kongondo

Security Report: FYI TL;DR: Our module does not use the vulnerable PHP files. We are OK; nothing to see here ?. You might have come across reports that Blueimp jQuery File Upload on which the module JqueryFileUpload is based had some vulnerabilities that had gone undetected for 8 years! The vulnerabilities, that have since been fixed, had to do with the server-side application examples that ship with Blueimp jQuery File Upload, specifically the two PHP files Upload.php and UploadHandler.php. Our ProcessWire JqueryFileUpload module is not in any way affected by the vulnerability. Here's why: We don't use Upload.php and UploadHandler.php nor any server-side samples that might ship with Blueimp jQuery File Upload. We use ProcessWire's WireUpload Class instead. We don't ship our module with these files. We use Blueimp jQuery File Upload purely for its client-side upload capabilities (only the JavaScript). Blueimp jQuery File Upload aside, we operate a very tight ship with our module. These include: Not everyone can upload files. That decision is left to the developer. All files are validated for both MIME types and file extensions. Only extensions specified by admin are allowed to go through to validation. All uploads are stored in a temporary folder pending validation. The location of the temporary folder is configurable. One can set either a web-accessible folder (e.g. in cases where one wants to show thumbnails of uploaded images) or a hidden one. All actions sent from client-side are validated against settings stored server-side. For instance, uploading, listing and deleting files. So, changing a JSON setting sent to the module client-side has no effect server-side. We use CSRF. Etc... Here are the relevant links to the above mentioned (but now fixed) exploits. https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html https://www.exploit-db.com/exploits/45584 https://github.com/blueimp/jQuery-File-Upload/blob/master/VULNERABILITIES.md https://github.com/blueimp/jQuery-File-Upload/blob/master/SECURITY.md In conclusion, this is just for your information, in case you were wondering or came across it. We are not affected and we didn't have to patch anything. Having said that, as per our OP, we urge all developers who use this module to exercise best practices to secure their applications.

Maybe: $page->createdUser = $jespersID; $page->of(false); $page->save(); Untested. http://processwire.com/api/ref/page/

Martin, sorry if we came across in a not-so-positive way ?. Please don't take it personally; I'm pretty certain it is the code that was being critiqued (and given that what you wrote was a tutorial, meaning others could learn from it and apply its principles, it's understandable that suggestions were made on how it could be improved). I promise you, this is a very friendly forum ?. Not necessarily, especially if you throw in a disclaimer in there. Many times it is about the journey, not the destination. Whereas you set out to write a tutorial, from where I stand, that in itself is only part of the story. The other part of the story is what you are unconsciously telling newbies. That story says, hey, look guys, I found this new toy and look at what I can already do with it ?.

That's strange. At 23 posts you should really be able to edit your posts. A recent upgrade probably messed things up or your account got messed up in some way. Anyway, @horst is looking into it. Thanks for your enthusiasm for ProcessWire and your willingness to share your experience at this early stage ?.

Good to know, thanks for confirming.

It is not possible. For such custom requirements, we suggest use of the method getMenuItems(). It gives you total freedom. Have a read here and see these examples. You'll need to do a bit of custom work. Shout if you need help.

echo $staff->skills->implode(',' 'title'); http://processwire.com/api/ref/wire-array/implode/

Glad you like it ? Good to hear you got it sorted. Not so great on my part then ?. It seems I should be more clear that this thread exists ?. Docs are also here. They do mention the vps permission in the very first chapter.

Normally if you copy a core module to your /site/modules/, ProcessWire asks which of the two versions you want to use. You can the select the one in /site ..and edit it as you wish. I'm not sure if it also works with Process Modules though. I also can't remember when the feature was introduced.

Yes. I'm not sure how I'll approach it though. It's just an idea at the moment.

OK, lemme have a look.

