DrQuincy

Interesting, you learn something new every day! I'll bear that in mind for next time. I think I was put off by this: Since I was reading and writing quite complex models I was more comfortable using JSON and sharing data that way.

I believe bootstrapping for when your other script is not already a PW instance, including command line (I have used that on a project before, by the way, and it's very useful and easy). With the multi-instance option, due to the PHP namespace, you can only write to the main instance. You can read from as many others as you want but you can never save anything as when you run new \ProcessWire\Page you are always creating a page in main instance's namespace. In my case, I needed to read from the main instance and write to the secondary one so it wouldn't work for me. At least that's how I understood it! I couldn't see anything in the doc that allows you to create new pages in secondary instances.

Thanks for confirming. Yes, I am currently using a Textarea rows="1" and removing line returns on save so it effectively does the same thing.

I have a Table field that I am using for some spam filtering. I have one field in the table set as a Text field. If I enter <a href=" and save it becomes blank regardless of any text formatters applied. It's weird because if I do the same with a Text field that is not part of a Table field it works fine. And within the Table field if I change it from Text to Textarea, it works. Any ideas why? Thanks.

The client basically has two sites. One is in the UK and the other in the EU but serves customers internationally. There is a lot of shared information on both sites but at the same time they are different enough to warrant individual sites. But the client didn't want to, for example, add (and keep up-to-date) the same product twice. What I have set up is a root site that doesn't have a front-end but stores all the shared data. Then there is a folder for each site within that, each a separate PW instance. /root/ /root/uk/ /root/eu/ My question above was really to see if I could copy info between the sites within the same script. While Robin S's link was useful, it would appear to be for read-only so I didn't end up using it. Instead, the root site has hooks that saves all data into JSON files and associated assets and the EK and EU then take the and convert it to PW pages. If you're wondering why the EU and UK sites are within the root site folder as opposed to being siblings, it's because they share the same templates, models, JS, SCSS, etc.

Great, thanks! I notice is says “Development version, not yet recommended for production use” so I'll have a play with it first. ?

Oh wow, thanks. That looks (as everything tends to be with PW) so simple!

If I had sites A and B is there a way in site A to create an instance of ProcessWire\wire() that is connected to a completely different site? The reason I ask is to sync some data between two different sites on the same server on the fly. E.g. on site A: $page1 = wire('pages')->get(/foo-bar/); $page1->of(false); $page2 = new \ProecssWire2\Page; $page2->template = $page1->title; $page2->title = $page1->title; // and so on $page2->save(); // Saves to site B

Just that really…I searched the module directory and couldn't find anything. Is there a way to export a single page into a zip (with something like a JSON or SQL file along with all file assets) which can then be imported.

Perfect, thanks.

I want to manually render a string as markdown (TextformatterMarkdownExtra). How can I do this? E.g. This is _a_ string becomes <p>This is <em>a</em> string</p> Thanks.

Thanks, I'm inclined to agree. I have being playing with cookieconsent this morning and it's really good.

What's the general consensus for users with JavaScript disabled? Solutions are naturally JS-based and indeed most cookies would be set via JS and require JS to run. However, many scripts, such as Google Analytics, also give you an noscript image or iframe to install. How do you handle this? I presume they are still take people's IP and using it for tracking and therefore it's personal info under GDPR.

Thanks everyone for the useful replies. There's lots to go through, it's all very helpful thanks. PrivacyWire looks very interesting and also easy to implement. I also like the look of https://github.com/orestbida/cookieconsent#how-to-blockmanage-scripts as it looks like you can accomplish the same thing independent of the platform (I have a lot of legacy sites that aren't PW). I think that will suit most smaller clients. Cookiebot looks reasonably priced and seems to have all the features so I suspect my bigger clients may go or this. Thanks everyone!

Hi, I work for UK and EU clients. I remember about five years ago when GDPR came in there was a panic due to the potential fines and the things people did ranged from nothing at all to extreme UX disasters where the first thing you saw was a huge popup giving the user the opportunity to break the site. Since this is a legal area and I am not qualified to do so I do not give clients any advice in this area but will implement whatever kind of policy they decide on. To date many clients are happy to have a cookie notice that acts as a warning rather than manage specific cookies as it saves them disabling Google Analytics, paying for legal advice, etc. A client has raised a concern that since 2019 we should have started giving users the option to disable different types of cookies and therefore the above approach does not meet this legal requirement. Anecdotally, many small sites either do nothing at all or have a cookie warning as above. It seems to be a minority of sites, generally bigger ones, that allow for full on cookie management (i.e. blocking of non-essential cookies) and therefore are likely in a small group that are fully compliant. I've had a quick look today and am unsure on how to implement this. Am I right in saying there are two primary ways: Use a paid third-party service that scans your site for scripts that uses cookies; this handles the popup and management for you Use a jQuery/JS plugin that handles the interface but not the cookie blocking — you do this yourself It also looks like there is a WordPress plugin for this that WP users can use. Do these work like option 2 above or can they actually scan your site? Are there any PW or JS plugins that I should be aware of that can help me out here? I'm just after a bit of general advice from anyone who has PW sites and has implemented cookie management. Thanks.

Thanks @BitPoet. You are right because if I change the repeater label to just {title} the colours revert to normal. I just found it jarring as I'm so used to the other green colour and wanted to make sure it wasn't something that would cause issues further down the line. I do not need the item number in this case.

