Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

29 Excellent

About MarkE

  • Rank
    Sr. Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. That's useful to know about, but my tests showed that a simple %20 -> + fix would still have got a 403. Exactly how the rule operates, and therefore what if any replacement might defeat it, is not clear to me.
  2. Looks like my friendly hosting provider installed new security without telling the customers: "This site is hitting a firewall security rule: COMODO WAF: URL Encoding Abuse Attack Attempt" I got them to disable it, but I wonder whether others might hit the same issue? @netcarverDoes it raise questions about PW's use of url parameters? Quote from hoster: "We automatically update our firewalls with the latest security rules provided by multiple vendors to ensure they are as effective as possible."
  3. It's not at all clear what's causing it. Removing the %20s or replacing them with + doesn't work. Here is a list of tests: ?abc=abc&get={xxx}%20{xxx} - forbidden ?abc=abc&get={xxx}{xxx} - OK ?abc=abc&get=xxx%20xxx - OK ?abc=abc&get={xxx}%20xxx - forbidden ?abc=abc&get={xxx}+{xxx} - OK /search/for?&templates_id=64&status%3C2048&limit=50&format_name=autocomplete_list_members - OK /search/for?&templates_id=64&status<2048&limit=50&format_name=autocomplete_list_members&get={firstname} - forbidden /search/for?&templates_id=64&status<2048&limit=50&format_name=autocomplete_list_members&get=firstname - OK /search/for?&get={firstname} - OK (%3C gets replaced by < in browser URL) 😬 I haven't touched .htaccess or any settings on cPanel. The .htaccess file on the live site just differs from the website because cPanel adds the php7.2 settings: # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php72” package as the default “PHP” programming language. <IfModule mime_module> AddHandler application/x-httpd-ea-php72 .php .php7 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit # BEGIN cPanel-generated php ini directives, do not edit # Manual editing of this file may result in unexpected behavior. # To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI) <IfModule php7_module> php_flag display_errors Off php_value max_execution_time 120 php_value max_input_time 480 php_value max_input_vars 1000 php_value memory_limit 128M php_value post_max_size 20M php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php72" php_value upload_max_filesize 20M php_flag zlib.output_compression Off </IfModule> <IfModule lsapi_module> php_flag display_errors Off php_value max_execution_time 120 php_value max_input_time 480 php_value max_input_vars 1000 php_value memory_limit 128M php_value post_max_size 20M php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php72" php_value upload_max_filesize 20M php_flag zlib.output_compression Off </IfModule> # END cPanel-generated php ini directives, do not edit Looks like I need to raise an issue with the hoster?
  4. It seems like its the %20 that's causing the problem - but it never has before - I wonder what they can have done. Nothing in any logs.
  5. Playing around with the url which gets the 403, it works until I get to the parameter &get={firstname}%20{lastname}%20-%20{email} In other words, the following is not forbidden: https://ncorchards.co.uk/admin123/page/search/for?&templates_id=64&status<2048&limit=50&format_name=autocomplete_list_members but adding the &get=... parameter results in the 403
  6. I have now! Failed to load resource: the server responded with a status of 403 () (for address ncorchards.co.uk/admin123/page/search/for?..........etc)
  7. Page auto-complete has just stopped working on my site. It is still working on my dev machine (with the same code) - I've copied the live database to the dev machine and it works there. All the other page-select methods work OK, so my temporary work-round is to change the selection method for the affected fields - but this is rather messy for fields where there are a great many pages to choose from. Any ideas? I'm wondering if my hosting service might have changed something to do this, but I can't think what. There are no error messages or logs - the field is just unresponsive when I type into it. I'd be most grateful for any clues or suggested lines of enquiry.
  8. Hi @formulate - I'm using the module, without any problems, from Outlook and other email clients. So I'm not sure it's anything about Outlook per se. Have you checked what are the restrictions on sending addresses?
  9. I tried searching for an answer to this, to no avail, but I would have thought it should be simple! I have a user role which does not have page-lock permission, but I want it to be able to view locked pages in the back end (i.e. similar to what you can do with a field - give view only access). How do I do this without giving the user page-lock permission? I have managed to find a work-round, by using the module "RestrictTabView" to prevent the role from seeing the settings tab and then enabling page-lock, but I would have thought there should be a way to do this in "native" ProcessWire.
