Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by teppo

  1. While I kind of share your opinion on the vendor lock-in thing, I don't think this is going to be a big deal β€” as Ryan pointed out the vast majority already use GitHub, even though some popular modules are currently on GitLab. Looking at this from Ryan's point of view it's likely less work to develop (and maintain) features when you're using a single API rather than multiple... and if that helps Ryan keep things up and running, I think it's a good approach. Also personally every time I want to report an issue or send a pull request (or merge request in GitLab) it's a bit of a nuisance if the module is not hosted on GitHub. What I'm trying to say here is that since GitHub is the most popular option by far, as well as the platform we're using for core development, hosting third party modules there makes collaboration easier πŸ™‚ Regarding "own git" or "custom download URL" it's good to keep in mind that a lot of the data can be pulled automatically via GitHub API, and this would defeat that purpose. Custom download URL would also be potential risks in terms of security β€” public git repository, and preferably one with a GUI, is a must-have for this exact reason.
  2. Awesome β€” thanks Joshua! Just a heads-up: I've opened a new PR for you to check out at https://github.com/blaueQuelle/privacywire/pull/10. This is quite opinionated, so let me know if you don't feel it's a great match with the module. Basically what I've added is support for the textformatter module to replace embedded media/video iframes with PrivacyWire enabled ones. It's mainly a compatibility layer for TextformatterVideoEmbed πŸ™‚
  3. Hey @joshua! I'm not sure if this is a real bug, but on one site I have a script like this: <script id='taeggie-feed-widget-script-xxx' type="text/plain" data-type="text/javascript" data-category="marketing" data-ask-consent="1"> jQuery.getScript(...); </script> This works and the consent info/request box is displayed. If I click the "accept" button from this info box it goes away and the script gets executed, so all is good in that case β€” but if I instead click the "accept all" button from the (separate) cookie management banner, the info and accept button next to the script are not removed. Note that the script works as expected regardless of which accept method I use, so the only issue here seems to be that the info box / accept button are not removed. If I refresh the page, they are gone. Is that a bug, feature, or user error? πŸ™‚
  4. Hey @Ivan Gretsky β€” thanks πŸ™‚ With latest version (just released, 0.27.0) you can make the module store page ID as an indexable field. This will allow the page to be found by its ID (since that is now included in the index) OR you can use syntax such as page.id:1234 to specifically search for a page with this ID (though this would likely also match page.id:12345 etc.) Of course id:1234 will also work, but may result even more false positives. If you update to the latest version of the module, note that you also need to add id as an indexable field and rebuild your index before this will work.
  5. Just checking: do you have VersionControl module installed? Core doesn't (as far as I know) have this kind of error anywhere, so it could be a third party module (and VC is one module with that exact error message) πŸ™‚
  6. New release β€” 0.18. This version adds Tracy panel for Wireframe: Obviously the panel will only show up if both Wireframe and Tracy are installed. Currently it displays some content I thought could be useful while developing, but I'm open for suggestions. Tracy doesn't really enforce any rules here, so in the future the panel could also provide interactive developer tools or something along those lines... just not sure yet what would be useful πŸ™‚ Thanks to @adrian for adding support for custom panels!
  7. Looks like someone (apparently a single user) has been going around forums and vulnerability databases posting about a ProcessWire "local file inclusion" vulnerability, claiming that in a specific old version of ProcessWire (2.4.0) simply passing "download" GET attribute to index.php is enough to download any local file on the system, including files that may be outside the ProcessWire installation path. This is not a real ProcessWire vulnerability β€” this kind of argument has never existed in any version of the system. Simply put the report is either fake, mistake, or there could be some custom-built vulnerable piece of code (or other vulnerable software) on the host resulting in this behaviour. We take such claims seriously, however unlikely they may seem, so just to make sure I've just checked parts of the codebase in both 2.4.0 (where this is supposedly occurring) as well as various later versions, and there's zero evidence to back this claim up. I've also manually tested this on various setups, including a brand new 2.4.0 installation, to no avail. (Note: I wouldn't post about this here unless the original claim was relatively widely spread. Just felt it made sense to clear things up.) --- That being said: as one builds sites using ProcessWire (just like with any other system) they need to be careful not to introduce vulnerabilities of their own. ProcessWire is armed with brilliant tools for preventing common vulnerabilities β€” the selector engine helps avoid various SQL issues, Sanitizer has many tools for cleaning up dirty data, SessionCSRF makes implementing proper CSRF protection downright trivial, etc. β€” but it can't protect you automatically from every mistake πŸ™‚ More security tips: https://processwire.com/docs/security/.
