TwoGrunts - Drupal

Battle royale on Drupal.org - Usability enhancements and development philosophy

mike — Tue, 10 Oct 2006 17:44:17 -0400

This post on Drupal.org seems to have ignited a firestorm. I think this comment and this one raises a few interesting points.

Drupal has challenges ahead. Usability is an issue. WYSIWYG editing vs. HTML input. Work needed to get a useful, non-trivial website (trivial defined as anything beyond a simple blog site) up and running. The list goes on.

What I like about Dru

mike — Tue, 12 Sep 2006 13:17:32 -0400

I've been working pretty intensely with Drupal 4.7 over the last several months, including creation of custom modules. Here's what I like so far:

Installation is very straightforward if you have basic unix skills and shell access
Simple extensibility model
Simple database abstraction layer
Nice theming system
Good performance
Caching system to help handle slashdotting or being dugg
Bone-simple module and theme installation mechanism, could be simpler but it's pretty damn good now.

Now, here's what annoys me:

New level of hell for Drupal developers

mike — Wed, 16 Aug 2006 02:26:36 -0400

This post on Drupal.org is too funny.. and too true.

The red triangle refers to a forumla we've developed that brings the greatest likelyhood of a large project going to hell. The idea of the red triangle is to ensure that the project manager is defacto non-existant. In the classic red triangle flow, the client, and designer directly order the developer, and the developer is given little to no leverage to refactor, or deny their requests. For best results, treat code and development as something like "witchcraft" -- like both witches, developers have magic powers; are not to be trusted; and often will pretend they can't do something because they are lazy. Our research has found that refusal to listen to warnings from developers is the quickest way to hell.

Access Control UI Enhancement

mike — Tue, 15 Aug 2006 11:11:43 -0400

I've proposed the following UI enhancement to the Drupal Access Control panel:

My pet peeve is the fact that when you have any non-standard roles, you have more columns of checkboxes to select from, and when you have many modules enabled, you also have many rows to view and the header row (with the role names) disappears, causing one to scroll back and forth to be sure that you are checking the box for the desired role.

I'm aware that merlinofchaos is working to improve the core administrative UI, and I applaud that effort. But, for those of us who are stuck with the current implementation, this solves one of those irritations.

Drupal version changes

mike — Wed, 02 Aug 2006 19:45:07 -0400

I was checking out the 4.7.3 Drupal release that was included with the recent XSS vulnerability in user module security fix.

Here's the complete list of changes, from CHANGELOG.txt:


// $Id: CHANGELOG.txt,v 1.117.2.6 2006/08/02 18:13:26 killes Exp $

Drupal 4.7.3, 2006-08-02
------------------------
- fixed security issue (XSS), see SA-2006-011

Here are the contents of the patch :

Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/Attic/user.module,v
retrieving revision 1.612.2.15
diff -u -p -r1.612.2.15 user.module
--- modules/user.module	16 Jul 2006 18:26:56 -0000	1.612.2.15
+++ modules/user.module	2 Aug 2006 18:09:22 -0000
@@ -900,7 +900,7 @@ function user_login($msg = '') {
 
   // Display login form:
   if ($msg) {
-    $form['message'] = array('#value' => "$msg
read more