Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by dragan

  1. dragan

    Hacking attempts

    Maybe a directory traversal attack (to install backdoors or whatnot). I would immediately contact the hosting company, and also check for suspicious files. Lock down your forms, or any other potential areas that allow user-input.
  2. Another issue: If I use wireRenderFile(), I get this fatal error: This used to work just fine with the previous version (v.7x), and the assets/file/ folder definitely exists.
  3. Yeah... using inline SVGs works just fine... until you want to style fills or strokes via CSS. I have updated rockPDF just now, and noticed that there's something buggy with using custom fonts. I have the fonts both in site/templates/fonts/ as well as in site/assets/RockPDF/fonts/. I have now also placed them in site/modules/RockPdf/vendor/mpdf/mpdf/ttfonts, cleared modules cache, but the error persists. I've looked into the module code, and presumably somewhere here the paths are defined: public function init($options = []) { // make sure the assets folder exists $this->wire->files->mkdir($this->wire->config->paths->assets . $this->className . '/fonts', true); $this->settings($options); } public function settings($options = []) { // merge defaults $defaults = [ 'tempDir' => $this->wire->files->tempDir('RockPdf'), 'fontDir' => [ __DIR__ . '/vendor/mpdf/mpdf/ttfonts', $this->wire->config->paths->assets . $this->className . '/fonts', ], ]; $options = array_merge($defaults, $options); Any clues how to fix this?
  4. Sorry, didn't fully read your post (re: SVG) - pls ignore this post.
  5. This is not a question about PHP, but a matter of your frontend. You should look into the Cache API, indexedDB and service workers. What you probably want, it to build a progressive web app. https://github.com/pazguille/offline-first https://ponyfoo.com/articles/backgroundsync https://www.twilio.com/blog/2017/02/send-messages-when-youre-back-online-with-service-workers-and-background-sync.html https://github.com/pulseshift/lunch-pwa https://github.hubspot.com/offline/docs/welcome/
  6. @cosmicsafari Well, you could take a look at the BCE module... Did you look at server logs? Did you also try with a very small CSV file - maybe it's not the size of the files, or the time it takes to process everything, but some stumbling blocks in your code ? I would first try it with adding output formatting set to false, and then also use sanitizers (you can never trust user input), or at least trim(). I also noticed this line $p->name = $name.'('.$lat.','.$lng.')'; which doesn't look OK. PW page names can't have special characters like (). Use the page-name $sanitizer and get rid of the () (or any other non-allowed characters).
  7. yeah well... no matter what system you use, that's a bad idea. Tracy Debugger can wreak havoc if used by non-trusted users (terminal, Adminer, console etc.). But you don't want to remove and install it again each time you log in as legitimate superuser, do you?
  8. @hollyvalero I tried it as well (hook is also in site/ready.php), and everything works just fine. Just copy-and-pasted the hook, and used the list example, and adjusted the selector. It even works within a partial I load via include_once() and cache the output with MarkupCache 🙂 Do you run an ancient PHP version, by any chance? See Ryan's note about PHP < 5.3 Also, did you find any hints with Tracy Debugger?
  9. @Marco Ro If you would draw a little sketch, and show exactly what you want to do, and how it's supposed to look like visually (it's still not clear to me from your description), maybe there is a way with CSS only. And perhaps also show what it looks out now, out of the box, for comparison. e.g. if all you want is to place the label on the left, and the input on the right, you could do it easily with flexbox: https://codepen.io/dragan1700/pen/JjdRYVE
  10. @Marco Ro Why do you want to change that? And what's the situation? Do you use PW's inputfield form to create forms in the frontend? Do you want to re-style the labels and/or input fields? Maybe there's a CSS solution? Or is this even something from FormBuilder?
  11. You don't need PHP at all. I'd suggest to use Google Optimize (and a linked Google Analytics account where you set up your goals) instead. Here's a nice tutorial. (you can skip more or less to step 3 "Create an Experiment" - and make sure you also include the "anti-flicker" stuff at the end of step 2)
  12. I agree too that this should be added to the styleguide, and I also configured my IDE to strip trailing whitespace on save. However, if we're talking about diff tools, it's just as easy to configure them to ignore whitespace (and even empty lines). PHPStorm Git has the option --ignore-whitespace you can use. VSCode: File => Preferences => Settings => Diff Editor => Ignore Trim Whitespace.
  13. @joshua Nice! Thanks for sharing. Can this module be used for multi-lingual sites? i.e. If I wanted to translate the banner texts and labels, is that possible out of the box? Or would I have to manually re-define the module's text fields as text/textarea language?
  14. OMG... wish I knew that some such shortcut existed before.
  15. @wesp Well, that ain't so easy. If you wanted to make it behave like that - and make sure you don't break user's back-button in the process, and make sure people actually scroll to the section if they share/bookmark such a pseudo-link - you should use an SPA framework like Vue instead, where you have such custom routing functionality already built-in. otoh, it's quite easy to hide / remove the #section1 completely from the location bar - but that's not what you're after.
  16. @wesp You don't need the Functions API for the functionality you asked for - it's just the syntax Zeka used that requires it, e.g. pages() instead of $pages etc. I have tried this combination here, and it works fine: // at the very top of home.php if ($input->urlSegment1) { $pagename = $input->urlSegment1; $match = $pages->findOne("template=article, name=$pagename"); if (!$match->id) { throw new Wire404Exception(); } echo $match->render(); return $this->halt(); } // site/ready.php // taken from this great case study: https://processwire.com/talk/topic/3987-cmscritic-development-case-study/ wire()->addHookBefore('Page::path', function($event) { $page = $event->object; if($page->template == 'article') { $event->replace = true; $event->return = "/$page->name/"; } }); If you copy-and-paste, pls note that my template is called 'article', not 'article-page' 🙂 Attached also the home template URL segment settings.
