LostKobrakai

The outcome of the vote is indeed quite bad, but misinformation is not good as well. The EU is not cencoring anything on its own – especially not on your own website. They voted for a law, which requires content hosting platforms like e.g. youtube, tumblr or twitter to make sure the user-content they host is not violating copy right laws or they're essentially complicit in the copyright fraud. The person using (a.k.a. uploading or sharing) content in an unlawful way is already committing a crime even without that article 13. So that meme on your website was either already unlawfully used or it's still ok. The problem is on the side of content hosting platforms which will need to keep and maybe even extend their already shitty (automatic) copyright detection mechanisms, making it unnecessarily harder for all people hosting content on their platforms – needless to say that most are probably not breaking copyrights in the process. Also I'm not really sure how they expect to handle all the grey areas of content, which is neither obviously licensed nor obviously unlicensed and therefore unusable. There are also laws which allow usage of copyrighted content if it's already published and the usage is just for citations – or there's satire. I'm not sure how they expect automated systems are ever support such nuances.

So I obviously misread the code when refreshing my mind. If the function is correctly caching all the things it does calculate this should be fine.

Disregarding the viability of using _callMethod() here: While I understand that ProcessPageView is awefully structured for hooks – I tried to make it work with a testing framework last year – I'd not suggest you calling getPage from your hook if you don't intend to replace the whole execute function. getPage() is not safe to be called multiple times, because it does modify global state and therefore does not return the same value on multiple invocations. Also I doubt searching for the called page multiple times would be good for your page response times anyways.

I certainly agree that the EU is once again trying to go from one extreme to the other which is quite probably not a good idea at all. If I understand this correctly it's about copyright, right of moneytization and licensing. All those things are mostly well defined in the non-digital world, while on the internet people just didn't care much up until now mostly because of anonymity and lack of ways to prevention or prosecution, while the impact of sharing unlicensed content is easily greater than in the analog world. I certainly see that reform critically for anything, where people want to get payed for or limit access to their work, because it would probably restrict many good cases of quotation/linkage as well. But the internet imho is great for the things, which are willingly shared and licensed to be usable/shareable/editable by other people. Most of my open source work is licensed under MIT or Apache just because of that. It just seems people just don't want to be bothered with the question of: Am I allowed to use a piece of information elsewhere. Sadly the EU just seems to be fully driven by publishing corporations trying to get their share of money from their content being shared instead of dealing with the issue in a sensible way.

If @BitPoet's description is fitting for the intended project I'd say there might be more fitting tools out there than ProcessWire (also depending on your skillset though). It's a great CMS and you can make it work in a lot of situations, but it does have it's issues at bigger scale projects like being quite prone to n+1 queries if you're not cautious and pitfalls like getting into trouble with a great diversity in templates/fields because those are all loaded on each request. Caching can help in places, but dynamic content is hard to cache and personally I'd always look for the options, where you can get away without caching first before depending on it working out elsewhere.

It seems like nette is a bit less crufty than phpunit, which is nice. However I'm wondering how you're handling state in the database. E.g. how do you make sure if one tests creates a new page it's not affecting the next test?

Are you sure? I'd expect it to always return the object. It's just that the object implements __toString with it's name, so it's casted to a string if needed. @PWaddict With == it's doing the same thing, because __toString returns the name of the template, but if you'd use === they would no longer have the same result.

I'd rather have db backups stored outside the webroot then having them encrypted. By default they're protected by the .htaccess file, but screwing up that file is easy and common. But if that's working (or files are outside the webroot) only people with access to the webserver can see/use the backup files and are highly likely to also have access to the config.php and therefore the db credentials as well. In that case encryption won't give you anything anymore.

Just so people don't prematurely jump to disabling useful security features: Having cookies enabled to allow for session storage or csrf protection can be justified as "legitimate interest" (Art. 6 GDPR), which means you no longer need explicit consent. You'll probably still need to document that justification in the privacy policy, though.

@Jonathan Lahijani Those are certainly true for arbitrary uploads/retrieval from links, but less so for hardcoded, not user facing download links, where packages could even be chechsum checked before usage by the installer.

I think having a download option in the installer for getting additional site profiles beyond blank and basic would be the simpler option, which depends less on GitHub and people being familiar with it.

sessionAllow is a recent addition. Are you sure those instances run on a version needed for the setting to work?

