Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 06/02/2021 in all areas

  1. As your site is essentially running stateless (without cookies or possibly having state encoded into get values holding IDs etc) and no operations require authentication, I think there's very little risk for you. If it's just a contact form or something of that nature, I am happy to (and do) turn off the CSRF protection and then add a honey-pot field + Turing test field to deal with spam. Zero spam so far. I can PM you a link to a site set up like this if you want to take a look. Check out OWASP on CSRF for more information.
    3 points
  2. Thank you for the perfectly comprehensible explanation! Not only does this solve the problem, but I see that it's a setting I can adjust form-by-form, in case I need something more complex in other contexts!
    2 points
  3. @johnstephens Ok, so it's still your function (closure) so it's probably not being overwritten, and that seems right. DV-JS's point is really good. You need to turn off CSRF (≠ XSS) protection in your form's settings as anything that uses $session->CSRF will turn on the session cookie again. See the documentation for the sessionAllow variable in wire/config.php for more information.
    2 points
  4. What I've found out, that if you have a Form builder form on your site, a cookie will be set even with the config setting mentioned above. To avoid this you have to disable the cross site scripting protection.
    2 points
  5. Don't mess with @teppo. He sees and knows almost everything and therefore we love him so much (but don't tell him). Thank you as well for your module. This might and will be a great addition for a lot of us.
    2 points
  6. Have you looked at the structure of the PW database? If not, it's quite easy to understand, and you may find that storing comments would be a lot "cleaner" than you expect. Essentially, the data for each field is held in a separate table, so the comments would be quite distinct from other data. If you'd be happy with the database structure, it'd at the very least save you what I imagine would be a huge amount of work!
    1 point
  7. I'm sure it'll be mentioned in the posts you'd find following @bernhard's link, but I'd draw your attention to another module also worth looking at: https://processwire.com/modules/batch-child-editor/ - particularly the Add mode, which can import CSV.
    1 point
  8. @Rudy are you able to provide any example on how you may paginate array to prevent long execution times? I have done imports before, but when the data get's too large it can take a while to load. How would you automate the pagination without also running into long execution times?
    1 point
  9. Thank you, netcarver! I grepped my whole site directory for "sessionAllow" earlier and couldn't find anything. I just had a chance to dump $config into ready.php and here was some of the session-relevant output: <!-- ["sessionAllow"]=> object(Closure)#6 (1) { ["parameter"]=> array(1) { ["$session"]=> string(10) "<required>" } } ["sessionChallenge"]=> bool(true) ["sessionFingerprint"]=> int(1) ["sessionForceIP"]=> string(0) "" ["sessionCookieSecure"]=> int(1) ["sessionCookieDomain"]=> NULL ["sessionHistory"]=> int(0) -->
    1 point
  10. Since you're working on a PW environment, you should probably use PW's WireArray and Paginated Array API.
    1 point
  11. Hi @adrian, Do you think that it would a good idea to add options for some automatic pruning and cleanup of the log files and exception HTML files that Tracy writes to /site/assets/logs/tracy/? It doesn't occur to me to look in this folder very often for remote sites, but I see that error.log in particular has the potential to grow quite large. For instance on one site I have around 50,000 lines in error.log, most of which relate to minor issues in an older version of Tracy itself... "Undefined offset: 0 on line: 11 in Tracy Console Panel" (this seems to be resolved in newer versions because I'm not seeing it recently) ...or possibly relate to issues in the PW core... "PHP Notice: Undefined index: path in .../wire/core/WireInput.php:985 @ https://mydomian.com//xmlrpc.php?rsd" (does this look like a core issue to you or is it related to Tracy error screens?) So far I haven't had any real problems with either the size of the Tracy logs or the number of exception HTML files but if these have the potential to grow indefinitely then perhaps it could become a problem in some cases if users don't remember to check the Tracy logs directory. If you decide it would be worthwhile to have options to automatically prune the Tracy logs then maybe it would make sense to have these logs conform to the file extension and delimiters used by the core PW logs, and that way you could make use of the prune methods in WireLog.
    1 point
  12. It's a little thing, but would it be possible to create images without the .-pim2- part? Currently: original.jpg becomes: original.-pim2-prefix.jpg I'd prefer if it became: originalprefix.jpg
    1 point
  13. Most of us know and use site/config-dev.php file. If present, it is used instead of site/config.php, so it is easy to set database connection and debug mode for local development, not touching the production config. It is also very useful when working with git. You can simply ignore it in the .gitignore file, so local settings won’t end up in the repo. But sometimes you need to add code to site/ready.php or site/init.php just for the dev environment. For example, to add ryan’s super cool on demand images mirrorer. I can’t live without it when working with big sites, which have more assets then I want to download to my desktop. It would be great if there was something like site/ready-dev.php for this. Not out-of-the-box, but it’s pretty easy to achieve. Unlike site/config-dev.php, site/ready.php is not hardcoded. It’s name is set with a special config setting: // wire/config.php $config->statusFiles = array( 'boot' => '', 'initBefore' => '', 'init' => 'init.php', 'readyBefore' => '', 'ready' => 'ready.php', 'readySite' => '', 'readyAdmin' => '', 'render' => '', 'download' => '', 'finished' => 'finished.php', 'failed' => '', ); As you can see, we can not only define, which files are loaded on init, ready and finished runtime states, but probably even add more if we need to. So we override this setting in site/config-dev.php like this: // site/config-dev.php // Change ready.php to ready-dev.php $temp = $config->statusFiles; $temp['ready'] = 'ready-dev.php'; $config->statusFiles = $temp; For some reason we can’t just do $config->statusFiles['ready'] = 'ready-dev.php'; and have to override the whole array. Maybe you PHP gurus can explain this in the comments. Now we can create the site/ready-dev.php file and place all the dev-only code there. Important thing is to include the main site/ready.php. // site/ready-dev.php include 'ready.php'; // DEV HOOK TO MIRROR ASSETS ON DEMAND $wire->addHookAfter('Pagefile::url, Pagefile::filename', function($event) { $config = $event->wire('config'); $file = $event->return; if($event->method == 'url') { // convert url to disk path $file = $config->paths->root . substr($file, strlen($config->urls->root)); } if(!file_exists($file)) { // download file from source if it doesn't exist here $src = 'https://mysite.com/site/assets/files/'; $url = str_replace($config->paths->files, $src, $file); $http = new WireHttp(); try { $http->download($url, $file); } catch (\Exception $e) { bd($file, "Missing file"); } } }); Do not forget to replace "mysite.com" if you’re copypasting this)) Now, add the newly created file to the `.gitignore` and we’re done. # .gitignore # Ignore dev files site/config-dev.php site/ready-dev.php Thanks for reading!
    1 point
×
×
  • Create New...