Leaderboard

I agree. And I'd like to suggest "Publish + Add new" to "Publish + Add Another" as it is a bit more clear in suggesting: "Another of the same template". One more thing, maybe it's a good thing to change the button to be like this example attached. Not advanced users may find it easier to understand.

This is quite a change to current implementation, but I'll have to agree. A split button is widely used and well known pattern, while the delayed dropdown we've got now is pretty much unknown, at least to me.. and probably most regular users.

And now have a 0.2 that implements everything from the basic wireMail() plus a few goodies.

Not sure if you read this: http://stackoverflow.com/questions/5055845/php-strip-tags-allow-3-text-hearts As you said, it's not possible to use the allowableTags option of the textarea sanitizer either because it's not actually a real tag. You could convert "<3" to "<3" during your form submission (before you sanitize) and then it will be preserved.

Sneak peek : https://github.com/plauclair/WireMailMailgun I've started implementing Mailgun. It's mostly working except for some stuff. Look at the tags for 0.1 prerelease.

I just added the stripTags and also the other missing option: newlineReplacement, to the docs: https://processwire.com/api/variables/sanitizer/#options-that-may-be-provided-to-the-text-and-textarea-functions

Just a bit of a followup here. Have you tried the stripTags option for the textarea sanitizer? echo $sanitizer->textarea('I <span style="color:red"><3</span> ProcessWire', array('stripTags' => false)); That will allow all tags, including <3 to be submitted. Of course I still think the purifier might be a better/safer option, but thought I'd mention in case you didn't know about it. It's actually not listed on the $sanitizer docs page, but you can see it here in the source code: https://github.com/ryancramerdesign/ProcessWire/blob/b95e36a8d3071139bea5ed72b8b5025b876df976/wire/core/Sanitizer.php#L430

I think so, too. And comment system should change this as well.. Actually I figured it strips everything where a non whitespace character follows an opening bracket so your example gets stripped whereas < $20 wouldn't.. just for the record ;-) Alright.. I really need to crack the bed now^^ So love <3 to all you PW lovers

strip_tags removes anything after a "<" until the closing ">". If it is never closed, then the rest of the content will be removed. I think the best option might be the purify sanitizer like you are already using. I get the feeling though that the textarea sanitizer should probably replace strip_tags with purify - obviously the way it currently works is not satisfactory because it will also delete <$20 and anything else similar and obviously valid.

If the hackers are as good in hacking as in designing websites, then certainly not

Tracy Debugger for ProcessWire The ultimate “swiss army knife” debugging and development tool for the ProcessWire CMF/CMS Integrates and extends Nette's Tracy debugging tool and adds 35+ custom tools designed for effective ProcessWire debugging and lightning fast development The most comprehensive set of instructions and examples is available at: https://adrianbj.github.io/TracyDebugger Modules Directory: http://modules.processwire.com/modules/tracy-debugger/ Github: https://github.com/adrianbj/TracyDebugger A big thanks to @tpr for introducing me to Tracy and for the idea for this module and for significant feedback, testing, and feature suggestions.

Hi all, as some of you will know I have been working on a forum solution. My initial code wasn't really talked about so I decided to split the code into two - code for the BB and code for the page-based comments module. I have been working on a page-based comments module over the last day or so, but I wanted to know if anyone else is interested? If so, what data would you want to store? So far I have the following: ip user_agent comment_content votes stars likes If you're wondering why I would want to create a page-based comments module when we already have Ryan's FieldType, then the answer is simple. A page-based module makes it a lot easier to extend to the novice. If you want to use CKeditor, then it's easy enough to achieve with a page-based version.

