Leaderboard

To be fair it's kind of cheap to blame this particular issue on WordPress. An unrelated vendor was compromised, which is something that could happen to pretty much any platform out there. In this sense ProcessWire isn't much (if any) safer at its core. Just saying. If there's a lesson here, it's probably that "anyone can be compromised". This was a vendor considered trustworthy by hundreds of thousands of users, after all. And perhaps another lesson might be that "relying on third party vendors can be an issue" — although writing every bit of code yourself isn't exactly a silver bullet either ? (In the video above they also put plenty of blame on PHP as a programming language, argue that the issue is due to WordPress being "pretty old" — like new software was inherently more secure than actively maintained older software — etc. There were some valid points there as well, but blanket statements like that... ugh ?)

I use the tools that ProcessWire comes with. I spent a lot of time making them simple and easy to use, and that's what I like to use. Just as an example, let's say that I've got a website and a client wants to add a full featured blog to it. I'll develop it on my local copy of the site and it might involve creating several fields, templates and template files. I'll take a day or two to develop it and when it comes time to migrate the finished work to the live server, that's the fun part, but there's not much to it: Create or export/import the new fields on the live site first, then do the same for the new templates. Copy the new or updated template files (and related CSS/JS assets) into place. Create or export/import the pages needed by the blog, and it's done. A blog is just an example but it's the same as any other update. It's a painless process that always goes quickly and smoothly. This part of it takes maybe 5 to 10 minutes and is one of my favorite parts of the project, like driving a new car and then seeing it for the first time in your driveway. I like to oversee this part of any project and have no need to optimize it further so guess I'm not the target market for add on migration tools. That's correct, it would be fairly straightforward.

My mistake! You are right, it works as perfectly. It also works for align_center, of course. Simple and brilliant. Problem solved. Thank you, you applied a lot of effort and time to crack my problem. (my silly mistake: I was injecting in Firefox ".align-left" instead of ".align_left") Thank you again! Community is a wonderful thing.

@howdytom If you rename the WebAuthn modules folder it will disable it temporally and bypass the Tfa requirement. That is the simplest method and if you reinstall (simple as just clicking the refresh button under the modules menu) users that had WebAuthn enabled before will have it re-enabled (unless they change their profile settings) As for additional recovery options you can always buy a spare security key and keep it in a safe place if you loose you other keys. A superadmin can always disable it for users as well and also set it up for them via the users page so if your the developer of site and your client cant log in you can simply disable it for them etc. thats a core ProcessWire feature that works for any Tfa plugin The is no like OTP alternative as I think that should be a core feature of ProcessWire. Multiple TFA methods per user. As it stands you can only setup a single Tfa method Hope that helps

@howdytom Glad it is working out well for you ? Webauthn is indeed faster than old U2F was as its more native to the browser/OS Not a problem I couldnt let one of the best forms of two-factor just die because of a change to how these security keys are done. Webauthn was only a year old when I made the first U2F module. It's far superior though as you can see so was worth it to redo it.

TextformatterRockHeadlineIDs Textformatter that applies id attributes to all headlines (h1-h6) in the markup field. // input <h1>This is my headline</h1> // output <h1 id='this-is-my-headline'>This is my headline</h1> Download & Docs: https://processwire.com/modules/textformatter-rock-headline-ids/ https://github.com/baumrock/TextformatterRockHeadlineIDs PS: There is a similar module I didn't know about before:

After doing a quick check I assume that was it (multilang issue). Here's a new version that will only output the QR Code in the user's language if it's a guest. Please note you'll still have the two QR Codes if you're logged in. I will think of something to help with the output, something like a ->get() to output a specific source and/or language.

Maybe I am missing something, but I don't understand how anyone used it without fixing this issue: https://github.com/ryancramerdesign/DynamicRoles/issues/14 -it's an easy fix I made when I was testing it, but I decided it wasn't for me, especially for projects with a lot of pages, because of how it stores the IDs pages, IIRC.

