Leaderboard

News: "...npm got rocked by a record-breaking exploit..." https://youtu.be/QVqIx-Y8s-s And self-driving cars, AI agents, refrigerators, cat feeders, and who knows what else are and will be based on code written by who knows who...

The logs directory definitely does NOT need 775. See https://processwire.com/docs/security/file-permissions/#permission-755-for-directories-and-644-for-files 755 is the least restrictive recommendation and as ryan notes if it can be locked down further its recommended to do so. If it only works for you with 775 that's a good and a bad news: good: you know that permissions are the issue bad: you should fix it properly to make it work with 755 ...which should be the case if the webserver runs as the same user that owns the directory and log files. You might want to talk to your hosting company if you are not hosting it yourself.

@ryan still none of my paid modules show up in the modules directory. Also do you have some feedback on my questions/suggestions from 4 weeks ago here and here? I'd like to know if you plan to add the suggested improvements or if I have to update all my modules manually. When I look at the RockPageBuilder module it (still) looks like this: Is that warning really necessary? Why is that warning shown to regular (non-logged-in) users? IMHO it doesn't add any helpful information for them. How would a guest user add or update the readme of my module? I understand that my module does not have a readme, but it has extensive docs here: https://www.baumrock.com/en/processwire/modules/rockpagebuilder/docs/ I put a lot of effort into these docs so it is frustrating that all that is visible in the modules directory is an ugly red warning. Even worse I think this warning can make the impression that the module is dead or not actively maintained, which is not the case and which would be harmful to my business. The "Project" button does nothing when I click on it. What is it intended to do? And why does it appear on my modules page? And all that said, why does that lead to my modules not being shown in the list of paid modules? Or is there another reason for that? Next, a minor thing: Why does it show "Since 2025/01/10" and does it have to be like this? On my releases page the oldest release is v3.6.0 from January 2023 and it would be nice to make it obvious that this module has a long history and has always been actively maintained, updated and improved. I understand that this is likely the date when I added the module to the directory, but it's imho nothing that adds value to my module's entry. Could that be made configurable so that I can show the real release date or instead only (not additionally) show the last updated date there, which would be more helpful information for anybody I guess? Thx

I just published an update that might be of interest to some: the ability to transpile any MJML code without it being part of a template. From the release note: This new release extracts the transpiling of MJML to HTML into its own public method allowing you to call it for any arbitrary piece of MJML code, instead of having to have the code in a template file: $mjml = "<mjml></mjml>"; /** @var PageMjmlToHtml $pmh */ $pmh = $modules->get("PageMjmlToHtml"); $result = $pmh->transpile($mjml); if($result->code === 200 && empty($result->errors)) { echo $result->html; } By default the options’ values are the ones set in the module’s settings. This new method is also hookable, which means you can for example set different options depending on the template: $wire->addHookBefore("PageMjmlToHtml::transpile", function(HookEvent $event) { $mjml = $event->arguments(0); /** @var Page $page */ $page = $event->arguments(1); $options = $event->arguments(2); if(!$page->id || $page->template != "specific-template") return; $options["relativeLinksParams"] = "utm_campaign=new-campaign-title"; $event->arguments(2, $options); });

SSE (Server-Sent Events) would be a game-changer for ProcessWires core, and the trash functionality example perfectly illustrates why: The Current Problem: As you mentioned, the current trash system is painful - deleting hundreds of pages requires multiple confirmations, long waits, and often timeouts. Your clients shouldn't need API knowledge just to empty their trash efficiently. How SSE Solves This: One-click bulk operations: Start deleting 1000+ pages with a single confirmation Real-time progress: "Deleting page 234 of 1000..." instead of a frozen screen No more timeouts: SSE keeps the connection alive, bypassing PHP execution limits Graceful interruption: Users can safely stop/pause operations if needed Beyond Trash - Core Benefits: I have written several converter or importer modules for my clients, that import data and transform them into pages or a payment matcher module, which compares bank statements with invoice pages inside of ProcessWire. For all of these modules I wrote custom SSE Event handlers myself which is much boilerplate and duplicated code as Bernhard mentioned. Imagine every ProcessWire installation having this built-in: Import/export operations with live feedback Batch page operations (move, publish, unpublish) Asset processing (image optimization, file management) Search index rebuilding Module installations and updates Why Core Integration Matters: Standardized approach: All modules can use the same SSE implementation Better UX across the board: Every long-running operation becomes transparent Developer-friendly: No need to reinvent the wheel for each module Professional feel: Matches modern user expectations from enterprise CMS Addressing Adoption Concerns: I can't predict what percentage of users would use this feature - nobody can provide statistics for something that doesn't exist yet. But consider this: every ProcessWire user who has ever dealt with timeouts, batch operations, or large imports would benefit immediately. The feature would be invisible to those who don't need it, while being invaluable to those who do. Your modules already prove SSE works brilliantly with ProcessWire. Making it core functionality would elevate the entire ecosystem.

Thanks for your feedback. I usually also upgrade, whenever there needs to be something done on the website. From a security perspective I also don't think there is a need for auto upgrades, because there are never security risks, that need to be fixed. Auto upgrades would be nice mainly for convenience. ?