Buenos dias amigos, We just noticed that our contact form, and for sure comment form, too (custom build / not FieldtypeComments) occasionally strips whole paragraphs of the user content. (A girl told us that she wrote more than she saw in the replies quote) I'm cleaning input right away using $sanitizer->textarea So I tested a little and could narrow it down to strip_tags which is part of $sanitizer->text Commenting it out kept all paragraphs of my test string which were mainly lorem ipsum. With it enabled only the first line would come through. After a lot of searching and trying to PM users here in the forum in hope they would reply soon, I found the actual issue. I started the test mail with a line dedicated to my girlfriend (because she would read it) and ended it with a heart <3 strip_tags things it's the beginning of a tag and therefore strips not only the heart itself but everything after it. O.o By the way, FieldtypeComments is using strip_tags, too. And I just commented the newest Blog post about 3.0.9 and my "<3 Processwire" got stripped, too. Then I wasn't sure how to sanitize the input, didn't wanted to loose any more content, since our crowdfunding we're getting a huge load of mails every day. Thought about entities/entitiesMarkdown but when using it right on the input I needed to unentities on ouput which doesn't make sense because everything like <a onclick="alert('fooo')">click</a> would stay intact.. Many people are suggesting htmlentities for user input..when outputting though. But I don't want/need any tags except for hearts and stuff because we're hippies (quote of my girl^^) Right now I'm using $sanitizer->purify($str, array('HTML.Allowed' => '')); which works at the moment, maybe there other options? Ah, one mentioned to not sanitize input at all but store it as is in db and only escaping (e.g. htmlentities) on output.. I was quite astonished that strip_tags still considers <3 as html, even though emojis exist for decades.. What do you think, or what is your way of dealing with user input? Saludos and good night Can Ah, as far as I know it's not possible to declare <3 as valid tag to strip_tags because it's not an actual tag right? At least my testing didn't work..

Agree, the API is unbeatable. I haven't tried every CMS but at least the ones I have tried, everytime it was time for "Hey Mr.CMS, could you please get me this content from over there?". Either there was no clear answer or a solution that wasn't really up to my liking. For example, in Perch, there is perch_custom_content that returns an array with the data which I instantly started hating. Call me lazy, I just don't like how you have to iterate over array within array. You could imagine my shock when I saw Page and PageArray objects working with chained methods and the beautiful one liners you can do with PW. The closest I have experienced to PW somewhere else is with Kirby's own $pages and $page variables that also work much like PW's I think. But, what eventually moved me away from Kirby was discovering PW page and its page tree that just looked like the answer to all my data organization/displaying/retrieving problems. Had never really though about this. My first site with Processwire had to had an ajax and cached Instagram feed. It was implemented horribly, with the libraries in template dir and a php file for ajax right outside site folder, but IT JUST WORKED. No new things to learn, no weird tricks, just plain PHP working as it is intended. I think that's very helpful for people still in the process of learning backend techonolgies, but that can be proficient doing the front end. In Perch they also have a kind of template tags, which I was never really convinced of using.

+1 for split button. @Ryan - they have those in getuikit

Shouldn't this be the other way round?

+1 for checkboxes and easily discoverable options. I find that settings pages like this are not visited too often and I tend to forget what I should look for when I need to change settings. When I have only one loooong page I can at least use the browser's find feature to quickly look for what I am possibly after I also like that the settings page is full of comments that are not hidden, because this way I am reminded to read them. (I often forget to read tooltips and similar UI help solutions since they are initially hidden, conceptually.) All in all, I agree with tpr that it is an "admin page after all" and most importantly a page that is (should be) used by developers only.

Updated and fixed Russian Language Pack. Completed translation main part of the administrative panel. Add Translation for some popular modules like Markup SEO PW-PW-LanguagePack-ru-RU-master.zip

