Anders
Members-
Posts
10 -
Joined
-
Last visited
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
Anders's Achievements
Jr. Member (3/6)
8
Reputation
-
I want to allow full text search on my site. There is a very nice solution that comes right out of the box: $selector = "title|body~=$q, limit=50"; This works, but to make it even better I would want to give higher weight to pages where the search term occurs in the title, than if it just occurs in the body. After all, a page with the title "Wine from France" is probably the best match for the search "france wine". How do I accomplish this in ProcessWire? I can see three possible paths, but I am not very fond of any of them: Do a direct SQL query, circumventing the API, along these lines. But I would prefer to abstract away the database layout if at all possible. Use something like ElasticSearch, but to be honest that would be to complicated to set up and maintain in the long run. Make multiple lookups, first for matches in the title, then for matches in the body, and merge and sort in PHP. My suspicion is that this would get complicated quite quickly. For instance, how do you deal with a page that has two of the three search terms in the title and the third in the body? Is there a magic option four I should look into? Or are any of the above options better than the others? Any input is welcome!
-
Thanks @teppo! That is some great advice. First bullet point is neat - solve the problem at the filesystem level and you don't have to keep track of what individual models do. I quess what you would still have to look out for is if there is any PHP stored in the DB and then evaled. Like if the hanna code scripts would be stored in the DB. But I guess grepping for eval would let me find stuff like that, will investigate further.
-
In production mode, I have no need for functionality that lets admin modify PHP code. From a security perspective it is usually good to disable things you don't need. However, in this case there doesn't seem to be a trivial off button, so perhaps it is not worth the hassle.
-
For the record, I don't actually have the password on a post-it... ? Are you talking about this module? I don't have that installed, so it should not be a problem for me personally. But it is good to know anyways. Thanks!
-
Let's say some bad guy steals my ProcessWire admin account password (by reading it off the post-it note I so conveniently have on my screen). Obviously, they have full control of my site now and can do whatever they please. That can not be prevented in this scenario. But on many ProcessWire installations, I think the attacker could also gain control of the server, e.g. by installing a PHP shell. That could probably be prevented somehow. My goal is to lock down things so that an admin user can not insert any PHP to the site. What would I need to do to achive that? I can think of a few things: Disable module install/upload/download. I guess the hanna code module must be uninstalled? Anything more? Any other modules or settings to look out for? I understand that features like one click module install are very useful, so this is not a critique against ProcessWire - it's the best CMS I have ever used. I am just interested how I can be a bit extra cautious. Also, I understand that it is best to just never lose your admin password, but I think defence in depth is a good thing.
-
Clean syntax for rendering pages with specific template?
Anders replied to Anders's topic in Getting Started
@Robin S Yeah, that solved it. Thanks a lot - really appreciate it! -
Clean syntax for rendering pages with specific template?
Anders replied to Anders's topic in Getting Started
On second thought.. Turns out module development is so simple due to the elegant API, so I went ahead and wrote myself a module: <?php namespace ProcessWire; class RenderWith extends WireData implements Module { public static function getModuleInfo() { return [ 'title' => 'RenderWith', 'summary' => 'API extention for rendering pages with different templates.', 'version' => 1, 'autoload' => true ]; } public function ready() { $this->addHook('Page::renderWith', $this, 'renderWith'); $this->addHook('PageArray::renderWith', $this, 'renderManyWith'); } public function renderWith($event) { $page = $event->object; $template = $event->arguments(0); $event->return = wireRenderFile($template, ["item" => $page]); } public function renderManyWith($event) { $pages = $event->object; $template = $event->arguments(0); $content = ""; foreach ($pages as $page) { $content .= wireRenderFile($template, ["item" => $page]); } $event->return = $content; } } No idea if I am breaking any design principles or anything here, so viewer discretion is adviced. -
Clean syntax for rendering pages with specific template?
Anders replied to Anders's topic in Getting Started
Your last code block (with $article->render) seems to render not only the teaser, but the full page of the article after that! But it doesn't matter, because I think I like your $file->render suggestion the best anyway. I'll go with that. Thanks a lot for the help! -
Consider this example, where I want to print a list of teasers (linked title + summary) for news articles: $content = ""; foreach ($pages->find("template=article") as $article) { $content .= wireRenderFile('teaser', array("item" => $article)); } It works, but I find the code quite ugly. I would much prefer to be able to switch the call to wireRenderFile to something more like this: $article->renderWith("teaster"); Or even better, replace the whole thing with something like this: $pages->find("template=article")->renderAllWith("teaser"); Are there any functions like that? I searched the API, but couldn't find anything. Or is there any other way to make my code look better? Or is my quest completely misquided here? I just started out with PW today, so I have no clue what I am doing yet. I already love it though!