The reason for adding findMany() was to not load all pages into memory like find() does. It does so by harnessing PHP iterators to load batches of pages within a foreach loop and discard already computed batches to free up memory again.

Generators are PHP 5.5+ so it won‘t fit for ProcessWire, which is still running down to PHP 5.3. But the new $pages->findMany() works similarly to how generators work.

It's certainly not intentional. https://github.com/LostKobrakai/Migrations/blob/master/classes/ModuleMigration.php There's what a module migration does. I'd expect that $this->modules->install($name) would also take care about installing any permissions of modules. — I just quickly checked the source and it seems this method should handle that.

Considering this it might be true in austria: https://euobserver.com/justice/141746.

To append to that: Autoloaded fields are retrieved by getById() as you said, but non-autoloaded fields are retrieved on first access of the fields property from the page ($page->my_field) as a separate query. This is an important fact to consider when needing performance, as that default behaviour is quite prone to cause n+1 queries.

// $f is the Field object of your options field $f->type->manager->getOptions($f);

The purpose of the hooks callback is not to pass the $event object forward, but rather to handle everything related to it. It should unpack all the data you need from the $event, call any external functions it needs to call by using that retrieved data (not the $event itself) and use the returned values to put them back into $event if needed. With the exception of this hook callback it's very unlikely any code would need to know about $event and if it's triggered by a hook or not.

It just happens to be that the first argument to the function hooked in that part of the documentation is a page object. So it's always about the functions arguments. There are a few things wrong with passing around the hook event object: The hook event object is used only in combination with a hook. So every code touching that object automatically binds itself to a usage only through a hook, which is a unneccesary coupling. This violates the open/closed principle (O if SOLID), because if anything related to hooks does change you need to modify each method receiving the hook event and not only the one method, which is triggered by the hook. On the other hand if any of your business logic does change you should not need to modify code, which is only there to make sure your hook is handled. When you're not complying to the above it's also way easier to get lost in where things do actually change in regards to handling a hook. You wouldn't want to be in a situation, where you know a hook does cause issues, but you cannot find the place where that hook is manipulated incorrectly, because the objects is passed around in so many places. Metaprogramming (hooks are kind of that) is manipulating code at runtime, which is a responsibility to keep up to. This is best done by keeping the surface of code actually manipulating other code as small as possible. On the other hand if your hook callback function is only dealing with "making the hook work" and passing all other responsibility of to other functions – just passing data gathered from the $event object, but not the event itself – you automatically have functions, which you can easily use from places other than that hook as well. Say you later notice that you need to use that tierprice() method from another hook with different arguments or in some other part of your business logic, which is not triggered by a hook at all. You wouldn't want to duplicate the function, just to be able to use it from different places. You also don't want to fabricate a fake $event object just to call it. [SOLID Principles] https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)

I can totally see why "getting an API key" should be a thing the developers do, but "taking the responsibility for using a 3rd party tool which is likely sending private data to a company in a non EU country" is something clients will have to deal with by the end of the month – especially if you're just a limited-time contractor creating the website for the client to run on their own afterwards.

@simonsays Something like that: class Migration_xxxx_xx_xx_xx_xx_xx extends FieldMigration { public static $description = "Create field"; protected function getFieldName(){ return 'field_name'; } protected function getFieldType(){ return 'FieldtypeOptions'; } protected function fieldSetup(Field $f){ $f->label = 'Label'; $f->inputfieldClass = 'InputfieldRadios'; $options = <<< _END 34 36 38 40 42 44 46 48 _END; $f->type->manager->setOptionsString($f, $options, true); } }

Congrats. Another very well crafted website of yours. I don't really like the scroll-jacking, but I really really like the menu. You also might want to look into hiding the video pop out button on opera.

That's really a strange way for the host to answer, because ssl is really not related to the cms (besides maybe generating https links and redirecting). But enabling ssl does need to be setup on the webserver. For redirection to https see the .htaccess file and urls in processwire are most often relative ones, so there's probably not much to do on the url generation side.

This thread is literally years old. See here for the options regarding disabling the session: https://processwire.com/blog/posts/multi-instance-pw3/#more-session-control