Overview
Most Drupal security vulnerabilities are discovered via manual code reviews or by accident. This session will introduce two automated approaches to detecting Cross-Site Scripting (XSS) and SQL Injection (SQLi) security vulnerabilities and present progress to date in applying them to Drupal.
Dynamic Analysis, or "data tainting," involves tagging actual data within a running program received from untrusted sources as "tainted," propagating the taintedness to any data derived from tainted data, and detecting when tainted data is used in dangerous circumstances. For example, data tainting would detect when any data derived from unsanitized GET request parameters is outputted within HTML.
Static Analysis involves performing data-flow analysis directly on source code to detect when certain kinds of security vulnerabilities are possible. Like Dynamic Analysis it uses a data tainting model but instead of operating within a live running program on real data it studies all possible code paths within a program to identify potential problems.
Agenda
* Conceptual introduction to Dynamic Analysis and Static Analysis
* Advantages and disadvantages of each approach
* Current progress and results with Drupal
** System-wide data tainting using Taint PHP
** Using the Schema API for accurate database tainting
** Development of Taint Trace for easier debugging
** "Run-time static analysis" of Drupal Input Formats
Goals
Attendees will learn how Static and Dynamic Analysis can work to improve program security by automatically detecting XSS and SQLi vulnerabilities.
Resources
This session requires only basic PHP development skills. All Drupal module developers are qualified and encouraged to attend.
Overview
The session will introduce the Field API intended for Drupal core. The Field API supports "CCK fields in core" as a new central concept for organizing content as an eventual replacement for the Node API model.
Agenda
* Motivation for Fields in core
* Design goals for the Field API
* Current status of the Field API
* Fields on remote data and the semantic web
Goals
Attendees should leave this session understanding what the Field API is, how it will work, and how to use it to create custom content types programmatically.
Resources
Attendees should be familiar with node types and how to use CCK user interface to define custom content types with fields.
An update on the State of Drupal.
Overview
This session is made for folks that are new to coding in general or new to Drupal coding in particular. We'll start off with some basic discussion about working with Drupal as a framework and what that even means. Then we will go through an overview of how Drupal's framework is set up and the various APIs and systems you can work with. This is specifically targeted at people who do not know what FAPI or a "hook" is and are trying to wrap their head around these new concepts. We'll finish up with community resources to help you on your coding journey. The only prerequisite is a curious mind. You don't have to be a l33t hax0r.
Topics to be covered
- How is coding with Drupal different from plain PHP/MySQL?
- Overview of Drupal code base
- What is a hook?
- What is the theme system?
- What is FAPI?
- What is the menu system?
- What about database stuff?
- Coding standards
- Security
- How to learn/get help
Goals
Give people a strong foundation in Drupal concepts from a code perspective as well as pointers to good resources for continued learning.
Overview
This session will be presented by the maintainers of the Location and GMaps modules. Updated, stable versions of these modules will be released this summer, and we will talk specifically about the capabilities of these modules. We will also address the roadmap for growing these modules into a broader GIS/mapping platform for Drupal.
Agenda
Goals
The goal of this session is to engage people with the current evolution of Drupal mapping by sharing what is currently possible, and to get community buy-in on Drupal as a GIS/mapping platform by presenting a clear set of goals for the near future.
Resources
The State of Geospatial in Drupal:
http://groups.drupal.org/node/12485
Drupal mapping group:
http://groups.drupal.org/mapping
Location module:
http://drupal.org/project/location
GMap module:
http://drupal.org/project/gmap
Geo module:
http://drupal.org/project/geo
OpenLayers module:
http://drupal.org/project/openlayers
Overview:
Imagefield Gallery is a module that's been around since shortly before Drupalcon Boston. I created it with the intent of making gallery management for an existing site easy for single nodes. Since that time others have used it for their own sites, and have extended it to work with proprietary gallery types that have not been contributed back. I would like very much to introduce the drupal community at large to imagefield gallery and encourage them to help develop it in a direction that could be beneficial for ALL of drupal, not just a small subset.
As stated above, imagefield gallery's primary purpose is to create galleries on a node from an existing imagefield. The new 2.x version cleans up the admin, and is striving to squash some old bugs, and add new features. In development is the ability to do node references, as well as a new gallery type. Imagefield Gallery makes creating new gallery types pretty easy and straight-forward. These gallery types are re-usable in a large number of instances and allow the site administrator to customize gallery types per content type.
Agenda
Goals
Ultimately the objective of this session is to introduce Drupal at large to the Imagefield Gallery module, and show them what it can do for them. With some help I believe imagefield gallery can fill a significant void in the current Drupal codescape and give Drupal a varied and significant gallery system upon which to draw.
Resources
Project Page:
http://drupal.org/project/imagefield_gallery
Development/News Blog:
http://www.worxco.com/blog-categories/imagefieldgallery
Overview
The Drupal 6 menu system has a fundamentally different architecture from what was present in Drupal 5. This session is designed to highlight the key features of the new system, and give some code-level examples of how to use them well and what to avoid.
Agenda
* How does Drupal 6 serve paths and render links
* When are the menu hooks called
* When to define a router item
* Examples of bad code
* Examples of good code
* Advanced tricks and tips
Goals
By the end of this session I hope you will have thrown off the shackles of your Drupal-5-based thinking about the menu system and be ready to use the features and be aware of the limitations of the Drupal 6 menu system.
Resources
You should be familiar with writing a hook_menu implementation and preferably the {menu_router} and {menu_links} tables to get the most of this session
Overview
Testing saves time, allows you to provide code-level checking for your clients' crazy requirements, documents how your code is supposed to work, frees you to refactor your code without fear of breaking things, and ensures you never get the same bug twice. Sounds great! But how do you get started?
This session will provide an intro to testing for developers who've never touched it before, in preparation for Testing, part 2: Crazy testing party!
Agenda
* What is testing?
* Why is it awesome?
* What tools do I need?
* How does it work?
* How do I write tests?
Goals
Attendees will leave this session with an understanding of how testing works at a broad level, and how to write a basic test. They'll be provided with hand-outs with more detailed information.
Resources
* http://drupal.org/simpletest
* http://www.lullabot.com/articles/introduction-unit-testing
* http://cwgordon.com/how-to-write-automated-tests-for-drupal
Overview
This is the first of two sessions on the use of jQuery in Drupal and will cover basic jQuery syntax and usage. It will also answer questions such as "Why jQuery?", comparing it with other popular js libraries, and provide visual demonstrations of what can be done with it in Drupal modules.
Agenda
* What is jQuery
* Showcase of jQuery functionality
* How do I use it?
* Debugging JavaScript with Firebug
Goals
By the end of this session, attendees will have an understanding of the power of jQuery to enhance the web experience as well as a thorough grounding in the fundamentals of its syntax and usage.
Resources
No prior knowledge of jQuery is needed for this session but an understanding of JavaScript fundamentals would be advantageous.
Overview
The Knight Drupal Initiative (KDI) is an ongoing, open grant funding process for the Drupal open source project. We want to enable more people to enter the digital conversation by lowering the technical barriers to entry. We will provide powerful tools for digital publication, free and open to all. Our goal is to encourage people to improve their communities by supporting the free exchange of information and ideas.
Agenda
* Introduction to the KDI
* Program goals
* How to apply for a grant
* How you can help the KDI
* Project brainstorming and questions
Goals
We want everyone to participate in the KDI, in order to increase funding for the goals of the Drupal project. This session will let you know how you can get involved.
Resources
* KDI group
* Frequently asked questions
* KDI flyer [pdf]