Leaderboard

Client: I can't login to the back-end ! We asked: What browser do you use ? Client: What do you say ? We asked: With which program you go on the internet? Client said: Mozzarella

Changing passwords now is basically a gut reaction, a fear. This issue (the vulnerability) has been in existence for quite some time. Knowledgeable security individuals have known about this for some time. The fact that we (the public) are just now finding out about this means they now have a workable patchable solution. We all felt safe before we knew about this. The only thing that has changed so far is our knowledge of the vulnerability. We need to be reasonable and take a measured approach to our online security. You better believe this isn't the only vulnerability out there, it's just the latest we have found out about. If this wasn't related to an Open Source solution, we would still be in the dark, however we would feel secure. Not having the same password is a common sense practice. Security is not glamorous or fun. It takes an effort on the individual to make it work. Security is not profitable, so the corporations will not spend the money or time on it. Users want ease-of-use not complicated security policies. They only want security when the outside world touches them personally or financially. Don't get me wrong, this is very important and should be a wake up call to some. It's a constant reminder that we need to review and revamp our own personal security practices.

My client of the day is a chap for whom I did a couple of banners to run when Double Click was very first launched - 1996? Something like that. It seems he never got round to using them until now but cannot find the CD. He would apreciate it is I could run a new copy for him - he is not prepared to pay. NO I BLOODY WELL CANT! ------------------------------------- Please feel free to post YOUR client of the day.....

Greetings, I have two opposite interpretations here... I think this is a good moment for us to remember how complex Internet security really is. We can sometimes get the idea that if we just run this or that script we have it covered. But I've been researching security over the past few months, and I'm amazed at how murky the situation is. It seems to me that a lot of our "security" is an illusion. It's only secure as long as no one seriously tries to break in. If a malicious person has enough knowledge, motivation, and time, nothing is completely secure. On the other hand, the "Heartbleed" situation reveals that even security problems are more contained than they first appear. With all the hype, you would think that every server in the world is broken. Read further and you see that most servers weren't even running the compromised SSL library. And the ones that were compromised were able to seal the hole quickly. On a related matter, this situation also revealed how poorly most people understand the basics of the Internet. Advice to rush out and change your passwords was silly. If the server was compromised, your data isn't made safe by changing your password; if the server was "fixed," there is no need (of course, changing passwords regularly is a good idea for entirely separate reasons). Major newspapers published inaccurate (even damaging) information. For example, The New York times published an article suggesting it was the open source nature of the SSL library that is the problem, stating that "its code resides online and can be amended by anyone." There is a lot we can learn here about security, but the lessons are not always so clear. Thanks, Matthew

Okay, got to go for a name drop here. I was working on the final soundtrack for the video release of Cameron MacKintosh's live show, "Hey, Mr Producer" (Brilliant show, by the way) It had been a difficult job - David, who had been mixing the music tracks, had had to get a few of the stars back in to redub their bits .... in tune! We were getting close to deadline and because of the remixes, I had only just received the last tracks and was resyncing them to the picture and rebuilding the audience sound track. Cameron's PA phoned. "Cameron says for you to do an all nighter to get it finished." I replied, "I can't do that as I have another session in the morning - I need to have had some sleep." PA: "You realise who Cameron is and how rich he is?" "I still can't - doing sound on no sleep is unfair to the client." "So, who is the other client that is so much more important than Cameron MacKintosh? Can we pay them off?" "We are recording an interview with the chairman of Microsoft." There was a long silence on the other end of the phone. So I added: "Would you like their phone number or shall we reconvene tomorrow afternoon?" Even being rich and famous is relative.

Do you guys know the site "Clients from hell" ? It has similar stories from (web)-developers and designers all over the world, funny and recognisable stories and situations at times http://clientsfromhell.net/ @martijn: Yes i remember that one

It's not garbled code - view the page source and it will be better formatted showing you all the fields in the template on the page. Echoing $page->fields shows the template name because of the way things are configured, but I honestly don't think there is a real need to ever do that, because you get the same thing from $page->template->name which is more logical if that's what you are after. While it's great to learn and understand the inner workings of the code, I sometimes feel like you are trying to learn too much too soon. Spend more time building and using what you need, rather than dissecting everything. You'll figure out the minor details when the need arises, rather than confusing you before you a full handle on the basics. Does that make sense? For a basic PW site you really just need to know that you can echo out any field with $page->fieldname and that an images field either returns a single image, or an array of images depending on the maximum files allowed setting. If you have an array you can foreach through it. That's really the extent of things you need to build your first site. Using your current question - how often do you really need to get all the fields on a given page? I am really not trying to criticize your approach, I just think you'll get more for your effort by just building stuff. Either way, we'll continue to help, but it's always more fun helping with solutions to practical questions

Why panic? We just should be aware and become knowledgeable about solutions. Until hosting providers and major websites identify and update their code, there's not much we can do about the situation. Changing passwords would be premature until the code is updated/verified and SSL certificates are reissued.

