Recognizing Insecure Drupal Code
And, why you shouldn't allow users to input a SQL operator!
11.09.2011 Technology and Innovation
Alas, the “we should blog about that” queue is getting pretty heavy here at the office. It’s been a busy ten months since Lev and I officially opened the doors here at ThinkShout, Inc. And as we’ve been talking with developers this month about coming on board with the team, we’ve realized that we’re missing an opportunity to share with the community what’s been inspiring us in our own work, as well as in the Drupal community at large.
This blog post does a poor job of addressing that fact. But here goes…
Over the last two months we’ve come to embrace responsive design as the starting point on every project for which we can influence site architecture decisions. Diving into responsive has affected almost every aspect of our sales, development and project management processes. It’s changed the way that we scope projects, the way that we prioritize features, the way that choose graphic design partners, and the way that we choose browser-based technologies for building interactive maps, jquery-driven slideshows, etc.
Interestingly, in embracing responsive we’re also managing to get ourselves out of the IE6/7/8 cross-browser support business. By selling responsive design in the project estimation process, we are better able to convince clients of the value in embracing modern browser platforms - as opposed to developing for the lowest of the low compatibility issues.
Soon we’ll have a couple case studies and technical write-ups of our responsive theming work - as well as how responsive has affected our wireframing process. But what I can say now is that we’re designing for mobile first and that we’re deep into the Omega theme camp.
As maintainers of several OpenLayers-based modules, we’ve been involved in the Drupal mapping space for quite some time. However, because of our interest in mobile and HTML5, this summer we started work on a new Leaflet module for Drupal. We’ve also been getting heavily into Development Seed’s MapBox tool suite. We’ve been doing our own custom cartography work, producing watershed-based map tilesets. In addition, this winter we will be helping Oregon’s The Intertwine launch a new urban trails guide for the Portland area which leverages responsive design, Leaflet, and custom Tilemill tiles served up via Tilestream.
The truth is that there’s not much difference between what we are into and what we’re up to. We are really fortunate to work with clients to share our interest in open source contributions and who give us the opportunity to tinker with new technologies. But for the purposes of this post, I guess I’ll make the distinction.
Geeky, I know…But our newest team member, Brandon Lee, has been enjoying the heck out of working on a complex migration of the content from two Drupal 6.x sites and one Drupal 5.x site to a single Drupal 7.x site. In the process, he’s had the opportunity to roll up his sleeves and get into the weeds of the Migrate 2.x module.
Lev and I couldn’t be more excited for Brandon to develop this passion. I’m doubtful that we’d ever try to position ourselves as the next Cyrve, but it’s great to bring on this skill set.
This spring we had the opportunity to develop a custom event management tool for our friends at Manhattan Kayak Company in NYC. Abstracting that work into a Drupal contributed module, we’ve been actively working on an entity-base event sign-up tool for Drupal 7.x. The project is currently called Entity Registrations. We’re talking with the good folks who manage the Signup module about porting our work there as the 7.x-2.x branch of sign-up, as well as potentially working the module into Drupal’s Conference Organizing Distribution, cod.
We’re also excited to have a number of larger client engagements this winter that will fund new features for this entity-based registration system, an approach we’ve had some success with and discussed at the recent BADCamp NP Summit. We anticipate releasing CRM integration, paid event management, and group-based sign-up features over the next few months - so stay tuned.
MailChimp is one of our favorite technologies - as well as one of our favorite clients. Over the last 10 months, the usage of our MailChimp integration module has more than doubled to just shy of 6K. This summer we released an integration with MailChimp’s transactional email service - allowing Drupal sites to send all outgoing mail via MailChimp, as well as to collect robust delivery analytics from the service.
With a number of CRM-related projects on our horizon, we will be working hard over the next few months to build out a third integration with MailChimp’s campaign feature - which, in short, will allow us to develop bulk-email tools natively in Drupal.
In addition to a number of Salesforce integration projects, this winter we will be lighting a fire under Red Hen CRM - the native Drupal 7.x CRM initiative we started just prior to DrupalCon Chicago. It’s still unclear whether or not we’ll piggy back this work off of another project, such as Trellon’s CRM initiative. Regardless of the details, we are very excited for the opportunity to contribute more time, energy, and code to this important Drupal initiative.
Obviously there’s always more to get excited about. So, here are a few phrases describing other stuff that we’re excited for tackling this winter: open data, custom JSON parsers for the Feeds module, the Open App Marketplace, Drupal 7.x distributions, Pantheon, custom Solr facets, the Media module, QR codes, smarter usage of EntityFieldQuery, developing our own Drupal-base virtual project board, etc…
That’s right. We’ve got a lot going on and are looking to bring on another senior-level Drupal engineer. So, if you know anybody who would like to live in always-sunny PDX, Oregon - have them check out the following announcement.
Questions? Comments? We want to know! Drop us a line and let’s start talking.Learn More