kunago

Good point. I will create a repo.

Nope, not even any Ajax requests. It's a very simple static site for a hotel having a booking engine page which might be the only one more vulnerable, rather than other pages. But the same booking engine is running on more sites I host and those have not been impacted. Maybe a matter of time, maybe some other issue. Do you know about any program or ways to test website vulnerability?

I will run a full-text search on the whole website for some strings mostly targeting http headers and creating files, and also hidden timestamp files apparently logging the last activity. Most of the strings are Unicode encoded though. For sure everything is backed up so if anyone would like to look into it, let me know.

Oh, okay, thanks. I don't see it in any other website and did not notice it anywhere else. However, it's not only this file being present on the server. Thank you for clarification. So I guess it is a generic hack using...who knows what security hole. Hopefully not something undiscovered yet. I have an up to date version as of today.

It's running on my own server so there's really no hosting company to ask for logs. I reviewed my security setup and it seems to be all fine. There are no forms on the site and no login could have been compromised as I am the only admin with the login. There is just one extra user with regular privileges with no access to shell anyways. No, it was not the latest version of Processwire. I updated as soon as I noticed. Later on I found the core "wire" folder had some extra files as well. I looked at a backup from 2 weeks ago and it differed from the one from last night. There were some new files. Apparently someone was actively messing with it. I have a backup 2 weeks old, from last night; today I upgraded and will monitor whether there are any changes in root, site or wire dirs. What is odd though is the "class" folder with files trying to hack the Page class. No idea what's going on but I will set an extra log for monitoring that specific site.

Today while browsing some of my websites I found out one website was hacked. It's hard to tell what has been modified but at first sight there are new files in the root, new files in the site and in site dir there is a new dir "classes", where the file "HomePage.php" is extending "Page". I am not a big professional in this but the hack seems to be targetting ProcessWire. If there is some security team, I am willing to send the website backup so you can investigate for any security holes.

I coded a solution to my issue, in case someone needed it. No matter what I tried, I could not do it the selector way because as mentioned, subfields of Pageimage don't seem to be directly accessible. Even if they were, I would still need to make some adjustments, because date_from and date_to belonging to a picture can be either a date or can be empty, which is also a valid value. As the getUnformatted does not seem to work for Pageimage either, I had to do some crazy things to get the job done. At the beginning I needed to get the format of the output date of the fields date_from and date_to. Those are different for different languages and since dateOutputFormat property of the field does not accept language parameter, I had to do some custom detection using a fuction function language_id () { $language = wire('languages')->getLanguage(); if ($language->name == 'default') { return ''; } else { return strval($language->id); } } and then extract the output format of the active language. $format_date_from = $fields->get('date_from')->get('dateOutputFormat' . language_id()); $format_date_to = $fields->get('date_to')->get('dateOutputFormat' . language_id()); Then I filtered out the pages in question where I was searching for images: $today = $datetime->strtotime("today"); $filtered = $pages->find('template=this_template, image.count>0, date_from_show<=today, date_to>=today'); foreach ($filtered as $page) { $image = $page->image; $image_date_from = !empty($image->date_from) ? $datetime->stringToTimestamp($image->date_from, $format_date_from) <= $today : true; $image_date_to = !empty($image->date_to) ? $datetime->stringToTimestamp($image->date_to, $format_date_to) >= $today : true; if ($image_date_from && $image_date_to) { ... } } That is a cumbersome way but seems to do what it is supposed to do. Could someone think of a way to make it easier? Am I missing some function that could do it more efficiently? I mean anything is more efficient but it does not seem to work any other way.

I tried various ways to access data but the result is the following: I think the error message is quite clear about what is going on. Even though I am not accesing the Pageimage object but the fields associated to it, it always throws the error. This is the full selector: $list = $pages->find('template=news-action, image_kiosk.count>0, date_from_show<=today, date_to>=today, image_kiosk.date_from<=today, image_kiosk.date_to>=today'); The structure of the template is this: and the Pageimage subfields are these: They are of the same type as those used in the template. Although the logic of the selector seems to be fine to me, it always throws an error. Thank you, but actually I need to filter all pages of a specific template where either date_from is empty or is earlier than today. It's easy to do it with AND: date_from=, date_from<=today but that makes no sense. I also tried $pages->find('template=this_template, (date_from=), (date_from<=today)') however that does not seem work, although it seems to be close to what I am looking for.

