jacmaes

Ah, there's light at the end of the tunnel. Those annoying cookie banners required by a misguided 2012 European law might soon disappear. One less thing to implement...

@szabesz you'll need to remove the line that I added to block attempts to scan Wordpress, or you won't be able to login: RedirectMatch 403 (?i)(wp-admin|wp-content|wp-login) But you can basically copy and paste from from the code from the original site: https://perishablepress.com/6g/

@Macrura Here's what's above the PW directives in my .htaccess. Notice that I'm pointing explicitly to a 403 html file, right below the 6G directives: ErrorDocument 403 /403.html Start of .htaccess: # 6G FIREWALL/BLACKLIST # @ https://perishablepress.com/6g/ # 6G:[QUERY STRINGS] <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} (eval\() [NC,OR] RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR] RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR] RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REFERRERS] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REQUEST STRINGS] <IfModule mod_alias.c> RedirectMatch 403 (?i)(wp-admin|wp-content|wp-login) RedirectMatch 403 (?i)([a-z0-9]{2000}) RedirectMatch 403 (?i)(https?|ftp|php):/ RedirectMatch 403 (?i)(base64_encode)(.*)(\() RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\. RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$ RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|) RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack) RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ) RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php </IfModule> # 6G:[USER AGENTS] <IfModule mod_setenvif.c> SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot # Apache < 2.3 <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all Deny from env=bad_bot </IfModule> # Apache >= 2.3 <IfModule mod_authz_core.c> <RequireAll> Require all Granted Require not env bad_bot </RequireAll> </IfModule> </IfModule> ErrorDocument 403 /403.html <FilesMatch "\.(js|css|html|htm|php|svg)$"> SetOutputFilter DEFLATE </FilesMatch> <ifModule mod_headers.c> Header set Connection keep-alive </ifModule> # ---------------------------------------------------------------------- # Expires headers (for better cache control) # ---------------------------------------------------------------------- <IfModule mod_expires.c> ExpiresActive on # Your document html ExpiresByType text/html "access plus 0 seconds" # Data ExpiresByType text/xml "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" # Favicon (cannot be renamed) ExpiresByType image/x-icon "access plus 5 days" # Media: images, video, audio ExpiresByType image/gif "access plus 1 week" ExpiresByType image/png "access plus 1 week" ExpiresByType image/jpeg "access plus 1 week" ExpiresByType image/webp "access plus 1 week" ExpiresByType image/svg+xml "access plus 1 week" # HTC files (css3pie) ExpiresByType text/x-component "access plus 1 month" # Webfonts ExpiresByType application/x-font-ttf "access plus 1 month" ExpiresByType font/opentype "access plus 1 month" ExpiresByType application/x-font-woff "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" # CSS and JavaScript ExpiresByType text/css "access plus 1 week" ExpiresByType application/x-javascript "access plus 1 week" </IfModule> ################################################################################################# # START PROCESSWIRE HTACCESS DIRECTIVES # @version 3.0 # @indexVersion 300 ################################################################################################# ....

@bernhard I've used various versions of the firewall over the years (it's usually updated once a year), and while I ran into the occasional conflict a few years back, it's been solid ever since. I'm currently using it on a couple of Apache servers (Ubuntu 14.04 with the most recent version of Apache) on about 6 different PW-powered sites (both http:// and https://), and so far so good. I haven't run any specific test to measure its efficiency, but I see fewer traffic peaks from questionable sources and fewer errors in my logs. And it gives me an additional peace of mind to have this added layer of protection against bad actors. I've added this additional block as my logs showed persistent automated (and dumb) attempts to access Wordpress login or directories. # 6G:[REQUEST STRINGS] <IfModule mod_alias.c> RedirectMatch 403 (?i)(wp-admin|wp-content|wp-login) I don't think this really needs a module as it's a quick copy and paste operation, although it's true that releasing a module would raise awareness and more people would discover it. @Mike Rockett I'm certainly not a Regex expert, but if you look at the "Learn more" section, there are various articles over the years that show how some highly optimized regex rules can go a long way.