PW = Framework + a CMS as a little bonus

1. Relatively easy, yes, as in no harder than dealing with them if you build a full solution from scratch. 2. No, there isn't. A fieldtype for that would need to be tailored to a certain implementation logic. 3. There's nothing specific in the api, no, but if you build a field type for it, you can use all the field selectors together with a few lines of PHP to set headers, etag etc. based on the field value to output an image and hook into the existing logic of pagefile/pageimage to add your db inserts on top of PW's builtin upload logic. 4. You can either use PW's database interface (class Database, which is just a small wrapper around mysqli), use plain PDO or include your own database access class. PW has a few reasons for adding images to pages, one of the being security - if you have $config->pagefileSecure enabled and define access restrictions to a page/template, you implicitly limit access to its files too. Any option to store files completely outside PW's page structure will break that relationship and require you to limit access rights on a per-image basis (or to implement your own permissions logic that checks access rights with the pages the images are used in, meaning you still need to "assign" images to pages somehow). I do understand the wish to provide some kind of "image pool" though - it's, in fact, one of the next things I have to tackle for our company's intranet, as we have a lot of repeating images and documents in the technical manuals section there that need to be kept in sync. I'll probably introduce some kind of "files library" template, add library pages in places in the tree wherever security settings change and extend the pwlink and pwimage plugins for CKEditor to allow easy picking and inline uploading. You'd need to do something similar to be able to pick your external images. As for outputting files/images not stored in the usual location under the page's directory in assets/files, the code for FieldtypeSecureFile (which stores page files outside of the web root) is worth looking at.

Thanks for your thoughts @tpr - I am going to take a look at the settings in the next couple of days and clean them up a little. In the meantime, the latest version has some enhancements to the PW Info Panel. In particular, the "Fields List" section has been extended to be "Fields List & Values". It now additionally shows: some key Settings (at the moment just the maxFiles value, but might add some other key ones at some point) the type of value that is returned: object, string, integer, etc the value of the field - which is really nice for easily seeing what properties are available - see the phone_number in the screenshot for a useful example.

Wow, that's fast! Yeah read it, haven't tried htmlspecialchars, but it's not what I want.. You're right that would be way..thanks for sharing adrian, maybe I'll give it a shot Are there other things strip_tags would consider a tag and strip?

Maybe creating a 1/4 and 3/4 columns in the admin, where the first would hold the asm select of the submodules, and the other their settings would make the page structure more logical. I'm not sure the asm select can do showIf things, that would be the best. I guess this would satisfy those who needing a cleaner UI. Personally I'm fine with the current one though, it's an admin page after all.

It's not exactly like the HTML fieldset tag, but PW has fieldsetOpen and fieldsetClose field types which you insert into your template to group the fields between them. Same goes for fieldsetTabs - you can actually create new tabs on the top of the edit window - after the Content and before the Settings tab. Is this what you are looking for?

Hey Adrian. This is looking more awesome by the day. I have to agree with the boys though...It can feel a little overwhelming viewing the configurations' GUI. I agree that something simpler would work better. I would go with ASM as well, or some collapsed fieldsets to hide stuff if possible. As for contemplating adding these two panels: Available upgrades: core and site modules Data from Google Analytics - like realtime visitors and other timely stuff ...IMHO, I think these two are overkill. One, they are a 'digression' from the 'debugger' ball park, which is the core aim of this module. Secondly, we already have other modules that take care of those needs....to some extent. My suggestion is to only stick to tools/features that aid in debugging. Thanks!

Wow!!! Wordpress, Drupal and ProcessWire?? http://hackwithkali.net/how-to-be-a-professional-hacker-complete-guide/ Should we be worried?

Yes I'm only developing on windows and host on linux. I like the new phpinfo section, it's not in the way and it saves me oploading my own php scripts.

As I said, I would not show permission, status and notes columns since they show wrong info on windows. Exist/readable/writeable columns are ok. I can't test what statuses are displayed on linux box, but flaging read/orange/green is also not trivial. If you want to be able to upgrade PW version using ProcessWireUpgrade Module, /wire has to be writeable and if that user wanted to do then it should be marked green (or orange), not red (I don't make /wire writeable in production). If you want to upgrade site modules, than /site/modules has to be writeable etc. I would limit phpinfo() just for admins. I'm hosting 3 live sites on Windows server for more than a year, 2 more to come. No problems so far.