  10. This is a really nice module, but why is the fully working version only in the 'dev' release? EDIT: Having said that, I now find I have the same problem as the previous poster. It all works fine on my Dev machine. But in the live environment it is blank. EDIT 2: In my case, the problem was simple - just forgot to upload the additional lines in the <head> - i.e. <?php $map = wire('modules')->get('MarkupLeafletMap'); ?> <?php echo $map->getLeafletMapHeaderLines(); ?> Is that your problem @Leftfield?
  11. LazyCron operates on an elapsed time interval, but you may want it to operate at specified times. Assuming your website is going to be visited sufficiently frequently (either by real users or by a Cron job), you can do this by editing the file /assets/cache/LazyCron.cache. This file contains 21 timestamps – one for each of the LazyCron specified intervals (e.g. “everyMinute”). The timestamp denotes when that interval was last triggered. To make the trigger happen at the required time, change the timestamp in the matching row to be when the previous trigger should have occurred. To make this easier, I have done an Excel spreadsheet (“Lazycron_fill.xlsx”) to simplify the process – just enter the required benchmark timings and copy the result into the LazyCron.cache file. Lazycron_fill.xlsx
  12. Thanks for the quick reply @Robin S. I guess I was assuming that the connections would only be followed where permitted by the "Selectable Pages" constraints, but it is now clear that this is not the case. I can't envisage a use case where it would be desirable to follow connections which are outside the constraints, but maybe I lack imagination 😕. Perhaps it could be made clearer in the documentation somehow that all connections will be followed regardless of any constraints on "Selectable Pages"?
  13. Maybe I've been a bit silly, but I re-used some field names already connected with this module on another template. Originally I connected the member_lists field on the Member template with the list_members field on the List template and everything worked fine. However, I then added those fields to another template (Mailing) where there was no intention to connect the fields. The selectable pages for each of these fields restricts the template to the intended one in the connection (i.e. list_members is restricted to the Member template and member_lists is restricted to the List template) and the input process works fine. However, when I save a List page I get an error message like Page 8287 is not valid for member_lists (Page 8287 does not match findPagesSelector: has_parent=/lists/, template=List|DynamicList, id=8287) Page 8287 is a Mailing page, so it looks like Connect Page Fields is attempting to update a connection between list_members on the Mailing page and member_lists on the Member page and then complaining because Mailing is the wrong template for member_lists (it should be List). I guess I could fix this by creating some more fields and only using unique field in the connection, but I wonder if there is a better solution.
  14. After having slept on this I realise that the answer is probably to set up child pages of each BookableSlot page and then use a field with a InputfieldPage::getSelectablePages hook.
  15. I am trying to provide a multiple select field where the choices will depend on the contents (of a field or sub-pages) of another page but can't see how to do this. To summarise the situation: I have a template called BookableSlot which contains details of an event. I have another template called Booking, the pages of which are children of a Membership page (which can cover a group of co-members). The Booking template has a page reference field linked to a BookableSlot page When a member books themselves (and possibly others in their membership group) on an event a new Booking page is created using details from the chosen BookableSlot page (including the link-back). This works fine when just simple text fields etc. are copied across to the Booking page. Now I want to add a repeater field (one for each member in the membership group) to the Booking page: Each repeater field is to contain a title field and a multiple select field. I want the multiple select field to be based on some data in the referenced BookableSlot page - maybe either a multi-line text field, a repeater field or child-page titles, whatever works best. I just can't get my head round how to do this in ProcessWire. A select options or page reference field would only give a fixed set of choices, whereas I want the choices to be dependent on the referenced BookableSlot page. Many thanks for any ideas.
  • Create New...