HerTha

I just did an update from 2.05 to 2.06. When finished, I checked module config, which told me I currently have no protected pages at all. Truth is, however, there is actually 1 protected page. Also, this page (protection) still worked after the update. I checked on another site where I have multiple protected resources. On this site - after updating - module config showed me all protected pages, however the numeric count in the headline was given wrongly. Could there be a regression in determining the count of protected pages? I use PW >/= 3.0.123 on both sites.

Hi @Wanze thanks for this fantastic module! Is there a way to control how the module's XML sitemap generator handles hidden pages?

What better could you expect for Xmas than a new PW master release! ?

Thank you guys for digging into this! This forum is just awesome! I am trying to summarize: We found out that array syntax is able to handle "!" properly. We also found that there are other workarounds for accepting (or filtering) "&". So, that are all interesting details, good to know. However, the question from my original post is still circulating my head: I thought this has been done a thousand times...

further investigation - I simplified the code to: $a_sel = [ ['template', 'downfile'], ['title|name|indexer', '%=', $a_terms] ]; $results = $pages->find($a_sel); So, there are 3 fields to search: "title", "name" and "indexer" (a textarea field). Still using $a_sel = "&hallo". It turns out, that the error occurs only if: "name" field is present and at least one more field is present The combination "title" with "indexer" works just fine. I have never filed an issue report, but this one could be worth it. Anyone who can duplicate this error?

that extra sanitizer removes the error, Tracy reports $a_sel to be: So, for this case, the documentation seems to be wrong:

well, that mixed lot of quotes makes the error disappear ?️ <scratchinghead>how did you come up with that?</scratchinghead>

I have rearranged the code to use array syntax for the selector: $a_sel = [ ['sort', 'name'], ['limit', $limit_per_section], ['template', 'downfile'], ['title|name|indexer', '%=', $a_terms] ]; $results = $pages->find($a_sel); Now, if $a_terms contains search term "!hallo" then all is fine. Problem solved!? Well, not really. Searching for "&hallo" still crashes: I understand this should not happen, my debugging skills are a bit limited, though...

@Autofahrn thanks for your input! Initially, I thought I am dealing with a general problem. Now, it seems more related to a special combination of details. @Zeka array syntax looks good - worth trying, I'd say! I'll report back once I find more...

Okay, as I have multiple calls to find() on that page, I tried to narrow it down a bit and removed all but one. If the search is for, e.g., "hallo" then all is fine. However, if searching for "!hallo", that particular error (see above) occurs. The offending selector, as Tracy bd() reports: "sort=name,limit=50,template=downfile,title|name|indexer%="!hallo"" I can't see anything wrong with it...

You are using "~=" while I'm prefering "%=" in this place - that's the only difference I can see right now. Should not make a difference, anyway? The error message, when admin, is like: Error: Exception: Unknown Selector operator: '%=!' -- was your selector value properly escaped? (in /home/abcdefg/public_html/wire/core/Selectors.php line 419) Other characters can also do such harm, for instance "?" or "," That site is running on PW 3.0.123, BTW

I am setting up a front-end form to allow visitors to do a fulltext site search. When external input arrives at the system to be processed in database queries, security is a main issue. Therefore, all the (text) input for this form goes through a $sanitizer->text(), as a first step. Then, I thought using a $sanitizer->selectorValue() would be a good idea for building the selector: $results = $pages->find("template=contentpage,title|headline|body%={$sanitizer->selectorValue($search_term)}"); Unfortunately, it turned out to be quite easy to crash the whole thing, for instance by typing a single ! in the search which gives a 500 server error for the visitor. Obviously, there are a number of scenarios (including the ! char) which are not catched by the sanitizer, but need to be taken care of. Anyone who can share a list of forbidden chars or an algorithm to handle the filtering more securely in such a situation? Of course, the whole filtering should not be overly strict, so the visitor can still find a few things...

Just had a similar problem after switching from PHP5.x to a PHP7.1.x system. Fatal error in admin (line 117 of /wire/core/PWPNG.php) while rebuilding a PNG thumbnail. Obviously, utf8_encode() is not necessarily part of core PHP functions (anymore). I fixed the problem by asking my server admin to install the missing PHP XML module. Though, I wonder if it would be a worth the effort to avoid use of utf8_encode() in the PW core altogether? It seems to be used rarely - I found two places only in V3.0.123. Would iconv() do the job?

Website of a small technology business, currently based on Processwire 3 jQuery Magnific Popup Font Awesome Padloper with a fixed pixel width layout should get a new (more mobile friendly) skin, based on UIkit. Looking for help from a (front-end) developer, with good PW knowledge, to create a first mock-up with one typical page/template, including header/footer/menu components. No critical deadlines. Please PM for details. German would be nice, as well as English.

got a copy of ProMailer anyway ?

email is kaputt just saying...

@horst thanks for confirming! And: oughta check the modules directory more frequently. A horn of plenty! ?

okay - seems I have to ask my site admin to install an additional PHP extension - "mbstring" I guess, during a PW install from scratch the presence of this extension is checked by the installer...

On a (quite freshly installed) test site with UIkit3 profile and running on PHP7.1.24 I upgraded to latest dev (3.0.116 -> 3.0.122), which brings up an error message: Fatal Error: Uncaught Error: Call to undefined function ProcessWire\mb_convert_encoding() in /wire/core/Sanitizer.php:1036 Seems to be related to one of the most recent commits? May be specific to that particular PHP version? (sorry for reporting here instead of github)

Lucky us! It has become PW 3.0.116 "Spacy ads" instead

Ouch! Let's keep fingers crossed that PW 3.0.115 "Cat bite" is not follewed by PW 3.0.116 "Emergency room" !!? IOW: get well soon!

You can define an unsubscribe messge In the module config (E-Mail Messages section), for example: To unsubscribe from this newsletter please follow this link: %link%

Thanks @bernhard ! In my particular case, I have a few ocurences of __('en_string') which I would like to apper as translated 'de_string' in the output. I could modify the source(s) replacing strings statically, but that would be rather "quick and dirty". Hm, maybe I could substitute the __() function with my own version...

I wonder, is there some simple mechanism for translating a __('string') for a single language site? I'd prefer to keep Multi Language Support disabled for now.

@justb3a thanks for providing this module! Before starting to use it to collect new subscribers, I had to import a list of existing newsletter subscribers from our old system. The list is just a text file with one email address per line. The amazing BCE didn't help in this case because PW users - while still pages - are somewhat special. I came up with a little script which can be invoked from a browser window: <?php namespace ProcessWire; include("../index.php"); // bootstrap PW /* * import newsletter subscribers * from a file 'subscribers.txt' */ $file = fopen("subscribers.txt", "r"); $i = 0; while(!feof($file)) { $line = fgets($file); if($line == '') { continue; } $email = $sanitizer->email($line); if($email == '') { echo 'misformed email rejected: ' . $line . '<br>'; continue; } $name = 'zzz-import-' . sprintf('%05d', $i); $u = new User(); $u->of(false); $u->name = $name; $u->email = $email; $u->addRole('newsletter'); $u->save(); $log->save('newsletter', "User {$u->name} has been successfully subscribed with email {$u->email}"); $i++; } fclose($file); echo "<br>{$i} subscribers imported.<br>"; I am not sure if a lot of other poeple need something like that as well - if so, maybe adding an "import" feature for the NewsletterSubscription module would make sense. Thanks for considering and greetings from the neighborhood!