  8. This is intentional; specific system pages are by default only displayed to the superuser role. Trash is a special case that may be displayed to non-superusers as well. Whether this decision makes sense is, of course, another question. In my experience it has been a good thing, and I've never personally come across a reason to display the Admin area to non-superusers that wouldn't be better solved in some other way πŸ™‚
  9. For the record I've merged your question to the Markup Load RSS support thread. The Modules/Plugins area of the support forum is dedicated to third party module support threads, one thread per module β€” please try to post your questions to the applicable thread if one exists. Thanks! Here's one of the examples from the first post in this thread: <?php $rss = $modules->get("MarkupLoadRSS"); $rss->limit = 5; $rss->cache = 0; $rss->maxLength = 255; $rss->dateFormat = 'm/d/Y H:i:s'; $rss->load("http://www.di.net/articles/rss/"); echo "<h2>{$rss->title}</h2>"; echo "<p>{$rss->description}</p>"; echo "<ul>"; foreach($rss as $item) { echo "<li>" . $item->title . "</li>"; } echo "</ul>"; It seems to me that this example is doing pretty much exactly what you asked, i.e. it loads a feed using this module and then outputs the title of the "channel" element from the feed, as well as a list of found items. Please let me know if I misunderstood your question, though.
  10. To be fair I believe we're on the same page here, except for one detail: those modules β€” Seo Maestro and Markup Metadata β€” are actually two very different solutions. In fact what you're describing is exactly why we use Markup Metadata by default in our projects: there's no GUI, and a big part of the markup is based on globally defined values or values from (pre-existing) page fields. It's just a markup module for handling the repetitive task of rendering a standard set of metadata elements, correctly and consistently, from project to project. That being said, in my experience some people prefer a more complex approach, either because they actually need it or because they think they do β€” and if a client was specifically requesting feature set similar to that of Yoast, a solution such as Seo Maestro might be just what you need to convince them that they don't need to go with WordPress just for that πŸ˜‰
  11. Same. I also tend to bundle these with fields for open graph metadata, option to override page title separately, and whatnot. You might want to check out module solutions if you haven't yet. Seo Maestro is a neat one, and MarkupMetadata is what we use for our web projects (though latter one doesn't provide a GUI for content editors, it's just for generating proper markup). My experience is similar: the content analyzing features of Yoast have never been particularly useful for me, in part because I've mostly worked on non-English sites where they don't seem to work so well. Also these reports seem to β€” at best β€” provide a rough estimate of how good your content might be, and (in my opinion) there are better tools for that. If your clients are often interested in doing "hardcore SEO", I'd definitely dig into external tools and see if there are some that you can recommend instead. Yoast has some nice features for working around WP's shortcomings, and I've found their "helper" tools (such as breadcrumb creation) pretty handy in the past. ProcessWire, on the other hand, makes things like breadcrumbs and canonical links trivial, and the structure is often so straightforward that you don't need to do a whole lot to make your site "SEO friendly". One thing to note is that Yoast actually does handle "modular pages" relatively well. Last I checked it required a separate plugin and only worked if your content was all visible in the editor, though. My understanding is that it just mashes it all together and then does its magic. Crude perhaps, but in many (if not most) cases this provides decent results πŸ™‚
  12. Awesome! ... well, not awesome that the DNS was messed up, but you know, awesome that they got it solved β€” eventually πŸ˜‰
  13. Hope they can help. If I got this right and the name server doesn't know the domain, this definitely sounds like a DNS issue. Though I may have misunderstood what you meant here. Just for the record what I meant by "Linode changing something" was just whether they might've changed the IP of the server, or something along those lines. Though if your other domains point to the same domain and have identical DNS records, that'd be an unlikely scenario. Anyway, this is very much just guesswork. If you don't get answers from namecheap but can share the domain name with us (or via PM), I could also take a look. Sometimes two pairs of eyes see more than one, etc. πŸ™‚
  14. Most likely a silly question, but are you certain that the DNS records point to the correct address? Linode didn't change anything regarding these when they upgraded the server? If you check the records for this site manually (host -t A www.yourdomain.com, or nslookup -type=A www.yourdomain.com if you're on Windows), are they correct? Also: if you try the domain with a service like https://isitup.org/, does it work there? Just trying to figure out if it's an issue with your environment, or a more widespread thing πŸ™‚
  15. See the API post: $image->pim2Load('wm')->removePimVariations() should do it, though you'd want to make sure that you don't leave this code in place longer than you need it (probably won't do a lot of harm, but it'd be pointless). I'm not sure if pim stores the images as regular variations, but if it does, you can also remove them by hand from the admin (edit the image and you should see variations somewhere in the GUI). I wouldn't worry too much about those old variations, though. Most likely you haven't generated so many of them that they'd take considerable space on the disk, and anyone opening them accidentally is also quite unlikely.
  16. It seems to me (based on a very quick glance at the code) that both 'center' and 'c' are acceptable. Could you try setting it to 'center', then removing the generated image variation, and then loading the page again? My initial guess would be that the image is not changing since you're getting the previously created image back. Alternatively you can provide a different prefix value for pim2Load; something like pim2Load('wm2', [...]).
  17. Right β€” seems like it's an issue with formatting, i.e. single quote gets escaped (converted to HTML entity). Try $sanitizer->selectorValue($page->getUnformatted('title')) instead, that should work.
