks to the multiple vulnerabilities discovered in ImageMagick recently that theme is making a return. Happily, the P&T team responded to the news quickly with a post about it plus with a security update to Craft.
If security isn't your thing, there are plenty of other Craft articles and plugins to check out. If you like bad puns as much as I do, there's a great one in the Plugged In section.
Let's hit the links.
-John
Craft Link List
Top Stories
New Security Features in Craft
In response to the recent ImageMagick vulnerabilities, Craft 2.6.2784 now does MIME type verification on images before any processing.
Additionally, Craft now requires an elevated user session, meaning that the user must have entered their password in the past 5 minutes for a number of juicy-to-hackers actions, like, changing your password.
If you're writing a plugin that can benefit from this added level of security, call $this->requireElevatedSession() in your controller.
News
Huge number of sites imperiled by critical image-processing vulnerability
ArsTechnica reports on the ImageMagick mess. (Thankfully, Craft 2.6.2784 is a one-click install away.)
arstechnica.com
Tools, tips, and fundamentals
Troubleshooting and debugging errors in PHP
Everybody does it. Debugging. Watch the Straight Up Hangout for more.
straightupcraft.com
Perfecting your technique
Modularity With Craft
Josip Anić discusses how "writing CSS using a scalable, modular method" changed his general coding style and Craft development process.
pinkstondigital.com
Heroku Buildpack for CraftCMS
This is a helper buildpack for installing and keeping an updated version of Craft CMS without committing it to your repo.
github.com
Generator Craft Install
Andrew Welch, author of the impressive Pluginfactory.io, which is a Yeoman generator behind the scenes, flexes his Yeoman skills again with his new generator for Craft CMS installs.
github.com
Code Review: Retour Plugin
StraightUp Hangouts has kicked off a new series called Code Review where they will dissect someone's code publicly and hopefully we can all get better by it. The Retour Plugin gets the treatment in this episode.
straightupcraft.com
Keep environment variables (and DB info) out of the repo
From the Craft Cookbook: You have multiple environments, and you want to keep environment-specific data out of your Git repo. What do you do?
craftcookbook.net
Store your private data inside a git repository
This link actually belongs in the It’s not Craft, but it’s interesting section at the end of the newsletter, but it's a good followup to the previous link. This solution to sensitive data in git repos takes the encryption route for privacy.
coderwall.com
Sponsor
Pic Puller for Craft
Add authorized Instagram image & video feeds to your site. Plus use the Instagram Image Browser field type to add Instagram media into individual entries.
picpuller.com
Plugged In
Inventory
"Am I using this field? Where am I using this field?" You no longer have to wonder because Inventory will show you exactly where your fields are being used.
github.com
Craft .json snippets for Atom
Snippets for Atom helps you quickly generate .json models for Craft. It works well with the Generator for Craft CMS mentioned in Issue 15.
github.com
Recipe
A comprehensive recipe FieldType for Craft CMS that includes metric/imperial conversion, portion calculation, and JSON-LD microdata support.
github.com
Craft Doxter
Doxter is a markdown plugin designed to improve the way you write documentation. Fast and consistent Github Flavored Markdown Parsing.
github.com
User Creator plugin for Craft CMS
This plugin allows you to generate users en masse, simply.
github.com
Craft Twig Perversion
Making twig do things it really shouldn't. Break, continue, and return tags.
github.com
FieldNotes
FieldNotes provides a field type where the field input is replaced with a custom note. Use it wherever you need to add some extra content to your publish layouts.
topshelfcraft.com
The Craft Advantage
Overheard
Total entries: 1026
You'll need to click "I am not a robot" to see the results, but then look at that list and shudder.
exploit-db.com
It’s not Craft, but it’s interesting.
Font Face Observer
Use scroll events to detect font loads efficiently with minimum overhead.
github.com
Enhance.js
A JavaScript workflow designed to progressively enhance sites in a qualified manner.
github.com
Why Static Website Generators Are The Next Big Thing
"The biggest missing piece of the puzzle... is content editing... Because of this, many websites built with static website generators currently end up being migrated to a dynamic CMS."
Yeah, that updating-your-site thing is kind of important.
smashingmagazine.com