kunago

Good point. I will create a repo.

Nope, not even any Ajax requests. It's a very simple static site for a hotel having a booking engine page which might be the only one more vulnerable, rather than other pages. But the same booking engine is running on more sites I host and those have not been impacted. Maybe a matter of time, maybe some other issue. Do you know about any program or ways to test website vulnerability?

I will run a full-text search on the whole website for some strings mostly targeting http headers and creating files, and also hidden timestamp files apparently logging the last activity. Most of the strings are Unicode encoded though. For sure everything is backed up so if anyone would like to look into it, let me know.

Oh, okay, thanks. I don't see it in any other website and did not notice it anywhere else. However, it's not only this file being present on the server. Thank you for clarification. So I guess it is a generic hack using...who knows what security hole. Hopefully not something undiscovered yet. I have an up to date version as of today.

It's running on my own server so there's really no hosting company to ask for logs. I reviewed my security setup and it seems to be all fine. There are no forms on the site and no login could have been compromised as I am the only admin with the login. There is just one extra user with regular privileges with no access to shell anyways. No, it was not the latest version of Processwire. I updated as soon as I noticed. Later on I found the core "wire" folder had some extra files as well. I looked at a backup from 2 weeks ago and it differed from the one from last night. There were some new files. Apparently someone was actively messing with it. I have a backup 2 weeks old, from last night; today I upgraded and will monitor whether there are any changes in root, site or wire dirs. What is odd though is the "class" folder with files trying to hack the Page class. No idea what's going on but I will set an extra log for monitoring that specific site.

Today while browsing some of my websites I found out one website was hacked. It's hard to tell what has been modified but at first sight there are new files in the root, new files in the site and in site dir there is a new dir "classes", where the file "HomePage.php" is extending "Page". I am not a big professional in this but the hack seems to be targetting ProcessWire. If there is some security team, I am willing to send the website backup so you can investigate for any security holes.

I coded a solution to my issue, in case someone needed it. No matter what I tried, I could not do it the selector way because as mentioned, subfields of Pageimage don't seem to be directly accessible. Even if they were, I would still need to make some adjustments, because date_from and date_to belonging to a picture can be either a date or can be empty, which is also a valid value. As the getUnformatted does not seem to work for Pageimage either, I had to do some crazy things to get the job done. At the beginning I needed to get the format of the output date of the fields date_from and date_to. Those are different for different languages and since dateOutputFormat property of the field does not accept language parameter, I had to do some custom detection using a fuction function language_id () { $language = wire('languages')->getLanguage(); if ($language->name == 'default') { return ''; } else { return strval($language->id); } } and then extract the output format of the active language. $format_date_from = $fields->get('date_from')->get('dateOutputFormat' . language_id()); $format_date_to = $fields->get('date_to')->get('dateOutputFormat' . language_id()); Then I filtered out the pages in question where I was searching for images: $today = $datetime->strtotime("today"); $filtered = $pages->find('template=this_template, image.count>0, date_from_show<=today, date_to>=today'); foreach ($filtered as $page) { $image = $page->image; $image_date_from = !empty($image->date_from) ? $datetime->stringToTimestamp($image->date_from, $format_date_from) <= $today : true; $image_date_to = !empty($image->date_to) ? $datetime->stringToTimestamp($image->date_to, $format_date_to) >= $today : true; if ($image_date_from && $image_date_to) { ... } } That is a cumbersome way but seems to do what it is supposed to do. Could someone think of a way to make it easier? Am I missing some function that could do it more efficiently? I mean anything is more efficient but it does not seem to work any other way.

I tried various ways to access data but the result is the following: I think the error message is quite clear about what is going on. Even though I am not accesing the Pageimage object but the fields associated to it, it always throws the error. This is the full selector: $list = $pages->find('template=news-action, image_kiosk.count>0, date_from_show<=today, date_to>=today, image_kiosk.date_from<=today, image_kiosk.date_to>=today'); The structure of the template is this: and the Pageimage subfields are these: They are of the same type as those used in the template. Although the logic of the selector seems to be fine to me, it always throws an error. Thank you, but actually I need to filter all pages of a specific template where either date_from is empty or is earlier than today. It's easy to do it with AND: date_from=, date_from<=today but that makes no sense. I also tried $pages->find('template=this_template, (date_from=), (date_from<=today)') however that does not seem work, although it seems to be close to what I am looking for.