  18. Have you tried running the title through $sanitizer->selectorValue()? That's what you should be doing anyway, passing "raw" values to selectors is never a good idea β€” even if said value comes from a field on the page πŸ™‚
  19. To my best knowledge there's no easy way around this, except for not using the MultiPHP Manager in the first place... which might not be an option for your use case πŸ™‚ Some (possibly awful) ideas you could try: Perhaps you could disable overriding PHP settings via htaccess on your dev server by defining more restrictive AllowOverride option in your virtual host? AllowOverride also works on a per-directory basis, so I believe you could disable these for this particular site only, in case you're hosting multiple sites on this environment. How 'bout manually creating matching directory (/var/cpanel/php/sessions/ea-php72) on your dev server for storing sessions for this site? It sounds to me like cPanel will make these modifications automatically. If it also remembers all values somehow (in database or some other config file) and then repopulates them on first request or something, perhaps you could manage just one version and let cPanel work it's magic automatically after deployment? Not sure if that's exactly how it works, and whether that's feasible in the first place also depends on what your dev/deployment workflow looks like... πŸ™‚ It'd be great if the folks at cPanel provided some way to decide where specifically these rules should go, but I guess that'd be a new feature request. Based on some googling it also looks like when they introduced the automatic modification part, they broke quite a few sites in the process. Not cool πŸ™„
  20. Not plain PHP, but there are a couple of ProcessWire modules that can help you here: Page Image Manipulator 2 has multiple methods for watermarking images. AvbImage provides a method called insert(), which (to my best understanding, haven't used it myself) applies another image on top of the first one (so, basically, creates a watermark).
  21. Hey @joshua! Would you consider making this module installable via Composer? Technically this just requires a) adding a composer.json file where you specify project name, type ("pw-module"), and a dependency for installer plugin (preferably wireframe-framework/processwire-composer-installer), b) adding the project to packagist.org, and c) (optional, but recommended) setting up a webhook between GitHub and Packagist so that new releases become automatically available at Packagist (or giving Packagist the permission to handle this step). Here's an example composer.json from ProcessRedirects: https://github.com/apeisa/ProcessRedirects/blob/master/composer.json. Thanks in advance for considering this πŸ™‚
  22. I've had similar issues with Chrome (probably because that's the only browser I really use) many times over, though not sure if it's ever occurred with a ProcessWire site. From your description it seems quite likely that "something" in the browser itself gets stuck β€” I'm really not an expert here, but again it's happened a number of times for me, and only things that seem to help are a) waiting until it goes away (could be a long wait), or b) rebooting the browser. Pretty much just guessing here, but I'd suspect either some sort of JavaScript issue, a problem with a browser extension, some sort of network issue, or perhaps some piece of software installed locally. Ad blockers, for an example, are known to cause browsers to freeze, but typically only under some very specific conditions. (I've also helped clients debug some pretty weird issues cause by firewalls or virus scanners.) Probably not very helpful, sorry; if you can see any console warnings or such please let us know, that'd make debugging much easier πŸ™‚
  23. I've had this issue on some occasions, though for me it's been more like "sometimes it works, sometimes it doesn't", rather than not working for some pages at all. Never could really debug what it was all about since these have been very random occurrences, but your guess about some sort of JavaScript conflict seems reasonable. I've not had a proper look "under the hood" but I believe that front-end editing works by essentially duplicating your content behind the scenes, so the issue could also have something to do with the structure of the pages in question. Do they differ somehow from the pages where this works as expected? When this happens, do you see any JS errors in the dev tools console? Do you have any particular JS libraries etc. loaded β€” jQuery and the likes? Also, which editing option are you using and which version of ProcessWire do you have installed? Sorry for the load of questions β€” I'm really not sure what could cause this, but perhaps we can at least narrow it down a bit πŸ™‚
  24. Hey @bernhard! Thanks for reporting this. The latter problem is connected to the first one. Config screen asks the main module for the paths object, but due to a recent change this wasn't available. This is fixed now in the latest version of the module (0.17.1).
  25. This was from browser, so some network latency was included in that number. If I check the render time from the site, it's roughly the same, average being somewhere around 1s. I'm looking at the numbers provided by Tracy for a logged in user, so the higher time is explained by the stuff that doesn't apply to visitors (admin tools, Tracy itself, etc.) Don't have a great testing setup for non-cached visitor execution time πŸ™‚ ProCache is always disabled on POST requests, GET variables and cookies that bypass cache are configurable. I tend to rely on just the normal invalidation cycle β€” I have reasonably short cache time configured, so I don't have to clear the cache manually / programmatically very often. Depends on the use case, of course; for most regular websites it really doesn't matter if the data is 15..30 minutes old, even if it's of the "rapidly updating" sort. It's easy to flush the cache with PHP, though: see https://processwire.com/api/ref/pro-cache/ for more details. As for the "try before you buy" part, I don't actually know if there's such an option. You could try contacting Ryan πŸ™‚
  • Create New...