News Update - 20 November 2018 Hi all. This update should have gone up about 3 weeks ago :-). Some of you are aware that I've been having computer issues but that's sorted (fingers crossed) for now. Before that, I'd managed to work on and mostly complete a number of things. I'll try and remember them now as I write and hopefully I don't forget anything (these posts not only help with generating discussions but they will be useful references when I get round to doing the docs). Orders First, thanks (especially @arjen and @szabesz) for the feedback on orders and customers. We now have a FieldtypeOrders and FieldtypeOrderItems which store permanent records of orders. The former stores the aggregates (total price, etc) and customer info. The latter stores data about each individual item in the order (name, price, etc). These two simplify querying orders (backend stuff). Customers FieldtypeCustomers stores registered customers' data. It is also useful for frontend customer login areas/dashboards and for returning customers in cases where customers have to login in to make purchases, e.g. retrieve their stored address. Products The products field has been updated to store product dimensions. Shipping This is by far the biggest work to date, I think. It consists of 3 modules, one each for Shipping Zones, Options and Rates. I think it is comprehensive enough to do away with the need to write custom shipping classes although we'll keep that option open. Please note that although the explanation of the underlying logic behind shipping can seem complicated, the GUI for setting up shipping will be quite simple and intuitive to use. Zones Setting up shipping zones To create a shipping zone, you will have first set up countries where you ship to. This is a global setting since it also affects taxes. Once that is sorted, you can start creating shipping zones. You can create as many shipping zones as you need. A shipping zone consists of geographical areas where you ship physical products to. A shipping zone can have as many shipping regions as needed. Regions A shipping region can be any of these: Continent (E.g. Asia) Country (Germany, Lithuania, UAE) State/Province (Kowloon, Goa, Texas, Arezzo) The selection of regions (GUI) will be inbuilt. I.e., shop admins will be able to select Quebec or Nigeria or Asia, etc. In addition, one will be able to further refine their region definitions using postal/zip codes. Postal/Zip codes Postal codes can be matched in several ways: Verbatim: in this case, you specify an exact postcode(s) to match, e.g. CD30 78GH or 18000 Range: For numerical postcodes such as US zip codes, shop admins can specify the desired range(s), e.g. 60001 - 61909 Wild cards: This will match the first n characters of the postal code, e.g. SW* or BH3* You can enter as many postal codes to match as you wish. A customer's shipping address details at checkout are used to match their order to the shipping zones defined in the system. If no match is found, the system defaults to a generic shipping zone/rate if you have one set up AND assuming the customer's delivery address is in a 'place' you ship to. If not match is found at this point, the customer will be shown an error or custom message you set up. Shipping zones examples 1. State/Province + Postcodes Say you ship only to California. It's a big place so you decide to divide up the place , into 5 shipping zones using zip codes. In this example, the first 4 shipping zones are defined by zip code ranges. The fifth zone takes care of any other areas inside California not within the zip code ranges in the first 4 zones. California zone 1: 90001 - 92999 California zone 2: 93000 - 93705 California zone 3: 94200 - 94799 California zone 4: 95000 - 95750 California zone 5: All other zip codes in California In this example, zone #5 will be matched as long as the State in the shipping address state is California and the zip code is not within the ranges described in zones 1 - 4. 2. Country + States/Provinces In this example, you ship only to Canada. You create several zones based on Canadian provinces as follows: Canada zone 1: Alberta, British Columbia Saskatchewan (multiple regions in one zone) Canada zone 2: Ontario, Quebec Canada zone 3: All other provinces In this example, zone #5 (all other provinces) will be matched as long as the shipping address country is Canada and the province is not one of those in zones 1 or 2. 3. Continent In this example, we use continents to set up shipping zones based on groups of countries. For instance, setting up zones for Africa: Africa zone 1: East Africa consisting of the countries (regions) Kenya, Uganda, Tanzania Africa zone 2: West Africa; Gambia, Cameroon, Togo, Niger Africa zone 3: North Africa: Egypt, Tunisia, Morocco Africa zone 4: South Africa: Zimbabwe, Botswana, South Africa In this case, the system will match the country to their continent. Customers do not have to enter 'continent' in their shipping address details :-). Rates Shipping zones alone are useless without rates :-). Padloper 2 allows you to create rates that you can use and reuse across different zones. Please note that rates in this case just define the applicable rates(s) for an order (or part of an order) based on certain conditions. Rates do not specify how much shipment should be paid. We will come to that later below. Rates can be based on: Flat rate: A single flat rate should be paid for this zone. For instance, using our examples above, we can set a flat rate for all shipments to California zone 1 but set a different rate for California zone 3. Price: Shipment is calculated based on price. E.g. if order is worth < $30, charge $2.50 Weight: Shipment rate calculated based on weight of items in basket Quantity: Shipment calculated based on quantity of items in basket Rate Applies To A rate 'based on' value in itself is incomplete. One also needs to specify how the shipment rate will be applied. The choices are: Order: Shipment will be charged PER ORDER (the whole order). This means apply the shipment once irrespective of number of items in the order, or their price or weight, etc. Item: Shipment will be charged PER ITEM in the order. So, if we have 10 items, shipping will be charged 10 times, etc. Item-group: Shipment will be charged once PER EACH MULTIPLES OF THE 'SAME ITEM'. By