Because i really wanna use the Menu Builder, a friend of mine helped me to build a working solution. ​ We're using the above mentioned solution from @Webrocker as a basis. Maybe it's helpful for others who wanna use the Menu Builder and the UIKit Navbar and so i post the code here: <nav class="uk-navbar"> <?php $mainmenu_items_json = $pages->get('name=main-menu')->menu_items; // this is the menu page in menu builder, could also be fetched with the ID $mainmenu_items = json_decode($mainmenu_items_json, true); if( count($mainmenu_items) > 0 ){ $out = '<ul class="uk-navbar-nav">'; foreach($mainmenu_items as $id => $item){ $isCurrentPage = ($item['pages_id'] == $page->id || ($page->parent_id != 1 && $item['pages_id'] == $page->parent_id)); $subs = false; if(!isset($item['parent_id'])) { $url = ($item['url']) ? $item['url'] : $pages->get($item['pages_id'])->url; $target = (1 == $item['newtab']) ? 'target="_blank"':''; foreach($mainmenu_items as $sub_id => $sub_item){ if(isset($sub_item['parent_id']) && $sub_item['parent_id'] == $id) { $subs = true; break; } } $class = 'class="'.($subs ? 'uk-parent ' : '').($isCurrentPage ? 'current uk-active' : '').'"'; $out .= '<li '.$class.($subs ? ' data-uk-dropdown="" aria-haspopup="true" aria-expanded="'.($isCurrentPage ? 'true' : 'false').'"' : '').'><a href="' . $url . '" class="" ' . $target . '>' . $item['title'] . '</a>'; if($subs) { $out .= '<div class="uk-dropdown uk-dropdown-navbar uk-dropdown-bottom"><ul class="uk-nav uk-nav-navbar">'; } foreach($mainmenu_items as $sub_id => $sub_item){ if(isset($sub_item['parent_id']) && $sub_item['parent_id'] == $id) { $url = ($sub_item['url']) ? $sub_item['url'] : $pages->get($sub_item['pages_id'])->url; $target = (1 == $sub_item['newtab']) ? 'target="_blank"':''; $out .= '<li><a href="'.$url.'" class="'.$target.'">'.$sub_item['title'].'</a></li>'; } } if($subs) { $out .= '</ul></div>'; } $out .= '</li>'; } } $out .= '</ul>'; echo $out; } ?> </nav> It's like @Webrocker says: The best of both worlds! And as a side note: My friend didn't know anything about PW before. After 15 min. he had that solution ready. I think that says everything about the flexibility and the possibilities of PW. Thanks for that CMS and the really great community here! Mario

Sorry for not replying. I was too busy, not only with updating this module. There's now a new dev version that fixes issues and improves some things. https://github.com/somatonic/Multisite/tree/dev For example the biggest change is that the configuration is now set in the config.php via an array in $config->MultisiteDomains $config->MultisiteDomains = array( "dev.domain.com" => array( // domain name can be used to map to root page "root" => "www.domain.com", // page name for the root page "http404" => 27 ), "dev.domain2.com" => array( "root" => "www.domain2.com", "http404" => 5332 ), ); This allows for different domain configurations on a dev and live stage, and since it's not in DB (via the module config) it can be easily transfered with a dump without worrying to overwrite or change the settings. Also there's no need to change the domain "root" pages name, as it's not directly coupled to the requesting domain. So you only change the array keys (=domain). Since the whole concept is all a pretty hack, I found that it comes with some complications that can't be solved in a elegant way. So for example the biggest issue is that you can't crosslink pages via the RTE Link plugin, since it doesn't know about Muiltisite. So you'll end with wrong URL's when for example link from a page of one site to a page of another site. If that's an issue it's still possible to copy the ProcessPageEditLink.module and modify the root parent for the page tree select. I'd be glad to help out with an example there. Further, the structure of a multisite install needs to be - Web (PW root page, I call it always "Web" since it isn't the homepage anymore) - www.domain.com (primary site home) - 404 Page - www.domain2.com (a second site home) - 404 Page ... I think I heard people were using a different structure in the current old version like: - Homepage (main site home) - About - Projects - 404 Page - www.domain2.com (second site home) - 404 Page - www.domain3.com (a third site home) - 404 Page ... But this wasn't ever recommended and it can lead to complications. ---- Again since this module is pretty much a hack, I'm not officially supporting and releasing this module. Use at your own risk. We use it in various projects now and while it works fine with all it's little drawbacks, the new version is little more solid. I would rather like to see if there's a way for a more integrated and supported way in the core. But not even sure how this could work out. Ryan may has some ideas or maybe thinks this isn't something PW could support. - Note that there's multisite core support, but it's for different DB's and "site" folders, but that's a different case altogether. Take care Soma