  17. @uncle_bobson Another way to achieve more or less the same thing, is to use PW's markup cache. Perhaps not suitable if you have intervals of just seconds, but for other use-cases. Of course, that approach won't help if you expect the data to update without page-refresh. But maybe helpful if you have a lot of traffic, and want to reduce "behind-the-scenes" queries.
  18. @nabo What's your use-case? From a security point of view it's not a good idea to allow everything. Surely you have an idea what kind of file-types will be used? I found another forum thread where basically the same question was asked, and the gist of it was: No, you can't. Leaving the allowed extension config list empty makes it unusable, and just entering a wildcard * won't work either. @ryan takes security matters very seriously, and personally, I wouldn't want to have such a "everything goes" option built-in the core, too. If you have to, for some reason, import data from another system, and create / populate fields via API (batch actions), you can temporarily allow each file extension that comes your way, and then switch back to a "normal" default set after save. But I guess you were asking about using the GUI options.
  19. basic example / ideas: document.addEventListener("DOMContentLoaded", function (event) { const trackedLinks = document.querySelectorAll("#content a"); // adjust selector as needed trackedLinks.forEach(function (n) { n.addEventListener("click", function (e) { e.preventDefault(); const href = e.target.getAttribute('href'); console.log(href); // api = special page with tpl and URL-segments enabled: fetch(`/api/linktracker/?url=${href}` , { method: "GET" }) window.location = href; }); }); }); (That's vanilla JS / ES6) if ($input->urlSegment1 === 'linktracker' && isset($_GET['url'])) { $url = trim($_GET['url']; // save to a textarea inside PW: $pg = $pages->get("123"); $pg->of(false); $pg->linktracker = $pg->linktracker . "\n" . $url); $pg->save(); // save to a custom DB table: $myDB = new PDO("mysql:dbname=linktracker;host=localhost", "root", "******", array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'")); $trackLinkQuery = "UPDATE tablename SET click_count = click_count + 1 WHERE url=`$url`"; $query = $myDB->prepare($trackLinkQuery); $query->execute(); // udpate a text-file file_put_contents('path/to/file.log', $url); // if those links are saved inside repeaters or similar, add one int field that you can increment / update: $pg = $pages->get("123"); $pg->of(false); $pg->linktracker = $pg->linktracker +1; // or whatever / wherever your field is.... $pg->save(); } These are 4 basic ways how you could handle it - there are certainly more 🙂 Hope that gives you some ideas.
  20. That's a classic use-case for Google Tag Manager. But you can do it yourself with a bit of JS + PHP. Basically: assign a CSS class to these links, and write a litte function that posts the link href attribute to a PHP script, which in turn updates a field in PW.
  21. Indeed. It once took me ages to find out why. Since then I keep it installed, but only activated for certain templates 🙂
  22. Well, you can build just about anything with any (or without) frameworks. Now I'm even more confused. You certainly don't need PW just to "send JSON files". Perhaps you'll get more productive tips and pointers if you describe what it is that you are actually trying to achieve. That's as vague as it can get. So it's now PW, but... what? Perhaps you should take some time and describe what you actually need to accomplish. And what this "backend" looks like (technically).
  23. @manlio If you want to enhance PW's backend, you're free to use whatever you find useful. Depending on the actual task / use-case, adding Vue.js or a similar SPA framework may be overkill. But if you need to build a fancy dashboard / complicated admin pages, then Vue can perhaps add some nice extras. Care to elaborate on this? You mean "where should these extra frontend assets be stored?" Typically under site/templates. Static assets maybe rather in site/assets/. Make sure to check out @bernhard's epic tutorial about building your own PW module / dashboard. There's a lot of stuff "under the hood" to discover, with functionalities already available out of the box. So if you think about building something along those lines, adding a big JS framework might be overkill, too. Generally speaking it's best to get a solid grasp of vanilla JS. Frameworks tend to make you lazy - e.g. when you're using frameworks to solve problems that vanilla JS can solve just fine by itself. A little recommendation: Here's an excellent tutorial where you learn (among other things): Nuxt Vue.js Dynamic routing (pages, categories) Axios Frontend communicating with a headless CMS (I have re-written the relevant code-bits to work with PW instead of Cockpit) Dynamically setting title tag + meta (stuff that some frontend devs often don't care about - but your customer surely will) Deployment on Netlify (not that I would actually need that - but I guess it's nice to know what the fuss is all about) I skipped several parts... Markdown, Tailwind... and I'm only done with half of it. But it's fun to see how easy it is to have PW generate one or two JSON files, and you're good to go (especially when you have a PW site already with lots of content to play around with). It depends if you really want to learn about all these things ("Developing website is not my primary job"), but it can't hurt.
  24. Sorry, I know it's beta, I read (and can only imagine) how much work was involved. And as I stated before, it really is a nice touch to have that luxury of installing a few test pages instead of having to create them manually from scratch - just with a few clicks. And I was seriously impressed by the feature-set, the dashboard etc. However, uninstalling a PW module (no matter how big, if free or commercial) shouldn't be something that takes more than 2-3 minutes. I'm probably spoiled, but I just thought I'd mention it here anyway.
  25. @Gadgetto OK, since I don't really need any kind of shop solution, I decided to uninstall SnipWire. That was... an unpleasant experience. This took me about half an hour. The regular module uninstall routine didn't work for anything SnipWire-related. There were warning about pages or fields or templates having the system-flag. The page under admin > setup was undeleteable. In the end I had to delete two pages that were in the trash directly in the database. I hope there is nothing else left in the PW installation now in some hidden corners...
  • Create New...