item-group is meant a product with the SAME ID and same VARIANT ID. So, if we have two shirts, that have the same product ID, but one is orange with variant ID 1 and the other is blue with variant ID 2, those are NOT the same item. If our basket contains 3 of the orange shirts, that is counted as one item-group and if we have 1 blue short, that is another item group. In this case, shipment will be charged once for each item-group - once for the orange shirts and once for the blue shirt. Product-class: This is a special rate so let's examine it more closely. Product Class Shipment is a powerful feature that allows shipment to be calculated based on a product class. A product can only belong to one class at a time. A class is a special category which you use to group similar products for the purposes of shipping. For instance, you can have the following classes: Heavy: This would be a class for heavy items Bulky: A class for bulky items Small Fragile Etc... You can create and use as many product classes as you wish. Product class shipment is used with any combination of the above Rates and Rate Applies To. With product class shipments, you can mix and match as required. For instance, for your Small items, you can use Flat Rate shipping applicable to the whole Order. You could also have a Weight-based Rate that is Applied per Item. Or, a ship your Fragile items using a Quantity Rate applying per Item-group. As you can see, using product class shipments allows for more flexibility within an order. Of course, you can set up different product class rates depending on your shipping zone. For example, you can Flat Rate shipment for Bulky items shipped locally and an Item Rate shipment for Small items shipped to your international customers. Please note that in the case of Rate Applies To Order with respect to Product Class shipment Rate Value Using a Rate Value setting, you can specify what value should be used to determined whether an order has met a shipping criteria. Consider the following examples: €2 shipment will be charged PER ITEM in the basket if the ITEM COSTS at least €15. In this case the Rate Value looks at the price of a single item (i.e, >= €15) in order to apply a €2 per item shipment Now consider a similar example but with a different Rate Value. €2 shipment to be charged PER ITEM in the basket if the TOTAL COST of the basket is at least €15. In this case, the total cost of the basket is used to determine if the threshold has been reached. The last piece of the puzzle is Shipping Methods. You might have a flat rate or a price-based rate, but in relation to time (or level of service) how do you actually deliver the product? Methods Shipping methods are straightforward. You can add as many shipping methods as you want. For instance: Collection: Buyer collects from your shop Same day delivery Standard delivery 3 - 4 Days' delivery Express delivery Etc There are no predefined methods. You set this up yourself to suit your needs. Options Shipping Options complete the shipment system. A shipping option is a combination of a shipping rate and a shipping method. Think of them as a matrix (similar to Table rate shipping in WooCommerce). Shipping options are automatically created based on selected Shipping Rates and Shipping Methods for a zone. The admin then has to enter a shipping fee/charge/cost for each combination of Rate and Method. At checkout, the customer will be presented with the shipping options available to them and how much that would cost them. Here are some examples Shipping Options (Methods X Rates): Options: a 1 x 1 combination You should could offer a Standard Delivery (Method) charging a Flat Rate £10 for all transactions. Options: a 2 x 1 combination Offer Normal and Express shipping charged at a Flat Rate £5 and £10 respectively for either Method. Options: a 1 x 2 combination Offer Standard delivery on all shipping based on Quantity of order and charging $7 if order contains less than 10 items and $4.50 if order contains more than 10 items Options: a 2 x 2 combination Delivery Methods: Collection Normal Same Day Weight-based Rates: Rate 1: Less than 10 kg Rate 2: Greater than 10 kg but less than 20 kg Rate 3: Greater than 20 kg Shipping options will be the matrix of the above methods and rates each with a shipment fee, e.g. Collection x Rate 1: Free Normal x Rate 1: £5 Same Day x Rate 1: £15 Normal x Rate 2: £8 Etc.. Options: a more complex combination: product class rates Delivery Methods Standard Express Product-class Rates + Applies To Small items: quantity-based rate charged per item-group Fragile items: flat rate charged per item Heavy goods: weight-based rate charged per item Rates Small items quantity less than 5: $0.75 Small Items quantity more than 5 but less than 15: $0.50 Heavy goods: less than 30 kg: €10 per product Shipping options will be a matrix of the above methods and rates each with its own shipment fee, e.g. Standard delivery of Small Items if less than 5: $0.75 per item-group Express delivery of Heavy Goods if item < 30 kg: €10 per product You get the idea ? Maximum shipping Cost and Handling Fee Padloper 1 included a maximum shipping cost. This is retained in version 2. In version 2, you can add a handling fee which will be applied PER EACH shipment calculation. So, if shipping applies per order, a handling fee is applied once. If shipping applies once per product class in an order, handling fee will be charged x the number of eligible product classes in the shipment (e.g. once for Small items, once for Heavy Goods, ETC). Merge Shipping This is work in progress and applies to Product Class-based shipping. It allows the shop admin to specify what shipping rates can be merged in order to use one shipping rate instead of two. For instance, a shopping cart/basket could contain 5 Small Items and 3 Medium-Sized Items. Rather than charge for and ship these separately, the items could be merged and shipped together using the Medium-Sized items rate. Shipping Package This is a planned feature that may not make it in the first release. It is useful where shop owners use delivery services like Fedex where package dimensions and weight or volumetric weight are important factors. I think that's it. I could have forgotten something or could have expressed something better. I'll edit this post if such needs arise.