If I understand correctly I don't think there is a built in way of doing this, but I have done something like this programmatically in front-end forms, so you could do the same with a hook on an admin form template. Curious though what your use case is. Couldn't you just have two page fields with the different parents? If not, one solution might be to hook on ProcessPageEdit::processInput and take the value from a text field (child_new) that would be where you'd enter the name of the new page, and then have a select for choosing which parent you want it added to (whichparent). I would actually disable the allow new pages to be create from field option to avoid confusion. Then after you have created the new page from the value of the text field, set it to blank so it can be used again. Sorry I don't have much time right now, so this should be considered pseudo code and ugly pseudo code at that, but maybe it will get you going! class NewPageCreator extends WireData implements Module { public static function getModuleInfo() { return array( 'title' => 'New page creator', 'summary' => '', 'href' => '', 'version' => 1, 'permanent' => false, 'autoload' => true ); } public function init() { $this->addHookAfter('ProcessPageEdit::processInput', $this, 'addToParent'); } public function addToParent($event){ // ProcessPageEdit's processInput function may go recursive, so we want to skip // the instances where it does that by checking the second argument named "level" $level = $event->arguments(1); if($level > 0) return; $pp = $this->post->input->whichparent; if($this->input->post->child_new == '') return; //if no child_new entered, leave now $newchild = new Page(); $newchild->template = $this->templates->get("template-name"); $newchild->parent = $pp; $newchild->of(false); $newchild->title = $this->sanitizer->text($this->input->post->child_new); $newchild->save(); // Save the new child $pp->test_page = $newchild; //add it to the list of selected pages for the page field $pp->child_new = ''; //empty the child_new field - it is now in the main child field $pp->of(false); $pp->save("child_new"); } } I revised this significantly and did a little testing. This should now pretty much work, although note that field names for child_new and whichparent are hardcoded.

Hey guys, i have released a new version of AIOM+. The update to version 3.1.3 includes a few improvements in the LESS parser and CSS minification. Also, I have set the status from AIOM+ to stable.

The url of the site is: http://wire.madaboutbrighton.net/ (which works as expected BTW, until you proceed to the next step) so I think the two wires is correct, but maybe the wire subdomain is causing a conflict somehow?

Not a client of the day, but something similar to Mozzarella: A man stands in the ice cream parlor and looking at a dog of breed Dalmatians. When asked what sort of ice cream he wants, he says: "Dalmatians" but want say "Straciatella".

Oh, and the other panicky information I hate at the moment is that some sites are recommending change passwords immediately when the correct course of action is probably to change them in a few days so services you use have a chance to patch their servers - otherwise you may get complacent and think you're safe but the server may still have been compromised. It's a bit of a mess to be honest, but most companies seem to be reacting swiftly. One thing I will be trying to do is keep a comprehensive list of sites I have an account with in future.

I know Servint updated servers as soon as the patch was released, but if you want to check for yourself and are on a Linux server then this is really useful: http://blog.servint.net/2014/04/08/patching-heartbleed-bug-openssl/ There seems to be a lot of panic over it to be honest and not enough clear information that mainly affects Linux servers, and not enough helpful links like the one I just posted to see if you're affected. If in doubt though, contact your Web host.

In case anyone is wanting to access the item link or summary, you just need to add these to the makeCalendarItem function. $a->link = $this->cleanText($item->link['href']); $a->summary = $this->cleanText($item->summary); and edit the __construct function appropriately.

I think, more than anything, Diogo and Martijn are highlighting to you the importance of semantics and syntax within your code: though the syntax produces a result, even one you might be able to work it, it's semantically confusing, implicit, and error prone. I know you're just testing the code, please don't think anyone is trying to badger you. Test, play, code all you need to in order to grasp the API. I think everyone just wants to help you get these small concepts and keep them in mind because they are important.

Hi everyone, I am wondering if we are able to change the parent of the selectable pages dynamically? potentially to the parent of the current page that is being edited? I am trying to search the forum but nothing comes up potentially because of the search breaks down each word. Thank you.