Speaking of bad bot blockers, I've had great success with Jeff Starr's robust "6G Firewall" for Apache: https://perishablepress.com/6g/

@horst, I've tried running your bootstrapped script to copy the variations (on PW 2.7.3), but it stops short: It collects the field and displays the crop settings correctly, but then does not iterate over all pages. Looks like it stops running after echo "<hr />"; Edit: tried a test run on another site, and it almost works. Problem is with str_replace that also replaces the domain name (see what I've marked in bold): 'Sorolla and America' sorolla-and-america-optimized.jpg pequeno /var/www/domain.com/site/assets/files/1228/pequeno_sorolla-and-america-optimized.jpg /var/www/domain.-pequeno.com/site/assets/files/1228/sorolla-and-america-optimized.-pequeno.jpg grande /var/www/domain.com/site/assets/files/1228/grande_sorolla-and-america-optimized.jpg /var/www/domain.-grande.com/site/assets/files/1228/sorolla-and-america-optimized.-grande.jpg destacado /var/www/domain.com/site/assets/files/1228/destacado_sorolla-and-america-optimized.jpg /var/www/domain.-destacado.com/site/assets/files/1228/sorolla-and-america-optimized.-destacado.jpg Edit 2: I've managed to fix my problem with a few tweaks, and all files were successfully copied. // now iterate over all pages and rename or copy the crop variations echo "<ul>"; foreach($wire->pages->find("include=all") as $p) { set_time_limit($timelimit); // reset the timelimit for this page foreach($collection as $fName => $suffixes) { if(!$p->$fName instanceof Pageimages) continue; $images = $p->$fName; if(0 == $images->count()) continue; echo "<li>{$p->title}<ol>"; foreach($images as $image) { echo "{$image->name}<ul>"; foreach($suffixes as $suffix) { $old = dirname($image->filename) . "/{$suffix}_" . $image->name; $new = str_replace($suffix . '_', '', $old); // These two lines are my tweaks $new = str_replace('.', '.-' . $suffix . '.', $image->name); $newer = dirname($image->filename) . "/" . $new; // $newer is the new $new below: echo "<li>$suffix<ul><li>$old</li><li>$newer</li></ul>"; if($doFilecopy) { if(!file_exists($old)) { echo "ERROR: original variation is missing!"; } else { if(file_exists($newer)) { echo "file already exists"; } else { $res = @copy($old, $newer); echo "filecopy: " . ($res ? "Success!" : "!ERROR: $res"); } } } echo "</li>"; } echo "</ul>"; } echo "</ol></li>"; if($debugIteration) break; } } echo "</ul>"; exit();

Thanks a million for the detailed walk-through and the full script @horst! I wouldn't have been able to do this without your expertise. You even took the time to test your script, which makes me more confident. It never ceases to amaze me how helpful the PW community is. I'm sure this will help other people who, like me, would like to upgrade but were not sure how to. I'll definitely take the site down before launching the upgrade, and do a full backup of the site beforehand in case something goes wrong.

@horst thanks a lot for your kind help. Being able to upgrade directly would be fantastic. My field is named simply "image" and its formatted value is set to "Automatic (single item or null when...)". Maximum files allowed is set to 0 (no limit). This is the only field in my site that's using the Thumbnails module. Here's a screenshot of the field settings that show that I have set three crops named "pequeno", "grande" and "destacado": And here's how I'm calling the "grande" crop variation in one of my templates: <img alt="<?= $page->title; ?>" src="<?= $page->image->first->getThumb('grande'); ?>"> An example of the filenames, original and output: Original: "spanish_fever.jpg" Output: "grande_spanish_fever.jpg" I hope this is all you need to give me some pointers. Thanks again.

I have a few sites on PW 2.7 using the legacy Thumbnail module. I'd like to upgrade these sites to PW 3x (and the just-released PW3-compatible Croppable Image 3 module) to take advantage of the new goodness, but I'm not sure how best to proceed. I have easily more than a thousand pages that use the Thumbnail module. I think the safest way would be to create a new image field using Croppable as a fieldtype, and leave the current Thumbnails image field untouched as I can't possibly go and recrop thousands of images, especially on live sites. Anyone has tried upgrading? Any advice would be greatly appreciated.

