Leaderboard

Site/System admins: If you are running any PHP-based site on Nginx using the php-fpm back-end, please be aware of CVE-2019-11043 [see 1]. This vulnerability potentially allows remote code execution on your site by simply sending it a specially crafted URL. Nextcloud have released this page and suggest upgrading your versions of PHP immediately. Minimum safe versions of PHP are: 7.1.33 7.2.24 7.3.11 I heard of this from the Security Now podcast - but the bug has been around for a few days and there is exploit code on github. A brief read through the details of this in the Security Now show notes [3], alongside the Nginx configs posted here in the forum [4] makes me think that this is relevant, and the need to upgrade is pressing. Please note, this is not specifically a flaw in ProcessWire but some of the technology it can be run on. [1] https://meterpreter.org/cve-2019-11043-php-fpm-arbitrary-code-execution-vulnerability-alert/ [2] https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ [3] https://www.grc.com/sn/sn-738-notes.pdf page 9 [4]

I have also used Eleventy to convert some sites to static, used together with Netlify to automate the build and deploy process. It's also a great tool if you need to just generate some complex html (or actually any type of textual document). I even used it to generate .NET model files based on a list of properties to save time.

If anyone hasn't seen it, https://www.11ty.io is pretty amazing for static sites, it gets a lot of things right in my opinion. Much less opinionated than other static generators, allows swapping template languages on the fly throughout or on a page by page basis, and the systems for page data are super powerful and flexible. I just build a startup marketing site with it, a few of the cool things I did were: read filesystem and parse image files to create a globally accessible images object with width, height, ratio data for use with mixins to ouput lazyload containers; parse a csv file to build a really complicated pricing table... no more client requests to change wording on x row, they just edit a google doc I set up for them, I download and drop in the assets folder, rebuild and done!

As far I can see it is possible to change it in the DB. After a quick research I couldn't find any place where this would cause problems (maybe in 3d party modules?). But still I wouldn't do that. If you just want the value for the label, why not taking it from the homepage name, representing the language in the url. foreach ($languages as $l) echo $pages->get(1)->localName($l);

@Rob(AU), glad to hear you've got something working. Something to think about though: seeing as each portfolio page may have multiple tags, what happens if a user opens a portfolio page in a new tab via "tag=foo" and then the same portfolio page in a different tab via "tag=bar"? You only have a single session variable for the tagged pages so these will overwrite each other, and the portfolio page doesn't "know" which tag it is being viewed under. I think it would be better not to use session but to pass the relevant tag as a parameter in the URL. So you would write link URLs to portfolio pages under tag "foo" like "/path/to/page/?tag=foo" and under tag "bar" they would be "/path/to/page/?tag=bar". Then in your portfolio template you would have some code like this: // Initialise some null pages as fallback $prev_page = new NullPage(); $next_page = new NullPage(); // Get the tag from $input if any $tag = $input->get->text('tag'); // If there is a tag if($tag) { // Get the IDs of portfolio pages with this tag - assumes a tag field named "tag" // It's more efficient to just get the IDs rather than the full Page objects, especially if there are a lot of portfolio pages $tagged_ids = $pages->findIDs("template=portfolio, tag=$tag"); // Get the position (key) of this current page in the array $page_position = array_search($page->id, $tagged_ids); // Get the previous page if any if(isset($tagged_ids[$page_position - 1])) { $prev_page = $pages($tagged_ids[$page_position - 1]); } // Get the next page if any if(isset($tagged_ids[$page_position + 1])) { $next_page = $pages($tagged_ids[$page_position + 1]); } } And where you want to output the prev/next links: <?php if($prev_page->id): ?> <p><a href="<?= $prev_page->url ?>?tag=<?= $tag ?>">Prev page</a></p> <?php endif; ?> <?php if($next_page->id): ?> <p><a href="<?= $next_page->url ?>?tag=<?= $tag ?>">Next page</a></p> <?php endif; ?> This way each portfolio page knows the tag it is being viewed under, and it means you can do things like share a link to a portfolio page such that the tag is specified.

