teppo

Umm.. probably a stupid question, but in your picture ProcessWire startup time looks more like 0.6ms than 600ms. Which doesn't seem that bad. Am I reading this wrong?

Sorry if I'm making this even more confusing, but it's really not that difficult, once you grasp the general concept: Consider all data coming from the user dirty. In PW anything that comes from $input. It has to be sanitised and it's always better to be too strict than too lenient about it; don't worry about being overly cautious, that very rarely causes any issues while not being cautious enough.. well, that's another story entirely. Also, there's no such thing as "general sanitizing". It depends on what kind of values are valid in this specific use case. If possible, compare to an array of valid values, but if/when that's not feasible ... if you only want integers, typecast value to int first: $value = (int) $input->post->value; if you only want plain text, use $sanitizer->text(): $value = $sanitizer->text($input->post->value); if a sanitizer feature matching your use case exists, use that; if you want to check for valid page names, use $sanitizer->pageName(), and if you want to check for valid emails then use $sanitizer->email() etc. if you're inserting user data in HTML, make sure it doesn't contain anything that could break the markup: <input type="text" value="<?php echo $sanitizer->entities($input->get->value); ?>" /> to convert all applicable characters to entities (such as " => ") or at least <input type="text" value="<?php echo str_replace('"', '', $input->get->value); ?> /> to remove double quotes, which would obviously cause problems here etc. If you're still worried that you don't know enough of this, try Google; there's a lot of various tutorials about the subjects of validating, filtering, escaping and encoding data (the terms are related but have slightly different meanings, by the way). This Smashing Magazine article, for an example, explains the basics pretty well. Another resource I'd highly recommend is SlideShare presentation from Chris Shiflett, "Evolution of Web Security". The scope of this is much wider than just sanitizing user data, but that's all stuff that any decent web developers should be aware of anyway, so it definitely won't hurt you

Hear me out, guys! Based on extensive user surveys and after tremendous amounts of solo brainstorming (and other other proven methods, such as wearing all of the six thinking hats simultaneously) I've just come up with a new marketing strategy (and slogan) that will most definitely make us unbeatable: How's that for a slice of fried gold? .. and on a more serious note, I've also got tremendous amounts of respect for Kongondo and his work here. Never visited MODx boards and still don't know what the heck Wayfinder is, but he's done some pretty awesome stuff here too In my case it was Antti who threatened to break my legs brought ProcessWire to the company we both worked at back then. Ryan's video was my first contact with the system itself and the thing that really convinced me that Antti wasn't just delirious -- this thing actually looked great!

@yellowled: that sounds just about right. ProcessWire uses Blowfish algorithm for passwords whenever possible (PHP 5.3.0 onwards) and a stronger version of it if PHP version is 5.3.7 or newer. Passwords created in earlier versions will get the update notice and there's at least a chance of problems arising if you go from PHP 5.3.0-5.3.6 to 5.3.7 or newer -- or vice versa. If I'm reading you correctly and the same site can be accessed with multiple PHP versions, I'd assume there being quite a bit of weirdness. That's a problematic situation in many ways, and this is just one of those

Couldn't find a really clean way to do this at the moment, but since the view used in pwlink TinyMCE plugin is essentially ProcessPageEditLink and it's execute() method is hookable, you could try tapping into that and altering the resulting markup (return value of said method). This is first request I've seen for such a thing, but if this sounds like something that would make sense in more cases I'd suggest asking Ryan (by creating a GitHub issue for it) if adding a better way to do this, i.e. new hookable method somewhere before the form markup is generated, would be possible. Edit: almost forgot: welcome to the forum!

