dragan

Another (rather lo-fi) setup could be: Use dev template files, as alternative templates. For testing out new content, you can leave pages unpublished and still preview them when logged in. If your client (role) has permissions to switch templates with Tracy Debugger, there the template switcher panel you could use. https://processwire.com/blog/posts/introducing-tracy-debugger/#template-path-panel https://processwire-recipes.com/recipes/use-different-sets-of-template-files/

Well, there's a plethora of PW sanitizer methods: https://processwire.com/api/ref/sanitizer/ A good combo might be: https://processwire.com/api/ref/sanitizer/chars/ https://processwire.com/api/ref/sanitizer/min-length/ And of course native PHP has many methods you can use in addition to the PW API functions (some of them are just wrappers or combinations of native methods).

Oh, don't worry, I always do that, in addition to all sorts of user-input sanitation/validation. I was rather just speaking theoretically. Thankfully, PW code in the site profiles has plenty of useful examples with comments, which will hopefully prevent newbies to omit such checks. After all, we can't expect PW to handle everything for us; it's always up to the developer to take care of security and best practice.

I strongly disagree. An empty string is useless. (maybe "correct" in a strictly SQL / theoretical / technical view, but not in the context discussed here) It's funny that * returns empty string, but ? or ! return ""?"" and ""!"". I'm really surprised (knowing how important security is for @ryan). Does that mean that a malicious attacker could potentially bring a server to its knees by searching with wildcard automatically x times per second?

I found some other strange stuff (only tested in Tracy): $q = "*"; $query = $sanitizer->selectorValue($q); $pgs = $pages->find("parent=1041, include=all, vertec|title|name|remarks%=$query"); d($pgs); This returns everything. Every single page inside parent id 1041. ! returns a seemingly random amount of results (74 out of 1061) - completely wrong. ? does the same, but returns 73 instead of 74. So, I guess you'd have to manually sanitize the query yourself: Check if minimum string length is 3. Remove charactes such as ! & *. And of course, make it a habit to narrow results down (according to template, parent, not in trash, etc.). I would expect PW to throw some sort of error if a search string is less than 3 characters. Maybe the results may differ if I actually used it in a template (outside Tracy) and not logged in as superuser, or with debug off. But still, this behavior truly puzzles me.

https://adrianbj.github.io/TracyDebugger/#/debug-methods?id=dump In case you haven't installed Tracy Debugger yet, you should do it NOW

First of all thanks for the nice write-up and congrats to your re-launch. I'm curious: If you install a sub-directory into a WP site, or let's say just a .php file at WP root, it can't be accessed due to WP's own redirect (.htaccess) rules. Did you have to add some .htaccess exception for this? There are two modules out there. They seem to be quite old, but did you consider using one of them anyway? I agree that an "out-of-the-box" solution would of course be preferrable. Feel free to add this feature to the wishlist / roadmap list (if it isn't there already).

Are you aware that you can fully rewrite the UIKit admin theme? Just copy the wire/modules/AdminThemeUikit folder to site/modules/. The next time you load a page in the backend, PW will ask you which version you'd like to use. You can even choose if you'd like to use SASS or LESS, iirc. If that's overkill for you, you can just override paddings and margins if you write / load an extra admin.css. But the first thing you should consider, is to simply configure the admin theme via GUI @ site/backend/module/edit?name=AdminThemeUikit&collapse_info=1 And of course, PW lets you define borders, paddings, margins and background-colors on a per-field basis.

I had to do something similar once. Here's something you might try as a starting point. A hook in site/ready.php : if ($this->page->template == 'admin') { $this->addHookBefore('Pages::saveReady', function(HookEvent $event) { $form = $event->object; $page = $event->arguments(0); $user = wire('user'); if($page->template == "basic-page"){ $summary = $page->summary; $languages = wire('languages'); // see wire/core/InputfieldWrapper.php $item_error = "<p class='InputfieldError ui-state-error'><i class='fa fa-fw fa-flash'></i><span>{out}</span></p>"; $js = "<script>$(\"wrap_Inputfield_summary div.InputfieldContent.uk-form-controls.langTabsContainer\").append(\"$item_error\");</script>"; foreach($languages as $language) { if($language->isDefault()) continue; $user->language = $language; $langName = $language->name; if(strlen($summary)<50) { $form->error("Summary in $langName is too short!"); // regular error message at the top } } } $event->return = str_replace("</body>", "$js</body>", $event->return); // flash error msg on the field }); } (Adjust template and field name of course) This will still let the page save, and only display a red error msg on top, not the actual "required field error". I have no idea how PW does that.. I'd have to dig around in the core files, but no time atm... Of course it would also be nicer if the actual error message would be displayed in the user's language (d'oh)...

What do you need this for? Is it just for the backend, i.e. what you see in the page tree? If that's the purpose of your hook, you could use custom page list titles. There's a core method for that in advanced mode, and several modules.

$selector = "template=expertsItem, location=$location, department=$department, id!=2131, sort=expertSurname"; ? or if you're trying to exlude the page you're on, you can use id!=page.id

Seems like you have to install this permission first: https://processwire.com/blog/posts/processwire-2.6.15-makes-the-permissions-system-a-whole-lot-better/ (it's optional). https://processwire.com/docs/user-access/permissions/#page-hide It's under site.com/backend/access/permissions/add/ -> show system permissions

try this .uk-slider-items li { display: table; }

There are roughly three types of ("official") templating strategies in PW: Direct output (php echo everything immediately) Delayed output (what you seem to be using, i.e. output var $content just once) Markup regions If you really are using delayed output, you would have to rewrite this, e.g. like $src = $page->header->first()->url; $alt = $page->header->first()->description; $content .= "<img src=\"$src\" alt=\"$alt\" /> Your header most likely comes before the main content (body), so you just have to figure out where to insert the above code. It may not be in the basic-page template file, but somewhere else. Note that $var = 'foo' will override anything else that came before, i.e. if you defined $content = 'your-header-code' before, $page->body will completely reset your $content variable, not append to it.

@ryan Don't know if you have noticed it: The developer map is broken (lots of JS errors). Did that break after the redesign?