SnipWire - Snipcart integration for ProcessWire Snipcart is a powerful 3rd party, developer-first HTML/JavaScript shopping cart platform. SnipWire is the missing link between Snipcart and the content management framework ProcessWire. With SnipWire, you can quickly turn any ProcessWire site into a Snipcart online shop. The SnipWire plugin helps you to get your store up and running in no time. Detailed knowledge of the Snipcart system is not required. SnipWire is free and open source licensed under Mozilla Public License 2.0! A lot of work and effort has gone into development. It would be nice if you could donate an amount to support further development: Status update links (inside this thread) for SnipWire development 2020-07-03 -- SnipWire 0.8.7 (beta) released! Fixes some small bugs and adds an indicator for TEST mode 2020-04-06 -- SnipWire 0.8.6 (beta) released! Adds support for Snipcart subscriptions and also fixes some problems 2020-03-21 -- SnipWire 0.8.5 (beta) released! Improves SnipWires webhooks interface and provides some other fixes and additions 2020-03-03 -- SnipWire 0.8.4 (beta) released! Improves compatibility for Windows based Systems. 2020-03-01 -- SnipWire 0.8.3 (beta) released! The installation and uninstallation process has been heavily revised. 2020-02-08 -- SnipWire 0.8.2 (beta) released! Added a feature to change the cart and catalogue currency by GET, POST or SESSION param 2020-02-03 -- SnipWire 0.8.1 (beta) released! All custom classes moved into their own namespaces. 2020-02-01 -- SnipWire is now available via ProcessWire's module directory! 2020-01-30 -- SnipWire 0.8.0 (beta) first public release! (module just submitted to the PW modules directory) 2020-01-28 -- added Custom Order Fields feature (first SnipWire release version is near!) 2020-01-21 -- Snipcart v3 - when will the new cart system be implemented? 2020-01-19 -- integrated taxes provider finished (+ very flexible shipping taxes handling) 2020-01-14 -- new date range picker, discount editor, order notifiactions, order statuses, and more ... 2019-11-15 -- orders filter, order details, download + resend invoices, refunds 2019-10-18 -- list filters, REST API improvements, new docs platform, and more ... 2019-08-08 -- dashboard interface, currency selector, managing Orders, Customers and Products, Added a WireTabs, refinded caching behavior 2019-06-15 -- taxes provider, shop templates update, multiCURL implementation, and more ... 2019-06-02 -- FieldtypeSnipWireTaxSelector 2019-05-25 -- SnipWire will be free and open source Plugin Key Features Fast and simple store setup Full integration of the Snipcart dashboard into the ProcessWire backend (no need to leave the ProcessWire admin area) Browse and manage orders, customers, discounts, abandoned carts, and more Multi currency support Custom order and cart fields Process refunds and send customer notifications from within the ProcessWire backend Process Abandoned Carts + sending messages to customers from within the ProcessWire backend Complete Snipcart webhooks integration (all events are hookable via ProcessWire hooks) Integrated taxes provider (which is more flexible then Snipcart own provider) Useful Links SnipWire in PW modules directory SnipWire Docs (please note that the documentation is a work in progress) SnipWire @GitHub (feature requests and suggestions for improvement are welcome - I also accept pull requests) Snipcart Website ---- INITIAL POST FROM 2019-05-25 ----

Dear Community, Since I upgraded my local installation of MySQL to 8.0.17 (stable) I get all kinds of errors in the frontend of a installation. My selector is $pages->find("template=show,date_show_to=,sort=-date_show_from") and I get the error SQLSTATE[HY000]: General error: 1525 Incorrect DATETIME value: '' so it is somehow not possible anymore to search for empty datetime fields. My my.cnf mode sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ALLOW_INVALID_DATES,NO_ENGINE_SUBSTITUTION But I already tried with sql_mode=STRICT_TRANS_TABLES,ALLOW_INVALID_DATES,NO_ENGINE_SUBSTITUTION Any ideas?

Thanks. sanitizer->textarea would be an option, (but it is without mercy when it comes to cut off words) This forum thread didn't continue and no bug report was made. I will.

Thankfully I was able to resolve my own issues here. I'm not sure what went wrong with my initial setup on the development server, but I purged the /site/ side and database, and re-started the migration and CKEditor no longer logs me out of the site. With that resolved, I was quickly able to exonerate Jumplinks and Page Protector of any blame for the http links issue. After some more investigating, I began testing parts of my .htaccess file and quickly found the source of the matter. ... RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR] ... RewriteRule ^(.*)$ - [F,L] The condition comes from a set of rules used to block MySQL injections and other forms of query-based attack, and it was unfortunately interfering with how ProcessWire transitions from the CKEditor to its link editing modules. Simply commenting that line out (with a # at the start) fixed the issue on both servers.

Thanks @teppo realised I'd posted in the wrong forum and didn't know how to change it

I use the default name and make a substr with only the first two characters. Works for "de" and "en", but probably not for every language. ?

Thank you, I'm glad it's useful to you and thank you for your donation. ? Unfortunately, cross-copying is not possible because at the point where you initialize the copy, the module does not know the name of the other field. So it can only read the current name of the matrix field and use this name when copying to the target. I'll think about whether you can introduce an option to select the target field before copying. But I think there is a lot of potential for errors when copying. So first of all, unfortunately not possible at the moment. BTW, @ryan, the module has been in checking for the module directory for several months now and has not yet been released. Does this module bother you in the context of a free extension for your ProModule?