I have a template which has a date_from and date_to fields, and an image field with subfields of date_from and date_to. I am trying to create this type of a selector: $pages_list = $pages->find('template=this_template, date_from<=today, date_to>=today, image.count>0, image.date_from<=today, image.date_to>=today'); I believe this is self-explanatory. While the date_from and date_to of the template work fine for filtering, I am unable to access and work with the Pageimage subfields. Selectors don't support subfields of Pageimage. That is a first issue. I tried I believe all combinations documented with no success. Subselectors also don't seem to make any difference. I also tried to get at least the unformatted value of the subfield but I am unable to find a way to retrieve it, because while "getUnformatted" works fine with $page, it does not work with Pageimage. The aim is to retrieve all images of the template "this_template" where date_from and date_to filter out both, pages and images at the same time. I thing this might not be feasible in a single step but not even the subselectors seem to work fine. And a bonus question - how to create an OR-type selector that would do the following? $pages->find('template=this_template, date_from= OR date_from<=today') I used the keyword OR that demonstrates what I am after. Thanks for any help.

I tried a few CMS: started with Joomla then some MODX, Grav but stuck with Drupal/BackdropCMS for some time. What I liked about Drupal on which I built quite a few websites, was that it was robust and flexible enough. It was easy to get the thing done fast because it provided many modules and hooking templates for fine tuning which was great at that time. That was okay until Drupal 7. Then with Drupal 8 they lost me. I had all of a sudden no idea what was going on and how to do anything. I started to completely rely on modules and could not code on my own. I am not into OOP which I think Drupal 8 migreated to. I was looking for an alternative and settled with ProcessWire. Since then, I am totally happy as I am able to create a simple website within a few hours, which was unlikely to be the case with Drupal of whatever version. The downsides of Drupal I found while using it are: it was way too heavy; even basic functionalities were module-based; it was slow; it had high resource consumption. To sum it up, even if Drupal was back to 7 where I left it, I would not go back. It was great at that time but I moved on.

I was able to find a few hardcoded "/site/" strings in the LanguageSupport module; it is in: ProcessLanguageTranslator.module, line 832 $files = array(); $dirs = array(); $root = $this->wire()->config->paths->root; $assetsDir = '/site/assets/'; if(DIRECTORY_SEPARATOR != '/') $assetsDir = str_replace('/', DIRECTORY_SEPARATOR, $assetsDir); LanguageTranslator.php, line 245 (which however given the note seems just like a last resort situation) } else { // last resort, may not ever occur, but here anyway $pos = strrpos($filename, '/wire/'); if($pos === false) $pos = strrpos($filename, '/site/'); if($pos !== false) $filename = substr($filename, $pos+1); } I believe though changing only this code is unlikely to make a difference, which did not have any in my case.

Just an idea - wouldn't it be better to simply omit "site-" from the translation files and start the naming convention from "/template/"? This way json translation files would always be named "template--" and simply found within the template folder regardless of the "site*" name. Then sites could be easily migrated including the language translations.

I run all processwire sites with multi-language support as it is a must these days. While developing a site, I sometimes need to try some things on a separate instance, implement them and if it all works fine and is properly tested, I push the development version to a production one, so I do some development staging basically, which is better than playing with the production version directly. Let's say I have a multi-site instance with "site" dir containing the production version, and a "site-dev" as a development version, which is a copy of the site's code and a separete database. So the only thing in common now is the "wire" dir. One thing does not work in this scenario, which is the multi-language support, namely the translations are not taken into account. This is my "site-dev-3" example: As you can see, the "site" part of path is removed and I am left with "-dev-3", which obviously is not a correct path. This is my index.config.php file which should be set properly: function ProcessWireHostSiteConfig() { return array( /* * Some Examples (you should remove/replace them if used). * Just note that the values must begin with 'site-'. * */ 'hostname.com:8881' => 'site-dev-1', 'hostname.com:8882' => 'site-dev-2', 'hostname.com:8883' => 'site-dev-3' /* * Default for all others (typically /site/) * */ '*' => 'site' ); } Is there anything else I am missing regarding the language support so all translations are properly picked up?

I followed the steps to use multiple-site in Processwire: https://processwire.com/docs/more/multi-site-support/ It works excellent but has issue with translations. It is easy to clone a production site to a dev site, simply duplicating the "site" dir to a "site-dev" dir. Then one needs to clone a database and that is it. Except for one thing - translations. Those are stored in assets/files/<language_id> with file names including the "site" (presuming I cloned the "site" dir). That can be for instance "site--templates--content--home-php.json". While working with the production site, everything looks great; once I use the dev site, I need to rename these files manually to "site-dev--templates--content--home-php.json" so Processwire can pick up the translation. I also noticed this while looking at the translations: The "-dev" at the beginning. Maybe trimming that would be more readable? I am not sure what solution would be the best here. Maybe having some variable in the LanguageSupport module that would allow ProcessWire to look for translation files with a different "site" name? Or a batch rename as the "site-" is always obligatory in order to use multiple-site feature? Maybe I missed someting though and there already is a setting for this though.

Thank you for help. The "getInfo" method is useful. I found out where the issue was and "tomorrow" is a the easiest way to go here.