I have a template which has a date_from and date_to fields, and an image field with subfields of date_from and date_to. I am trying to create this type of a selector: $pages_list = $pages->find('template=this_template, date_from<=today, date_to>=today, image.count>0, image.date_from<=today, image.date_to>=today'); I believe this is self-explanatory. While the date_from and date_to of the template work fine for filtering, I am unable to access and work with the Pageimage subfields. Selectors don't support subfields of Pageimage. That is a first issue. I tried I believe all combinations documented with no success. Subselectors also don't seem to make any difference. I also tried to get at least the unformatted value of the subfield but I am unable to find a way to retrieve it, because while "getUnformatted" works fine with $page, it does not work with Pageimage. The aim is to retrieve all images of the template "this_template" where date_from and date_to filter out both, pages and images at the same time. I thing this might not be feasible in a single step but not even the subselectors seem to work fine. And a bonus question - how to create an OR-type selector that would do the following? $pages->find('template=this_template, date_from= OR date_from<=today') I used the keyword OR that demonstrates what I am after. Thanks for any help.

I tried a few CMS: started with Joomla then some MODX, Grav but stuck with Drupal/BackdropCMS for some time. What I liked about Drupal on which I built quite a few websites, was that it was robust and flexible enough. It was easy to get the thing done fast because it provided many modules and hooking templates for fine tuning which was great at that time. That was okay until Drupal 7. Then with Drupal 8 they lost me. I had all of a sudden no idea what was going on and how to do anything. I started to completely rely on modules and could not code on my own. I am not into OOP which I think Drupal 8 migreated to. I was looking for an alternative and settled with ProcessWire. Since then, I am totally happy as I am able to create a simple website within a few hours, which was unlikely to be the case with Drupal of whatever version. The downsides of Drupal I found while using it are: it was way too heavy; even basic functionalities were module-based; it was slow; it had high resource consumption. To sum it up, even if Drupal was back to 7 where I left it, I would not go back. It was great at that time but I moved on.

I was able to find a few hardcoded "/site/" strings in the LanguageSupport module; it is in: ProcessLanguageTranslator.module, line 832 $files = array(); $dirs = array(); $root = $this->wire()->config->paths->root; $assetsDir = '/site/assets/'; if(DIRECTORY_SEPARATOR != '/') $assetsDir = str_replace('/', DIRECTORY_SEPARATOR, $assetsDir); LanguageTranslator.php, line 245 (which however given the note seems just like a last resort situation) } else { // last resort, may not ever occur, but here anyway $pos = strrpos($filename, '/wire/'); if($pos === false) $pos = strrpos($filename, '/site/'); if($pos !== false) $filename = substr($filename, $pos+1); } I believe though changing only this code is unlikely to make a difference, which did not have any in my case.

Just an idea - wouldn't it be better to simply omit "site-" from the translation files and start the naming convention from "/template/"? This way json translation files would always be named "template--" and simply found within the template folder regardless of the "site*" name. Then sites could be easily migrated including the language translations.

I run all processwire sites with multi-language support as it is a must these days. While developing a site, I sometimes need to try some things on a separate instance, implement them and if it all works fine and is properly tested, I push the development version to a production one, so I do some development staging basically, which is better than playing with the production version directly. Let's say I have a multi-site instance with "site" dir containing the production version, and a "site-dev" as a development version, which is a copy of the site's code and a separete database. So the only thing in common now is the "wire" dir. One thing does not work in this scenario, which is the multi-language support, namely the translations are not taken into account. This is my "site-dev-3" example: As you can see, the "site" part of path is removed and I am left with "-dev-3", which obviously is not a correct path. This is my index.config.php file which should be set properly: function ProcessWireHostSiteConfig() { return array( /* * Some Examples (you should remove/replace them if used). * Just note that the values must begin with 'site-'. * */ 'hostname.com:8881' => 'site-dev-1', 'hostname.com:8882' => 'site-dev-2', 'hostname.com:8883' => 'site-dev-3' /* * Default for all others (typically /site/) * */ '*' => 'site' ); } Is there anything else I am missing regarding the language support so all translations are properly picked up?

I followed the steps to use multiple-site in Processwire: https://processwire.com/docs/more/multi-site-support/ It works excellent but has issue with translations. It is easy to clone a production site to a dev site, simply duplicating the "site" dir to a "site-dev" dir. Then one needs to clone a database and that is it. Except for one thing - translations. Those are stored in assets/files/<language_id> with file names including the "site" (presuming I cloned the "site" dir). That can be for instance "site--templates--content--home-php.json". While working with the production site, everything looks great; once I use the dev site, I need to rename these files manually to "site-dev--templates--content--home-php.json" so Processwire can pick up the translation. I also noticed this while looking at the translations: The "-dev" at the beginning. Maybe trimming that would be more readable? I am not sure what solution would be the best here. Maybe having some variable in the LanguageSupport module that would allow ProcessWire to look for translation files with a different "site" name? Or a batch rename as the "site-" is always obligatory in order to use multiple-site feature? Maybe I missed someting though and there already is a setting for this though.