Not a problem — I create (and/or manage) around 20-25 sites a year. These are tiny, 1-5 page promo sites, all with bespoke, one-off design, and are either fully static, or connecting to a single "registration" system (which is atm running aforementioned PW). 90% of these are for an event, or an event series, so they start, last a while, and end anywhere between two months and half a year. I'm the only person editing them, and most of the edits happen straight in code. ATM, they are 99% built on Eleventy - https://11ty.io, and the fully static ones are built and deployed via Netlify, and the ones which are connecting to the registration system (via tiny bits of PHP) are deployed from the Github CI/CD to our own servers. I also (actually started this year) created/manage few long-term sites, which I've build on Kirby — It's basically a spiritual brother to ProcessWire, but fully file based, so it fits my development process better - I can sync the website up and down fully with git, without any need for managing the database. As for the system itself, I'll write up a blog post about it (probably) when I finish it, so I can post it here / send it to you later, but the short of it is I'm moving it to Laravel due to builtin support of PostgreSQL, queues and testing, and the rewrite will allow me to introduce a couple of design changes to overall system, which would actually be possible with PW as well (probably…), but if I'm going for a rewrite, I might as well go full rewrite.

UPDATE 2019-08-08 The module has made hug steps forward and we are nearing a first beta release version. So for those of you who are interested, I wanted to let you know what happened in the meantime ? The dashboard interface was refined. Currency selector for switching dashboard currency (based on your currency fields) Added dashboard sections for managing Orders, Customers and Products Added a WireTabs interface to easily switch between the different dashboard sections. Orders, Customers and Product-details are opened and edited in ProcessWire Panels Added further properties to SnipCart product anchors like: categories, product dimensions, weight, and so on. Added field selector to SnipWire settings for choosing the desired field (FieldtypePage) to be used for categories handling. Refinded caching behavior. *) *) the proper caching of SnipCart data fetched through their REST API is giving me headaches. I'm still not sure what to cache and how long. For example, think of retrieving the list of purchase orders and creating a pagination. Every single page has to be cached. What if new orders are added when flipping backwards? Then the page numbers could get out of hand. (this only as an example). As SnipCart has relativ slow API response times (about 1.8-2.5 seconds for a request), I'm even thinking about developing a separate background job runner which continuously fetches data from SnipCart and caches it locally. Our SnipWire module could then only use locally stored data only. What needs to be done: As SnipCart has a totally broken presentation of multi currency values in it's dashboard (for example: they simply sum up order values in different currencies!) I need to calculate performance values manually. And this will be a huge job as the data comes from different REST API calls... Orders, Customers and Products detail editors (order status update, setting the order tracking number, add metadata information, creating notifications on the specified orders, ...) Order refunds handling through the SnipWire dashboard Integration of external shipping providers Integration of external taxes providers Subscription handling through the SnipWire dashboard Discount creation and handling through the SnipWire dashboard Documentation, documentation, documentation! and much more ... Here are some fresh screens:

I've rebuilt my portfolio site with Eleventy static site generator and it was a joy to work with. It's node js based and you can use markdown or a bunch of template engines. I went with nunjucks which has very similar syntax to twig or latte and supports template inheritance, layouts, filters, etc too. As it's based on node you can use all the available npm packages, eg for filters. Data can be set at global, directory or template levels (json, js or md formats), which is very handy. Pagination, urls and collections are very versatile, you can tweak it to your likings. It has a built in --serve switch that starts a server and watches for changes which makes checking changes is convenient. And its very fast, takes for my 30 page site about 3-5 seconds to rebuild. It took some time for me to get some features to work, sometimes I ended up filing a ticket at GitHub. That said it's not perfect but the development is active so bugs are probably be fixed soon. This was my first project in it but if I look back many of my projects could use it (or other SSG), where there's no need for admin and forms. This site was in WordPress and I planned to replace it PW, but Eleventy was a greater challenge to try. Now the whole site is under 4 Mb, previously it was 109 + the DB. Of course size does not matter much but I like to keep things at the bare minimal. It has high pagespeed values which I could tweak to get 100/100 (gtmetrix 100/95, with the only issue of not having a cdn), but reverted those tweaks for a simpler development flow. http://rolandtoth.hu/portfolio/ https://www.11ty.io

Alan, it will not mix up sessions, but it is less secure in regard of session steeling possibilities. If this is a special device with a known Useragent, I would suggest dynamicly disable sessionFingerprint only for that UA. something like that in the site/config.php: if(isset($_SERVER['HTTP_USER_AGENT']) && 'StringOfTheProblematicUserAgentHere' == $_SERVER['HTTP_USER_AGENT']) { $config->sessionFingerprint = 0; }