That's it! If you are logged in as superuser MB should have thrown an error. If not logged in or for non superusers, it will fail silently. Are you logged in as superuser? Try remove the space after that and see if it works.

Excellent. Glad you got it sorted.

In the caches table in the DB.

Of course. All ProcessWire API is available everywhere :-). In a function wire('cache') should do the trick. I think there are other variants of that but I never use them myself.

You want to add a method then; not a property :-). Wire::addHookMethod() https://processwire.com/api/ref/wire/add-hook-method/ http://processwire.com/api/hooks/#add_new_method Inside the hook, you can get your parameters using event->arguments. E.g. event->arguments(0) is the first parameter, event->arguments(1), the second one, etc.

That's strange. I'm not sure where the items are getting lost. Btw, my Tracy calls should have been bd() rather than d(). Please try bd() in the previous two as well as this on line 86: bd($menuItems); With the bd calls, have a look in the Tracy bar. Is the site online? If I could get a temporary access, I could have a quick look.

I normally use bd($var) and only knew about the difference with d($var) when you pointed it out to me recently :-).

So imagine my shock today when i tried to d($var) and nothing happened (well, apart from a few crumbs of debug on the page)! Not again!, I groaned. I scanned Tracy's settings and nothing jumped at me. Everything seemed OK. I even tried debugInfo=>false/true, but no joy. A quick look at the docs and eureka! @options: DETECT | DEVELOPMENT | PRODUCTION @default: DETECT A docker container's IP address would be treated differently! It was being read as site is in 'PRODUCTION'!. A quick change to that setting and normal Tracy was back! You gave me a fright Tracy! I've never seen this side of you. We've only ever met 'locally' ?.

No output meaning nothing appears on screen or no output meaning Tracy says the array is empty? If the former, it means the condition on line #96 is met, meaning the menu is cached (Menu Builder cache). Did you cache the menu? Even in that case, a menu should be built from cache (unless it got deleted by mistake?). Try this on line #100 please: d($menu, 'Cached menu'); Does it return anything?

Hmm. This says your menu is empty. What about this one on line # 105? // on line #105 d($rawMenuItems,'raw menu items');

// in ready.php $someID = 1000; // Adding a hook property $wire->addHookProperty('Page::customProperty', function($event) use($someID) { $page = $event->object; $event->return = $someID; }); // in home.php template file, for example echo $page->customProperty;// 1000 notice the use()...It's a PHP thing. I can't find a reference to it ATM.

Do you have Tracy installed? If yes, could you add the following before line 302 in MarkupMenuBuilder.module (e.g. on line 297) and tell me what Tracy reports? d($menu); // or this one bd($menu);

Good point. Don't remind me please ...? I'm still very raw ?.