I actually find that ProcessWire plays pretty well with Git, certainly in comparison to WordPress. The main thing is to avoid installing modules via the admin UI (just download the module and put it in your repo). And of course exclude /assets/ from the repo (PW conveniently keeps all of this together). It would be nice to be able to exclude the wire folder and have Composer handle that instead, but I don't find it that big of a deal to keep the wire folder in Git. In the very rare case that a direct core mod is necessary for a project I'm working on, it's good to be able to make that change and commit it to the repo. The ability to maintain a master configuration file containing all of the meta data for the templates and fields in a project and to be able to put this into version control would be a real game changer, though. This is a real pain point we're running into on a lot of our projects, especially now that we have a couple systems that have multiple deployments and multiple developers working on them. Since we already have JSON export for templates and most field types (the options field export/import is still not fully functional), it doesn't seem like this is too far off. Maybe PW could cache a copy of the JSON configuration file and then if it gets updated externally, show a message in the admin that there are pending field/template changes to be applied, allowing the user to apply these changes with a single click. If it makes it easier/cleaner, there could be 2 config files, one for fields and one for templates (and maybe another for modules?) I'm curious how other systems handle this under the hood. Edit: Here's how Craft CMS does it: https://craftcms.com/docs/3.x/project-config.html#propagating-changes This sounds a lot like what I'm thinking. The command line option for applying changes is also a great idea since some changes could take a while to apply on large projects.

I came to this thread by coincidence: It was very popular back then. But I've never heard of anybody using dynamic roles over the last few years. Is anybody using it and want to share the "why" and "how"? ?

The regex solution you mention only strips paragraphs containing a single non-breaking space, aka. &nbsp; aka. &#x00A0;. Do you really only want to remove the surrounding <p> tags? It’s likely to become a mess if you have more than one paragraph. To get rid of all <p>s a bog-standard str_replace should do the trick, I imagine. Unless there are arbitrary attributes on it, for example.

Not tested, but Whats about the php function trim()? I would trim <p> and </p> from your fieldcontent. (sorry, onmobile)

Haha, I did the exact same thing at first ? Glad it’s working for you

@Adam Thank you for your in-depth reply. Perfect. That is a solid solution, even though I have never experienced any issue with your TfaU2F and TfaWebAuthn module and 3 Yubikeys. I do prefer the native ProcessWire way :-)

Hmm, what is the expectation? It looks fine to me if I inject my snippet into the CSS: This is in Firefox, but I also tested in Edge. Edge doesn’t show whitespace above the link’s underline, but that’s a line-height issue. When done this way, the image’s size can be controlled using only the width attribute set in CKEditor. If you set width=100 it looks like this:

I wondered if anyone has seen this and maybe has a fix? After editing Page templates are saved but code updates do not update the rendered immediately, even with a hard refresh of the page (shift+refresh). It seems to cache the page for a few mins (3-4) regardless of PW / MAMP cache settings. This applies to rendered HTML, rendered PHP variables and site_debug errors. I'm experiencing the same thing on Google Chrome Firefox. PW 3.0.184 Anyone else seen this and / or found a fix?

OK, I found the problem. OPCache was enabled in the new version of MAMP Pro. Just turned it off and everything refreshes as it should. Hope that helps someone!

Excellent! Please post (start a new topic) in this new support board whenever you are ready, thanks.

Try: .align_left { display: block; width: min-content; } .align_left > a { display: block; width: max-content; } This will only work if the <img> is wrapped inside an <a>.

@Adam, That is fantastic! I gave TfaWebAuthn 1.0.0 a try. I am using your module on 3 ProcessWire sites. This was such an easy and seamless transition! I have successfully added two Yubikeys. It took less than 1 minute to setup. What I noticed is that the authentication process is much faster using Yubikey. Excellent piece of work! Thank you so much for providing a solution before February.

Looking at my commit log on the folder it seems I had made that edit manually as well. I'm certainly with you on the storage. In the end for our system it would've been much more useful for pages to be assigned/tagged a customer and have access matched by assigned customers for users instead of matching drole to individual pages.

