Drupal

From Wikipedia, the free encyclopedia

This page is currently protected from editing until disputes have been resolved.
This protection is not an endorsement of the current version. See the protection policy and protection log for more details. Please discuss any changes on the talk page; you may use the {{editprotected}} template to ask an administrator to make the edit if it is supported by consensus. You may also request that this page be unprotected.

This article or section needs sources or references that appear in reliable, third-party publications.
Primary sources and sources affiliated with the subject of the article are generally not sufficient for a Wikipedia article. Please include more appropriate citations from reliable sources, or discuss the issue on the talk page.
This article has been tagged since June 2008.

Drupal

Home page of a default Drupal installation (with a Lorem Ipsum article).
Latest release	6.2 / April 9th, 2008 changelog
Written in	PHP
OS	Cross-platform
Genre	Content management framework, Content management system, Community and Blog software
License	GPL
Website	http://drupal.org

Drupal (pronounced /ˈdɹuːpʰəl/) is a free and open source modular framework and content management system (CMS) written in the programming language PHP. Like many modern CMSs, Drupal allows the system administrator to create and organize content, customize the presentation, automate administrative tasks, and manage site visitors and contributors.

Drupal is sometimes described as a "web application framework" as its capabilities extend from content management to enabling a wide range of services and transactions. Although Drupal does offer a sophisticated programming interface, basic web site installation and administration can be accomplished with no programming.

Drupal runs in many environments, including Windows, Mac OS X, Linux, FreeBSD, OpenBSD, Solaris 10, OpenSolaris and any platform that supports either the Apache (version 1.3+), or IIS (version IIS5+) Web server and the PHP language (version 4.3.3+). Drupal requires a database such as MySQL or PostgreSQL to store content and settings.

History

Originally written by Dries Buytaert as a bulletin board system, Drupal became an open source project in 2001. Drupal is an English transliteration of the Dutch word “druppel,” which means “drop” (as in “a water droplet”). The name was taken from the now-defunct Drop.org website, whose code slowly evolved into Drupal. Buytaert wanted to call the site “dorp” (Dutch for “village,” referring to its community aspects), but made a typo when checking the domain name and thought it sounded better.^[1]

From May 2006 to April 2007, Drupal was downloaded from the Drupal.org website more than 600,000 times.^[2] A large community now helps develop Drupal.^[3]

As of June 2008, Drupal 6.2 is the latest release.^[4]

Drupal core

The official release of Drupal, known as "Drupal core", contains basic features common to most CMSs. These include the ability to register and maintain individual user accounts, administration menus, RSS-feeds, customizable layout, flexible account privileges, logging, a blogging system, an Internet forum, and options to create a classic "brochureware" Web site or an interactive community Web site.

Web site content can be contributed by registered or anonymous users (at the discretion of the administrator), and made accessible to Web visitors by a variety of criteria including by date, category, searches, etc. Drupal core also includes a hierarchical taxonomy system which allows content to be categorized or "tagged" with keywords for easier access.

Drupal maintains a detailed changelog of core feature updates by version.^[5]

Core modules

Drupal core also includes "core modules" which can be enabled by the administrator to extend the stock functionality of the core Web site.

The core Drupal distribution provides a number of features, including:

Multi-user content creation and editing
Advanced search functions
Comments, forums, and polls
User profiles
Multi-level menu system
RSS Feed and Feed Aggregator
Various access control restrictions (user roles, IP addresses, email)
Access statistics and logging
Caching and feature throttling for improved performance under load
Descriptive URLs (for example, "www.example.com/products" rather than "www.example.com/?q=node/432).
Workflow tools (Triggers and Actions)
Security/new release update notification
OpenID support

Core themes

The color editor being used to adjust the "Garland" core theme

Drupal core includes several "core themes", which customize the aesthetic look-and-feel of the site. These themes can be chosen by the administrator via a special menu.

The Color Module, introduced in Drupal core 5.0, allows administrators to change the color scheme of certain themes via a Web-browser interface. This feature was added to allow a higher level of customization for the average non-coder.

Translations

As of February 2008, translations for Drupal's interface were available in 44 languages plus English (the default).^[6] Some read right to left, such as Arabic and Hebrew. Drupal 6 provides improved support for content and content administration in multiple languages.

Auto-update notification

Beginning in version 6.0, Drupal can automatically notify the administrator when a new version of a contributed module, theme, or the Drupal core itself, becomes available. This is a feature which may help to keep a Drupal installation up-to-date with the latest features and security fixes.

A module for version 5.x provides identical functionality, but it is not included in the core release.

Extending Drupal core

Drupal core is designed to be modular with a system of "hooks" and "callbacks", which are accessed internally via an API^[7]. This design allows third-party "contributed" (often abbreviated to "contrib") modules and themes to extend or override Drupal's default behaviors without changing Drupal core's code.

Drupal's modular design, which isolates Drupal core's files from contributed module and themes, increases flexibility and security and allows Drupal administrators to cleanly upgrade to new releases of Drupal core without potentially overwriting their site's customizations.^[8] To maintain this separation, Drupal administrators are instructed to avoid altering Drupal core's software.

Contributed modules

Contributed Drupal modules offer a variety of features including image galleries, custom content types and content listings, WYSIWYG editors, private messaging, 3rd-party integration tools, and more. The Drupal Web site lists 2147 ^[9] free modules (as of June 1st, 2008), written and contributed by the Drupal community.