One of PW 3.010's major novelty was the introduction of Horst's new image resizing engine that uses ImageMagick. Now I understand that ImageMagick can convert images to Webp, the image format that Google says can reduce image size up to 34% compared to JPEG. Mozilla is apparently adding support to Firefox, and even the Safari team is playing with it, so it looks like Webp is soon going to be available in most major browsers. If Horst's module can be extended to add Webp conversion, that would be a great addition to PW's already very powerful image manipulation arsenal. I'm currently using the free ImageEngine Lite to serve Webp images to supporting browsers, and the results are impressive. I routinely get images that are between 25 and 60% smaller compared to JPEG, with the same visual quality. I would love to eliminate the need to rely on a third-party service though.

Yep, same error. I managed to do what I wanted by adding after line 266 in "FrontendUser.module" the following code: $value = $field->value; $sanitizedValue = wire('sanitizer')->pageName($value); if ($value != $sanitizedValue) { $field->error('Your username cannot contain uppercase letters, spaces, accents or special characters.'); } But of course hacking the module is not the recommended way to proceed.

Thanks, but when I tried $uname = $fu->form->get('username'); to retrieve the "username" field, I got a 500 Internal error on 3.0.18: Error: Uncaught Error: Call to a member function get() on null in /home/xxxx/public_html/site/assets/cache/FileCompiler/site/templates/register.php:34

@pwFoo, can't get it to work. Could you please post a code sample? Edit: got it by creating a "test" field, but not sure how to apply the same code to the "username" field: $test = $modules->get('InputfieldText'); $test->label = $this->_('Test'); $test->attr('id+name', 'test'); $test->required = 1; $test->fhSanitizer = 'name'; $test->addHookAfter('processInput', function($event) { $currentField = $event->object; $value = $currentField->value; $sanitizedValue = wire('sanitizer')->pageName($value); if ($value != $sanitizedValue) { $currentField->error('Your username cannot contain uppercase letters, spaces, accents or special characters'); } });

How do I check whether the user who wants to register has entered a username that does not contain accents, spaces, and any other characters that are not allowed? Can it be achieved server-side with a hook, or do we have to use something like "InputfieldPageName.js" from the core on the frontend? The issue I'm having is that if someone for example enters a space in his or her username, it will be converted into a dash (which they wouldn't realize unless we indicate it to them specifically), and they wouldn't understand why they can't log in after registering.

I also have an Ubuntu droplet on Digital Ocean. After setting up the free Let's Encrypt SSL certificates, I have activated http/2 and everything runs smoothly. I haven't tweaked my sites to take full advantage of http/2, or run benchmarks to measure improvements though.

Yep, we need a good and gifted soul to pick up this project and make it compatible with PW 3x. Or it could be extended to be the next Pro module (hint, hint, Ryan )

@baba_mmx Any chance to make your module compatible with PW 3x? I would love to try it but it creates an internal server error when trying to login or register.

What about http://www.listjs.com ?

Another +1 for the much better-known split button pattern.

How do you guys deal with editors (or regular users via front-end form submissions) who have their CAPS LOCK key enabled and merrily type in entire paragraphs in uppercase letters as if there's no tomorrow? I don't know why people do this, this drives me crazy Do you detect it on the front end with JS and throw a warning, or "process it in post-production" with something like ucwords(strtolower($foo))? I thought that some simple instructions at the start of the form would be enough, but there's always someone who doesn't read them or just doesn't care.

I'm looking at Amazon SES right now (recommended by MailChimp's CEO in his blog post announcing the change), but I don't have any experience with it. Anyone has used it? Easy enough to set up?

I'm also getting a parse error on 3.08: Parse Error: syntax error, unexpected 'var' (T_VAR) (line 39 of /var/www/example.com/site/modules/Pages2Pdf/mpdf/mpdf.php)

Has anyone tried this module with the 3x branch? I'm getting all sorts of errors after trying to upgrade to 3.05, such as "Exception: Method Pageimage::getThumb does not exist or is not callable in this context..." and "Error: Class 'ProcessWire\ProcessCroppableImage' not found (line 208 of /var/www/my-domain.com/site/assets/cache/FileCompiler/site/modules/CroppableImage/FieldtypeCroppableImage/FieldtypeCroppableImage.module)"

@OllieMackJames, I just double-checked. I'm also on 2.7.3, and I am still seeing reductions between 35% and 50% depending on the image.

This module rocks! Thanks Jonathan. I'm seeing up to 50% reductions in file size with no visible quality difference.