I don't think you can rely on Omnipay for all but it may be okay for some. A warning sign for me is the age of some of the open issues in the Omnipay PayPal repo: https://github.com/thephpleague/omnipay-paypal/issues and the date of the last commit being quite a while back. A few other Omnipay modules have similar issue lists. PayPal and Stripe I imagine are going to be the two most common and have pretty good docs and vaguely similar interfaces (they both suggest the JS checkout - PayPal are starting to direct developers that way and are using wording suggesting the old ways of initiating the payment are becoming legacy though I can't remember the exact docs). Both have the PHP libraries for manipulating payments after the transaction is in their systems which is fine as I believe they're all trying to make the PCI server compliance issue go away by the card data never being on your server. Even Worldpay has gone JS + PHP now with a similar implementation from what I've briefly seen of their docs. I would think that if any were to be officially supported as part of the project it would be PayPal and Stripe as the two most common. PayPal is still going to be more common than Stripe sadly so probably that as the first one. I do agree with the Omnipay approach of a common interface, so perhaps if these were the first two and @kongondo you took inspiration from how they've done it in terms of the common interface, then those devs capable of writing additional payment modules can use the same approach. Or perhaps because this is such a critical piece of the puzzle it needs collaboration right from the start with those with a lot of experience with payment libraries - I'm not sure - but that wouldn't be me (I just follow the provider docs and if it works it works ? ).

Cool site! There are obviously all kinds of ways to achieve the desired result with CSS. I’m not the best person to ask because I have no experience with CKEdit. The easiest CSS-only way would be to give .align-left the desired width, like maybe 30%, and set the img to width: 100%. No need for display: table, imho (indeed, if you do this, you should remove display: table and table-row). This would however prevent you from having different widths for left-aligned images, which may or may not be what you want.

My question is about the appearance of images and captions (inside a figure element) in the frontend. As far as I know, CKEdit has a different mechanism/styling and I'm not worried about it. Of course, if I take the trouble to manually insert an image and a caption inside a table, and configure the table, etc., the problem goes away, but... isn't it the automatic procedures and machine help what we are all hopping for, for the sake/save of time and work? My relevant CSS: .align_left { /* for images placed in rich text editor */ float: left; margin: 0 1em 1em auto; position: relative; top: 0.5em; max-width: 50%; } .align_right { /* for images placed in rich text editor */ float: right; margin: 0 auto 1em 1em; max-width: 50%; } .align_center, .align_center img { /* for images placed in rich text editor */ display: table; margin-left: auto; margin-right: auto; /*position: relative;*/ /*top: 0.5em;*/ } figure { display: table; /* width: 1px; */ margin: 1em auto; } figure.featured_image { margin: 0; width: 100%; } figure img { display: table-row; /*margin-bottom: 0.5em;*/ } figure figcaption { display: table-row; font-size: smaller; color: #777; line-height: 1.4em; } .align_center figcaption { text-align: center; margin: auto; } The base site is https://cadpp.org/ . It is meant to be a very simple (simplistic?) site, without bells and whistles. An example of the problem I'm trying to report would be https://cadpp.org/artigos/a-mundializacao/#this-is-bad-graphics Please note that I will undo this image caption example as soon as possible, because it is breaking my page. Before preparing this example for you, and in order to turn around the problem, I manually broke the caption into 3 lines, using <br/>. Also notice that the only thing preventing the caption from occupying all the container width is the fact that I added a limit to the right|left-aligned images in the CSS file (max-width: 50%;).

I still use it. I do have one workflow thing I do where I add a "keyword list" textarea field below the keywords as the SEO tool we use to generate lists of keywords for subjects spits them out one per line, so we copy and paste that into that textarea and on save I turn it into a CSV string and put it in the proper keywords field. Sounds a bit lazy but one site had hundreds of articles. I may also need to build a Y0ast-like page score module at some point soon too, though I think those things can be misleading as much as they can be helpful.