Two modules are particularly important to typical Drupal installations^[10]:

Content Construction Kit (CCK)^[11], allows site administrators to dynamically create content types. A content type describes any kind of information to be stored in the Web site's database. These may include, but are not limited to, events, invitations, reviews, articles, or products.

Views,^[12] facilitates the retrieval and presentation of content to site visitors.

The CCK API is scheduled to be integrated into Drupal as a core module starting with Drupal 7, and Views will follow at some point thereafter.^[13]

Contributed themes

Contributed themes adapt or replace a Drupal site's default look and feel.

Drupal themes use standardized formats that may be generated by common third-party theme design engines. Many themes for Drupal are written in the PHPTemplate engine^[14] or, to a lesser extent, the XTemplate engine^[15]. Some templates use hard-coded PHP.

Although early versions of Drupal's theming system were criticized ^[16] as being less design-oriented and more complicated than those for Mambo, Joomla! and Plone, the inclusion of the PHPTemplate and XTemplate engines in Drupal has addressed some of these concerns. The new Drupal 6 theming system utilizes a template processor in an attempt to further separate HTML/CSS from PHP. A new Drupal development module (Devel) provides assistance to Drupal themers who use Drupal 6.

Criticism

Lack of object orientation

Drupal exclusively uses procedural programming, not object-oriented programming (OOP). While Drupal approximates some of OOP's features^[17], its lack of OOP results in the following:

No encapsulation enforced by the underlying programming language system. This precludes the use of private data and causes nonexistent enforcement of namespace separation. Because there is no namespace separation, any function or variable in an installed module or theme can cause a serious error, including a white screen of death, if its name is the same as that of any other function or variable in any other installed module, installed theme, or the Drupal core.^[18]
Less efficient code reuse since object inheritance is "weak" and polymorphism is only approximated in the rendering layer.^[19]

Drupal's defendants counter that even though PHP's OOP language features are not directly implemented (to ensure compatibility with older 4.x versions of PHP), OOP and aspect-oriented programming (AOP) principles are present in Drupal's design.^[20] This will help ease the transition to future versions of Drupal core, which, starting with version 7, will begin to take advantage of "real opportunities" of OOP provided by PHP 5. Drupal 7 will not be backwards compatible with prior PHP releases.^[21]

Lack of adherence to best security practices

Like most open-source projects, design and coding decisions of Drupal core and its third-party modules and themes are made by a group of core developers who at their own discretion choose whether or not to address suggestions or security concerns for official releases. Some Drupal users have expressed concern that these key developers may not be adhering to established security practices.{{{author}}}, {{{title}}}, [[{{{publisher}}}]], [[{{{date}}}]].

The contributed Views module, for example, may violate the "key 3" information security principle of confidentiality and the concept of security by design by exposing unpublished information by default.^[22] Although this issue has been brought to the attention of the Views module maintainer, the developer and other high level Drupal contributors do not perceive it as a bug, and no further action was taken.^[23]^[24].

Security holes

From January through May 2008, 5 security vulnerabilities have been reported in Drupal core^[25]. 25 of the 2147 user contributed modules were also found to have security holes.^[26].

As security holes are discovered, Drupal core is regularly updated to new versions. The administrator is notified automatically of these new releases via the Update Status module.^[27] Additionally, Drupal.org maintains a security announcement mailing list, a history of all security advisories^[28], a security manual^[29], and an RSS feed with the most recent security advisories.^[30]

Distributions

Customized Drupal distributions include some repackaged third-party modules, some with modifications to the core, including vbDrupal, which is Drupal integrated with vBulletin.

Drupal 4.2 ^[31] was used for DeanSpace, which hosted many independent Web sites supporting the 2004 presidential campaign of Howard Dean. After the Dean campaign ended, the DeanSpace project grew into CivicSpace, a Drupal-based "grassroots organizing platform that empowers collective action inside communities and cohesively connects remote groups of supporters." Thus CivicSpace is a spinoff distribution originally based on Drupal 4.2.

Many innovations in CivicSpace have been incorporated back into the Drupal project itself^[32]. Features particularly useful for nonprofit organizations and political campaigns are provided in the CiviCRM module for Drupal 5.0 and higher.

It has been suggested to distribute "pre-made" Drupal installations that are pre-customized with third party modules and configured towards a particular type of Web site: an online store, a music review site, a blogging site, etc. Drupal 5.x goes in this direction, providing a set of "installation profiles" tailored to specifics goals^[33].

Community

Drupal has a large community of users and developers. More than 300,000 user accounts have been created on Drupal.org, and over 2000 people have signed up for developer accounts^[34]. The last major conference, Drupalcon Boston 2008, attracted over 800 people^[35].

There are a number of active Drupal forums^[36], mailing lists^[37], and discussion groups^[38]. Drupal also maintains several IRC channels on the Freenode network^[39].

Acquia

In 2007, a Drupal-focused company, Acquia, was created by Drupal project lead Dries Buytaert and others. Acquia announced at Drupalcon Boston 2008 that it will offer a subscription-based service for Drupal in the 2nd half of 2008. Subscriptions will include one or more Drupal distributions^[40], a set of companion network-supplied value-add services, and access to a Technical Assistance Center.