Hi, I just added ~140 items to a repeater using the API. The content seems fine and I can read it from the API but they look like this in the admin: The colour is different and after #99 it stops listing the number. Is this a performance thing? Is it likely going to cause any issues? It is a little slow to read but I have ProCache. Thanks.

Thanks. Yes, I think you're right on the number: 62^16. So when you put it like that it seems more than fine. The firewall should pick up on repeating attempts anyway. When it comes to stuff like this, I always self-doubt so like to get a second opinion. ? As part of the process the phone number is the only field we will always have. I didn't mean it so much for intercepted SMSs as they would have the token by then, no matter how secure. It was more as a way to only allow the brute forcing of one users at a time. By the way, I'm sure you cited GUIDs because of their length but you should never used them for secure tokens. They're generated for uniqueness, not unpredictability.

A client wishes to send a SMS as well as email to a lead gen system I have built. Users receive emails with a link containing a 128-bit secure token that when clicked shows some PII (Personally identifiable information just to be clear). They click it and get another form with their name, address, phone and email. No banking data or anything, just contact details. With the SMS we are much more limited with characters and don't want to send 128-bit tokens in hex as they are 32 characters long. And hex is inefficient when it comes to characters as it only uses 0–9, A–F. We have a short domain. If I generated a 16 character string from characters 0–9, a–z, A–Z using random_int() (which is cryptographically secure) we could add links like this to the SMS: short.com/x0O56AB1npLxmU3H This would redirect to their form. I am being extra cautious as there is effectively no “user name”. I wanted a second opinion on it. I could make them verify their phone number, acting as a user name, but I'm reluctant as phone numbers can be a bit ambiguous compared to email (spaces, +() — and not everyone will have entered an email (it is optional and some of the older demographic omit this part). I can also make them expire after a time (30 days) and there will only ever be a few hundred valid tokens at any one time. Given the above information, how long would you make the secure token? Thanks.

Perfect, thanks!

I have a select field that allows the user to choose from a drop down of repeater pages for that current page. I have set Selector string to id=page.options This works perfectly for me as the superuser but when the client logs in (custom role content-manager) they can't see anything but an empty drop down even though they have edit access for the template. So template typeface has a field called initialStyle (Page select as above). That chooses from a repeater call options. How do I grant permission for content-managers to see the pages from options in initialStyle when editing a typeface template? content-manager already has (I think by default) view access to repeater_options. Thanks.

Thanks @teppo, interesting to see that commit. @Robin S Thank you, that works great! I'm thinking I might change it so that instead of removing brackets it removes (0). My clients are UK-based and (0) is preceded by +44. If you have +440, this is technically invalid and won't always work.

I've noticed that if I have a CKEditor field and add a link that begins with tel: E.g. tel:+44 (0)1234 567 0000 When I view source immediately in CKEditor I see: <p><a href="tel:+44 (0)1234 567 000">TEST</a></p> So it's not being removed by ACF (that seems to run once you close the source dialog). But when I save it I get this: <p><a href="tel:+4420012342056720000">TEST</a></p> It looks like it's encoded it correctly (%20 for each space) and then stripped out the %, making the number invalid. If you omit tel: from the link everything is encoded correctly. It seems to affect all my installs regardless of version (3.0.165+). I have an old site on 3.0.98 that doesn't seem to have this issue. I'm worried now quite a few sites will have invalid numbers. What is happening and is this intended behaviour? Does it run through HTML purifier? It seems to be the same even if you set Content Type to Unknown/Text rather than Markup/HTML. EDIT: It is HTML purifier. If in the Input tab of the field you set Use HTML Purifier? to false, it doesn't do anything with the HTML. It seems fine with a 3.0.98 site though with the same settings. Is there anywhere to switch this feature off while still having Use HTML Purifier? set to true? If not, I guess my options are to either switch it off (I think that's okay within a CMS context since ACF would stripe out anything untoward) or tell clients they can only use +, - and 0-9 in phone numbers.

I've realised what was causing it: It is down to the map-view template being set to not have a slash at the end. If I change this it works. So when it was /maps/submit/test-map and you log in it goes to /maps/submit but when I set it to /maps/submit/test-map/ and you login it, it stays on /maps/submit/test-map/. Is this a bug and, if not, how can I use URLs with no slash to redirect in this way? In this instance, it doesn't matter as it makes no difference to have a slash at the end. I just wondered really whether it was a limitation, bug or feature as I do like to display homogeneous pages without slashes. I know you can pass the page ID to /processwire/ and then, I guess, use hooks to redirect to the page but wondered if it really required hooks as it seems like this should be part of the standard access functionality. Thanks.

I have two templates: map-submit, map-view. map-views are children templates of a single map-submit template/page and this is enforced in the template Family settings. map-view is set to option B in Access: Show the Login page And guest has View pages permission unchecked. What I want to happen is if you access a map-view page and aren't logged in it shows the login page, you login and then go straight to the specific page you were trying to view. However, this is what happens: Login page is presented On successful login you it takes you to the parent page, the single map-submit page, e.g. login on maps/submit/test-map (map-view) and go go to maps/submit (map-submit) If you visit the page it should've redirected to (maps/submit/test-map) you are presented with the login page again and so on The only thing that seems to work is to login via the usual CMS URL: /processwire/ and then visit the page I can't see anything in the logs. Any ideas how I can fix this as it's currently a bit clunky for the client? I don't think I have any unusual modules installed and I have no hooks set up that manipulate the login or the session. I'm on 3.0.184, PHP 7.4. Thanks.