TL;DR postmarkapp.com looks like a fabulous drop-in replacement for Mandrill now the proposed pricing for Mandrill looks like a price gouge (for low volume users like me). I have just completed initial testing with postmarkapp.com, the service I very nearly went with over a year ago. It's fabulous, almost identical to Mandrill in how to connect (via SMTP at least) and I was able to get my first two sites converted in very little time. I have just asked their support people to confirm what I have read, that the pricing model is perfect for low volume, transactional email of the type I need (around 300 to 500 per month across all the sites I work with). The pricing is NOT the same as the proposed new Mandrill pricing but is like the 'old' Mandrill pricing, awaiting confirmation but it looks like I will use less than 5,000 credits a year and that will cost just $7.50. So for me that's $7.50 rather than the proposed Mandrill/MailChimp pricing on 12x$20: $240. As soon as I have completed the conversion of my other sites I will post here with tips on what I needed to do to use Postmark as a near-drop-in replacement for Mandrill (it's east but I found a few steps that helped). PS: Looks like the first 25,000 emails are free too.

Hi guys, I have just released an update to version 3.2.2 on Github. It fixes the security issue with the CHMOD, the problem with many files and has a better detection of changes to files. Sorry that it took so long. But we currently have a lot to do. The module will continue maintained. AIOM4 is on the to-do list. Best regards, David

http://ukmoths.org.uk Hi, I launched this back in late 2015 but just decided to post it here. It's a complete rebuild in ProcessWire of a site that's been running and growing for at least 15 years in one form or another. The site aims to illustrate all of Britain's moths (not quite there yet!), and despite the obscure subject matter, gets quite a lot of traffic. Hence I've used ProCache to keep things snappy and I'm pleased with the performance. There are over 7000 photos on the site. I should say that the design is not mine, but a purchased template. It took a while to find a template that I thought could portray these under-appreciated creatures in a good light. The most challenging aspects were importing all the data and images from the old system, and getting aspects of the search to work in the way I wanted. The best part is that it's so much easier to add new content! Thanks for ProcessWire, and thanks Ryan and everyone else in the forums! Cheers, Ian.

the blog i setup for 2 of the above has a lot of standard blog features like categories, tags, archive, feeds, comments etc; it was no small effort to set that up, but once i had the basic setup i reused the code; i didn't use the blog module, since i predicted that they would actually never use it, and i didn't have time at that phase to integrate a module, i just did it quick with pages and page selects..

If you want to use the values sent as.. email value use $sanitizer->email name for a ProcessWire page that you don't care if it has upper case letters use $sanitizer->name. Name is used to build your url so this will be my-Upper-Case-URL name for ProcessWire page that is more friendly $sanitizer->pageName so url will be my-lower-case-url a valid selector string use $sanitizer->selectorValue a valid string for a ProcesWire page $sanitizer->text etc Unless you are a developer (and even then this is rare) you will not need $sanitizer->fieldName or $sanitizer->selectorField. Note, you are not limited to using the above according to my examples. For your own needs, you may want a string to be cleaned to remove dashes, etc. So, you can use $sanitizer->name in that case... If the above still doesn't make sense...I'll eat my hat

You can tell what the unexpected page is by outputting the contents of children() rather than just outputting the count. foreach($pages->get(1)->children) as $n => $child) echo "<p>$n. $child->url</p>";