Templates have a modified property, but fields don't. This might be a useful and simple core feature to implement that could make it easier for anyone wanting to track changes. The Templates Export function shows the modified field, but it's sorted by template name. For quick manual exports, having the option to sort by modified timestamp would be an improvement. Once fields have a modified property, they also need to have the option to have the export function list them by modified timestamp. I see the base Wire class that everything else in the core extends has change tracking properties and methods, although currently there doesn't seem to be any built in method to enable persisting that with fields and templates when they're changed via the UI. Up to date, I haven't really required the sort of version control others are discussing, but I have a couple of sites now, where I'm looking at bundling up functionality as modules for automated deployment to other sites, and the manual exporting of fields and templates doesn't really cut it, but I've built my data structures via the UI, so having an efficient way to convert that to code that can be used for multiple deployments would be useful. With Visual Studio, I'm used to working with the option of using either visual designers or declarative code to build apps, and either way end up with code that can be included in version control.

+1 +1 Could be a good first (or next) step towards automated file based migrations with rollback feature! ?

The JSON that this feature generates for import/export mostly works for me, however the issue is having to manually select fields/templates via the UI. I notice that templates include a timestamp for when they were changed in the data field of the templates table, but fields don't. If both did, then it should be possible to get fields and templates that have changed since the last build time of a module or template. I use the admin UI, and don't want to write more code than I have to. Specifying what fields and templates that a module depends on in code and letting the system pull a config file with the definition of those fields and templates from the database would be UI friendly, but not rely on having to remember what fields or templates are required for a specific purpose, but not require much code either. This is similar to a database first workflow I have with SQL Server and ASP.Net Core. I can reverse engineer any tables I want from SQL Server to get a class definition, so I don't need to worry if the definition of something was manipulated outside my code; I can always grab the current definition without having to write any code. For those who have a licensed copy of Padloper 1, it's interesting to see how it creates the fields and templates it needs. It appears to be using JSON files based on the field and template import/export feature, but has its own code to import them. With a timestamp and possibly a version number added to the data in the fields and templates table, I wonder if that would make a hybrid UI/code based update model easier to work with? Of course for more complex migrations, RM is more capable, but I wonder if even there, it can grab the field and template definitions if they're exported as JSON?

We're in the last steps of phasing out the project I was using it on. Most parts had been replaced years ago since we moved away from processwire with that project. The module's approach to access is nice, but iirc there were some bugs in the master implementation and we actually would've needed a bit more flexibility out of it (still needed code to create those dynamic roles). I'd still suggest it over expensive runtime access checks if it aligns to a projects access setup. We've been using it because our access was not only scoped by roles, but also by customers. So a manager would only have access to manager pages, which belonged to a customer assigned to that manager. Customers weren't static, but also defined by pages within the system. Things also weren't segmented into individual page trees, though iirc the modules for segmenting by page tree didn't exist at that time as well.

Okay guys I have worked all day on this https://github.com/adamxp12/ProcessWire-TfaWebAuthn A total rewrite essentially moving over to WebAuthn. I Invite anyone to test this out I will publish it to the modules site probably tomorrow as long as no one has any major bugs I have missed in my testing. @Pete You can add a physical security key in addition to Windows Hello. but you can only setup one instance of Windows Hello/Apple Touch ID at a time because of that ProcessWire Tfa limitation but NFC keys will work on iPhone now where they did not before so a YubiKey with NFC will work virtually everywhere. I would assume if you enrolled your Android phone via USB it will work on-device too in the browser but I do not have an Android device to test that.

Sorry for missing this question — and no, it doesn't seem like intended behaviour. I've made some adjustments to the latest version, 0.30.4, that should make things better in this regard. At least it helped with these exact terms (business/businesses/businessmen) in my limited tests. Please let me know if this doesn't work, or if it makes things somehow worse, though ?

@adrian I went ahead and added very basic tab support. Thanks for the nudge. If you want to give it a try, feel free to check out the tabs branch of the repo. Theoretically it supports nesting tabs inside groups and vice versa, however it's largely untested so let me know if you run into trouble. I'd like to do some more testing before releasing a new version. wire()->addHookAfter('Dashboard::getPanels', function ($event) { $panels = $event->return; $tab1 = $panels->createTab(['title' => 'Lorem ipsum']); $tab1->add(/* add panels here */); $tab2 = $panels->createTab(['title' => 'Dolor sit amet']); $tab2->add(/* add panels here */); $panels->add($tab1); $panels->add($tab2); });