Hi I would like to share with you my first module. Module integrates PixlrEditor with a InputfieldImage. You can easily edit your images online. The module provides a link to edit each field type InputfieldImage. Have fun;) Warning: I have not tested yet on localhost. As Ryan pointed out. It does not work on localhost. Pixlr webservice must have the ability to get images from your server. Source: https://github.com/P...GIX/PixlrEditor Screenshots: Changelog 1.0.2Now Support Thumbnails Module - Thanks to joey102030 for the addition.

@wtrainer I'm just looking at the path reported in your error message; "(in /home/madabout/public_html/subdomain/wire/wire/core/ProcessWire.php line 143)." I suspect that the ".../wire/wire/core/..." should only be ".../wire/core/..." which makes me wonder if the zip extraction was to the right place. I don't know but it's the only lead I can give you at the moment. Personally I install PW using "git clone" directly from the repos and that saves me having to worry about extracting to the right place. Anyway, hope you get to the bottom of this.

@videokid - thanks for the report. I have just committed a quick fix for this. I am not sure on the best solution, but the Custom Upload Names module will now ignore any images with an initial filename that contains "youtube" or "vimeo". Of course that means that these won't get renamed at all, but I think that is probably the best behavior at the moment. Please let me know how it works for you. EDIT: Just to clarify - it is Custom Upload Names that got the update, not GetVideoThumbs

Thoroughly enjoying that site - it does remind me of some silly requests I have had in sound studios over the years. * "Can we have the sound of headlights sweeping across a window?" * "I need a background atmosphere of two people sitting on a sofa." To which I replied, "doing what?" * "Can we lower the first violins slightly?" The radio producer/client asked me after I had played back a recently discovered, unbelievably rare mono recording of Dmitri Shostakovich conducting one of his OWN works in Moscow when he was young. The recording had been brought to me by a friend who was acting as an archivist for a library of recordings that had been kept hidden away by the Soviets. He thought it would suit this programme. "I cant lower the strings in an already mixed recording," I pointed out. "And anyway, even if I could, I don't think it would be right to do so." "Trust me," said the vain producer. "I know a lot more about Shostakovich than who ever that idiot is who is conducting!"

I found this post kind of interesting: http://article.gmane.org/gmane.os.openbsd.misc/211963. Haven't checked the facts myself so can't really vouch for it, but if it's true.. well, it does tell something about the mindsets of the developers working on this particular product. Security in general is very complicated thing like Matthew already pointed out, but too often vulnerabilities are (at least partly) a result of laziness, general ignorance and/or bad practices.

There is an argument to change them twice - once now because you may already have been hacked and then once you are sure services have changed. But the main thing being pushed in the press is to not duplicate the use of passwords, so this might be beneficial just as a reminder. The other problem with waiting is that this is fine if you are in the business. If you are just a normal internet user, how will you know if that forum you use has been updated or not? The chances are you wont have the foggiest so you could be waiting for ever. Complicated as hell.

Well this is a problem as it should say $_SERVER on that first line and not SEVER (a bit severe to be severing things if you ask me): <?php echo $_SERVER['PHP_SELF'] ; ?> Though I would personally do this instead: <?php echo $page->url; ?>

http://cheatsheet.processwire.com/#sanitizer

I do, all the time in jQuery But yeah, traversing an array manually in PHP with each() is a random occurrence for me too. Used in conjunction with list(), it's slow and fickle. foreach() FTW

Hey Ryan, Just went to use this module and that break/continue error is still happening. I'll submit an issue on Github too. EDIT: Apparently I submitted an issue already - 3 months ago!

PawelGIX, just to let you know I forked your repo in Github and added the functionality to handle edit cropimage thumbnails. The 'Edit in Pixlr Editor' function appeared to be broken in the latest PW so I added a fix for that too