There's a bit of difference between operators "*=" and "%=". Quoting from the documentation: In many cases %= is more "forgiving" and generally just finds more results than *=, so I'd try if that helps. It might also make more sense to search by name, which is often identical to title, just all lowercase characters and spaces etc. converted to dashes: // find with name and use %= (SQL LIKE oeprator): $english = $pages->get("template=language, name%=english"); // alternative approach if you know that there's "english" at the *beginning* of the name: $english = $pages->get("template=language, name^=english");

Well, you could always use has(). Depending on what these pages really are etc. try something like this: $english = $pages->get("template=language, title=English"); if ($page->DMC_select->DMCstats_Language->has($english)) { // do stuff }

@Macrura: you're welcome @owzim: didn't realise that core already takes care of this, so it should pretty much work out of the box. At least that's true for Fieldtype Map Marker and repeaters (just tested). For the record, there's now some very basic output formatting (CSV, basically) for array type values built-in. The need for this came up while outputting values from repeaters, i.e. "here's a list of my friends: {{friends.name }}" (which should now output something like "here's a list of my friends: Smith, Johnson, Williams, Jones").

@Macrura: the issue you reported should be fixed now in version 1.0.2 of the module just pushed to GitHub. @owzim: I'll take a look at that, seems to make sense but needs some additional logic

Absolutely no offence taken and trust me; I've no delusions about our way of life, so-called democratic systems or the nature of humankind in general. The world we live in is what we (or those of us with resources and power, in one form or another) make it to be -- and "beautiful" is very rarely how I'd describe it Would love to write a longer note and go on about subjects such as technology being both a method of enslaving people and, on the other hand, liberating them (depending on who uses it and for what purposes). I'm in a hurry here so that'll have to wait, but in a nutshell very few things are purely black or white and there are also a myriad of ways to interpret these things.

Seems that the general opinion of things like Google Glass is rather negative.. or the folks who oppose these are just making more noise than those loving 'em. Even if just to fill the role of contrarian, I'll have to disagree with (what I see as) the general opinion Perhaps it's just that I've grown up watching sci-fi flicks with all sorts of gadgets and ways to use (and abuse) them, but I see at least as many benefits as there are possible, plausible drawbacks to these things. Some of the arguments made against them, such as blaming Google Glass for people being able to videotape and share videos or pictures of public events, seem kind of ridiculous too. How is that a new thing, really? Anyway, personally I find Google Glass an exceptional piece of technology and the concept in general something that will make it's breakthrough at some point (though whether that's through Google's implementation remains to be seen). It's just a matter of time. <rant> About the lecturers turning into cardboard cutouts and tape machines gag: if a pre-recorded message is all the lecturer has to offer (seen that, been there, makes me pretty damn angry each time) by all means please do this. Share a pre-recorded lecture online. Do whatever you have to, but don't force folks to come to that so-called lecture just to hear a non-changing, non-reactive speech you've given thousands of times before. As long as the lecturer knows how to work with the crowd and how to adapt to it's actions and level of knowledge, I don't think this is a real threat.. even if it makes a good gag </rant>

@itsberni: sounds like you're using jQuery 1.9 (or newer) on your site, with .live() already removed. Backend is still using 1.8.3, which has .live() in place. Possible solutions would be either updating the module JS (replace .live() with .on() and make any other related changes) or using an older version of jQuery in your site's frontend.

@Macrura: thanks for reporting this. A bit busy right now, but I'll take a closer look at that as soon as I can!

I'm pretty sure that I've mentioned this somewhere around here earlier, but I tend to refer to usage statistics when discussing supported browsers. Define a minimum usage percentage ("at least 4%" for an example) and if a browser is below that limit, it shouldn't be too hard to convince the client that it's simply not worth it spending a lot of your time and their money fixing things for browser barely anyone uses anymore.. or, if you prefer to be sure, discuss that with the client beforehand and make sure that it's mentioned in your contract. StatCounter is my current favourite when it comes to things like browser usage statistics; their data seems relatively trustworthy and they offer very good tools for filtering and displaying it (and even allow saving it as an image, exporting a CSV etc. for archiving or whatever other reasons). That's what the statistics from last 3 months look around here. Based on that alone I'd say that it's really not worth it to support IE8 (or 10, which people seem to have pretty much skipped). IE9 is a borderline case, so I'd only offer support for it if it's very important to the client (they're a large organisation using IE9 or have such organisations as clients etc.) .. oh, and did I mention that I just love statistics?