rick

The config->paths->root also contains the current process as part of the path. For example, if you are currently within a custom process module named 'widget', then the returned path is '/path/to/docroot/widget/'. You could use a combination of string functions with DOCUMENT_ROOT, CONTEXT_DOCUMENT_ROOT, and SCRIPT_FILENAME values to validate the directory. As far as I know, the script_filename value is not vulnerable so should provide a base from which to test and extract the doc root with some confidence.

Hi @August, The way I limit pages to users is setting the $page->created_user_id to the $user->id. Then my selector to retrieve pages is based on the created user id matching the currently logged in user. Hope this helps. Just thinkin' out loud.

Wow! Thank you! I was hoping for a suggestion where to look, not a complete working example. That is the cool thing about you, @Robin S, you are always above and beyond anyone's request for assistance. Much respect!

Ok, apparently the term 'PATH" means the complete filespec (path + file). I still cannot get the allowedPath parameter to accept any entry. It always uses /site/template. I did however get this to work by providing the filespec as the first parameter. So from my first example, $file = "somefile.php"; $path = $this->wire('config')->urls('siteModules')."myModule/includes/"; $filespec = $path . $file; $result = wireRenderFile($filespec); return $result; works just fine, so I will mark this topic as solved. Can anyone reproduce this behavior? Just checking to see if this is a bug or my stupidity. 🙂

The error is thrown from the wire/core/TemplateFile.php:171'/site/templates/somefile.php'. line 170 public function setFilename($filename) { bd($filename); // Shows invalid /site/templates/somefile.php if(empty($filename)) return false; if(is_file($filename)) { $this->filename = $filename; return true; } else { $error = "Filename doesn't exist: $filename"; if($this->throwExceptions) throw new WireException($error); $this->error($error); $this->filename = $filename; // in case it will exist when render() is called return false; } }

I thought so as well. I tried with both urls and paths. I get the same error stating templates but tracy shows the path is correct.

Howdy! I've been exploring using the wireRenderFile() function in a test module. I keep getting one error or another depending on how I attempt to render the file. According to the api doc one of the default paths is /site/modules/. In this directory I have my module, which has a sub directory for files to be rendered as needed. $file = "somefile.php"; $path = $this->wire('config')->urls('siteModules')."myModule/includes/"; $result = wireRenderFile($file, array(), array('allowedPaths' => "$path")); return $result; // Error: Filename doesn't exist: ***/site/templates/somefile.php It appears that wireRenderFile is not accepting the allowedPaths option. Tracy dump shows $path = ***/site/modules/myModule/includes/'. Any ideas on what I am overlooking? See last posting.

Hello @valquireand welcome to the forums! It sounds like you are looking for an event calendar. You can take a look here at a pro module, or search for other event calendar topics. If you prefer a simpler solution, then you can create a page for each concert to display on the front-end.

Thank you @adrian, I did not see that. I appreciate you locating that topic. I have it saved for future reference. In the meantime I came up with a workaround where I don't have to modify a user's ready.php file during install.

This is still an issue. I cannot select a user from an auto complete select on an admin form. Even with the hooks @adrian and @bernhardsuggested in this reported issue. My select field is configured as follows: Page field value type = single/false (other options make no difference). Allow unpublished pages = checked. Type: Page auto complete. Template = User. Selector string = template=user, include=all, check_access=0, sort=name. Label field = name. When attempting to edit a page with this field this is the resulting selector: template=user, sort=title, templates_id=3, title%=sca, limit=50 *Notice the duplicate template reference. This obviously is a core issue. The resulting query is: SELECT SQL_CALC_FOUND_ROWS pages.id,pages.parent_id,pages.templates_id FROM `pages` JOIN field_title AS field_title ON field_title.pages_id=pages.id AND (((field_title.data LIKE '%sca%' ) )) LEFT JOIN field_title AS _sort_title ON _sort_title.pages_id=pages.id WHERE (pages.templates_id=3) AND (pages.templates_id=3) GROUP BY pages.id ORDER BY _sort_title.data LIMIT 0,50 Two issues with this query; 1) there are no user names present in the field_title.data column, 2) the join statement has three levels of parens, which are obviously leftover from from whatever concatenation function that was previously performed. This again is a core issue. All of my projects rely on selecting a user at various steps. Can anyone provide a workaround, or tell me what I have done wrong? I appreciate your input.

Is this for the front-end? If yes, You can write your own login routine that will check against the user data (additional field denoting selected client). Once verified, redirect to the desired page. Since you don't want users to register themselves, you can add a link to your login page (similar to contact us) where potential clients can request an account. The request is emailed to the admin for processing. Just a thought.

Just tossin' more info in the thread... https://github.com/salsify/jsonstreamingparser https://www.jsonfeed.org/version/1.1/

N/A

Hi @Zeka, Thanks for the help. I can check whether the page is present or not. The issue is imho one of consistency. Let me elaborate... Only the 'file' field types have this 'gotcha'. For example, in PHP the procedure is as follows: Create a form User completes the form and submits (including any uploaded files) Data is then sanitized, uploaded tmp files are moved, and data written to the database or The user cancels the operation Data and form are destroyed The PW way: Create and save some dummy page Create a form User completes the form and submits (including any upload files) Data is then saved and files are moved to that page asset or The user cancels the operation (No cancel function, so navigate away) Data and form are destroyed *Page is now orphaned* You get the notice that a page with that name already exists when attempting to create another page. Interesting is that page doesn't have a title field (which is required). Using any other field type, I can perform the following procedure within my process module: Create a form User completes the form and submits Page is saved with user data and user is redirected to previous page The steps are: 1) Create blank new Page. 2) Assign Parent. 3) Assign Template. 4) Build form from Page->getInputFields() or User cancels operation Data and form are discarded and user is redirected to previous page The problem is pre-defining a page just so an empty input field has a reference before any data is provided. This only occurs when there are 'file' fields present in the template.

Did I miss something? 🙂