I also wanted a solution on a site that kinda has this issue with lots of these, instead I created a hook on what Ryan mentions. Also I changed it to replace only those preceded with a whitspace, so those that actually make sense between two words intact. https://gist.github.com/10330802 <?php /** * TinyMCE replace nbsp with regular whitespace * * Only nbsp preceeded with a whitespace will get replaced, this leaves * single non breaking space only bewtween words * * ProcessWire 2.x * Copyright (C) 2012 by Ryan Cramer * Licensed under GNU/GPL v2, see LICENSE.TXT * * http://www.processwire.com * http://www.ryancramer.com * */ class TextareaStripNbsp extends WireData implements Module{ public static function getModuleInfo() { return array( 'title' => 'Unicode (x00a0) Stripper', 'version' => 100, 'summary' => "Replaces the Unicode non-breaking space character /\s\x{00a0}/u with a regular space for all InputfieldTinyMCE when saving.", 'autoload' => true ); } public function init(){ $this->addHookAfter('InputfieldTinyMCE::processInput', $this, 'hookFixNBSP'); } public function hookFixNBSP(HookEvent $event){ $value = $event->object->value; // replace only nbsp with a preceeding space // this ensures nbsp to not wrap words still works $value = trim( preg_replace('/\s\x{00a0}/siu', " ", $value) ); $event->object->value = $value; } }

Check your root/site/config.php for credentials. If they are there, you don't have a clean install.

EDIT: This is obsolete, as of the fix is already in the dev branch 2.4.2, so better you fetch a new PW-Version from there ------------------------------------------------------------------------------------ Hi, I have added an UnSharpMask method to the attached ImageSizer.php that allow sharpening with the buggy PHP versions too. It is an implementation in pure PHP and doesn't use the buggy imageconvolution function from GD. But transparent png's even do not work nicely and get skipped from sharpening. And please, first test it before dropping into a production site. SO, if you want try it, here it is:

http://www.askapache.com/htaccess/rewrite-uppercase-lowercase.html Have fun!

Hi totoff, I guess it's not really a secret. I used to run a webagency and I'm used to crazy deadlines. So, no i was not working 24/24 at all. I dont know if this method would work for everybody, but here is how I work : - Give yourself a deadline - Spend 1/8 of the time allocated to plan ahead the project, the data structure, the features. - Use tools, libraries, frameworks you know by heart, and learn one new tool ( no more no less ) at each project. Small tool for a small project, bigger tool for bigger project. - If you run into a bug, give yourself 10min and/or 5 tries max to find the reason of the bug (the reason, not the solution). If not found, don't get stuck, wait the next day. - Don't optimize before going to prod. Wait 24h after going to prod to see bottlenecks, then add one day to fix performance issues ( same thing : only tools you know, learn one new every time ) - Use a good css/js library / framework. - Rely carefully on third party plugins : try to stay the master of your markup. - Work with repeatable design so your css will be repeatable and modularized. - Be the one who design the site : so you can balance difficulty - To do list, to do list. Plan the next day at the end of the day. - If you have the budget, use QA services ( like http://crowdsourcedtesting.com/ ) - Know the market you're coding for. Don't kill yourself for under represented browsers. - Use a laptop, so you can code anywhere ( when you have an idea, etc... ). - Practice, practice, practice

Can't remember even talking about the Modules Manager, but I guess talking about the ability to install modules from the backend in 2.4 may have come across as that to a long-time user. By the way, the talk led to German web dev/design magazine Screenguide asking me for an article about PW, so more exposure for PW in German(y) coming up. I'm not sure when that issue's coming out. Might be May or June.

Not sure if you already got this, but just to be clear: you don't just "receive" one or more results, you explicitly ask for either of those. A get() will return one result that you can use directly, even if the selector you use would return more, and a find() will return an array that you have to itterate through, even if the result of that select is only one page.

WWF sponsors a number of projects to track wildlife with satellite tags - this Processwire/Google Maps tool lets the public follow along in nearly real time. There are 6 different species and over 40 individual animals. http://wwfgap.org/tracker/ This is the second iteration using Processwire - it was a delight to work with. Feedback welcome!

This is the only way I know to create different sizes when uploading images: <?php class ImageCreateThumbs extends WireData implements Module { public static function getModuleInfo() { return array( 'title' => 'ImageCreateThumbs', 'version' => 100, 'summary' => '', 'href' => '', 'singular' => true, 'autoload' => true ); } public function init() { $this->addHookAfter('InputfieldFile::fileAdded', $this, 'sizeImage'); } public function sizeImage($event) { $inputfield = $event->object; if($inputfield->name != 'images') return; // we assume images field $image = $event->argumentsByName("pagefile"); $image->size(120,120); $image->size(1000,0); } } https://gist.github.com/5685631 What I don't know is if it really makes a difference (I guess), and if using drag and drop ajax upload and old school upload would process image one by one. My suggestion is to also upload image already in 1000x* pixels because if they upload 3000+ px images it will just takes a lot longer.