Thank you for help. The "getInfo" method is useful. I found out where the issue was and "tomorrow" is a the easiest way to go here.

Hi and thank you, @BillH. My aim is this: if the cache value has not expired,use the cached value if it has expired or does not exist, set the cache value and either set the expiration value as integer which then saves the value for eg. 3600 seconds set the expiration value as date and time which would be the latest date and time this value can be used before it expires That's how I understood the cache->get method. The problem here is the "expire at midnight" part because I have quite a few content, such as news, which expire daily. There is no need to check it hourly but having it expire daily means in 86400 seconds, which can be quite late after that midnight timestamp.

I am trying to work with caching for the first time and I seem to struggle with the cache expiration time. As I was able to find out in the manual, I can either "Optionally specify max age (in seconds) OR oldest date string." The max age is fairly easy, there are examples so that's fine. I kind of seem to fail though with the date. I set up a few variables I use for caching: upcoming midnight (empty cache on midnight) next Sunday midnight (empty cache on Sunday at midnight) last day of the month midnight (empty cache at the end of month) etc. I think I saw "strtotime" in the code so I am using this for midnight $midnight = date("Y-m-d 23:59:59") which I pass as the expire argument. It does not seem to work though and the cache variable did not really refresh by midnight. I have all other caching disabled, only trying to use the $cache API variable as of now. Could someone give me hint here what might be wrong with it?

I would like to ask for some help or maybe hints how to solve issue with caching. I love how easy it is to build a website with ProcessWire. Now as it is done, I am trying to step onto performance. The performance by itself is good already according to Google for instance but I need to apply some caching which I did try in the past in different projects but usually dropped it later because of problems. This is the site, just for the reference: https://www.breclove.cz I have 11 templates altogether. One template does not have a template file so it is there just to organize other pages and one is purely for administration of the website visible to superadmin. The need is to cache publicly acessible templates of course. So I took for instance the "home" template and set caching for 3600 seconds and enabled caching for guests only (see pic). The page does cache fine but when testing with Google Insights I found out it cached more than needed. I am using front-page edit which was cached as well for guests. What is more, I also have a special menu item in the main menu visible only when logged in and that menu item was visible and cached as well. The template caching cached the logged template output, not what guests should see. Except for ProcesWire caching I also use AIOM+ but only to aggregate CSS and JS files to reduce amount of requests and to compress HTML, little would that be likely a related issue. No other caching has been applied yet. Thank you for any hints or ways to debug this.

@kongondo, thank you for your reply. I need to start working on it rather sooner then later so at this point it's hard to pick - whether a different solution or to wait. Since I don't think it is a good idea to work with Padloper 1 and then with some difficulties migrate to Padloper 2 .... ummm. I need to think it through. ? Thank you though.

Hi @kongondo, I am in the need to create an eshop. I think you wrote quite a lot about how hard you work on Padloper. I cannot imagine how far you can be with it. In case I buy a licence now, will I be able to upgrade later or should I wait for the new version? Thanks.

I have a question concerning the documentation which I use pretty much always when doing some work with ProcessWire. Fantastic progress is being made with every update but I just ran into some information in forums or in blog posts and often only by coincidence. What I can think of right now includes these: in selectors there can be used words like "today" and "tomorrow" (I found the tomorrow in one forum post) in selectors and for repeaters I can use "owner" to find the parent node for image fields there are possibilities to create any field types to be used along, instead of the previous description fields only I can imagine these are just a few examples and some things may not be well known to normal users like myself. Is there a list of such "news" that have not made it into the documentation yet? Or am I missing some pages where this is already documented?

Thanks a lot! This is a super easy solution. I don't want to let the user change the aspect ratio and this does it just well. Excellent job. Thank you again.

Yes, for multilanguage. Sorry, bad explanation.

That's great. I implemented it in the meantime. It was very easy, took no time at all. Great, seriously. Just a side question - is there a way to translate the name of the crop preset?

Hello again (by the way I really love ProcessWire), I am attaching a screenshot. Let's say I have that wide image but I need to crop an image in ration 3:1 (for example 900x300 px). I cannot force the highlight to stick to the needed ratio and resize proportionally. I am not sure the CroppableImage3 module can handle this as I looked at the description but thank you for the suggestion.