-
Posts
11,005 -
Joined
-
Last visited
-
Days Won
358
Everything posted by adrian
-
$role->branch_parent is what you're looking for rather than admin_restrict_branch. But otherwise your example code should work.
-
@biniyam if you configure this module to the restriction you need you should be fine if your form assigns the required role to the users. It sounds like the "Role Specified Branch Parent" might be the best option based on your description - shouldn't need a php script.
-
You're right, but how is it possible to move sideways (x-axis) without going slightly up or down (y-axis)? I don't really understand why y-axis movements should trigger any change at all.
-
MacOS Brave and Chrome both have the issue for me.
-
Am I the only one seeing major bugs with the new template width functionality? See how the percent is going down, but then jumps back up again as I continue to drag to the left?
-
User Activity module AJAX forbidden due to updated apache
adrian replied to adrian's topic in General Support
@Jonathan Lahijani - that's my plan for now. I don't know for certain that 2.4.63 will fix this issue, but from what I understand it sounds like it will. That said, it still hasn't even been released on their Github repo yet: https://github.com/apache/httpd/tags so not sure how long it will be before it makes its way to APT etc, especially for Debian if it's not considered a security update. -
@bernhard - the thing is that the loading of the Tracy bar is handled by the core Tracy package - I just call the PHP command to enable it: https://github.com/adrianbj/TracyDebugger/blob/63eae91b18b1881e0ac99f6c33930f93ba764956/TracyDebugger.module.php#L1508. If you view the page source, you'll notice that weirdly it is added after the closing </html> - maybe that is part of the problem? I have lots of sites with fixed footers and never seen the issue you are referring to and FOUCs are a pet peeve of mine :)
-
Nevermind, I think I just found it - an empty email address for one user :)
-
@nbcommunication or anyone else ever seen this error in the "wire-mailgun" log? 'recipient-variables' parameter is not a valid JSON $recipientsArr[$emailAddress] = [ 'id' => $recipient->id, 'email' => $emailAddress, 'first_name' => $recipient->first_name ]; $mailer->addRecipientVariables($recipientsArr); It happens during a loop of email sends - there are lots of different emails, each sent to one or a few people so the emails are sent in batch mode, but it seems like only one of the emails in the loop actually triggers this error. I feel like perhaps there is something weird with the first name for one of the recipients (maybe a strange character or something), but before I pull all my hair out, I was hoping to hear that someone else had already come across this and know what to look for :)
-
On a side note, I would really recommend you upgrade your PHP version - 7.x hasn't had security updates for quite some time now!
-
Hi @aComAdi - sorry for the issues you've been having, but thanks for narrowing things down. I think it's likely this commit: https://github.com/adrianbj/TracyDebugger/commit/4b35ecddfb184cd7a04c3614fb40ac72d0a62874 to fix this issue: https://github.com/adrianbj/TracyDebugger/issues/96 I have never set up a site in a subfolder in such a way that an AJAX call to "/" doesn't work as expected, so I can't really test this, but I think the latest version should fix things for you. @Jonathan Lahijani - can you please make sure this new version doesn't affect the issue you had with bootstrapped files?
-
User Activity module AJAX forbidden due to updated apache
adrian replied to adrian's topic in General Support
Just a follow up here for those who haven't found the Github issue: https://github.com/processwire/processwire-issues/issues/1952 It looks like the next version of Apache (2.4.63) will include a fix (https://github.com/apache/httpd/commit/a1a93beb58b81f1de2b713ae5f96c41ed5952a74) that should hopefully prevent this from being an issue for PW. -
It's not quite as simple as a user being unpublished - it could be changes to the account pages referencing them as well and it's multiple different templates. The other reason for this approach is that I want to continue to alert users with a wire()->warning which wouldn't persist if I hooked on unpublished or changes to those other pages. Same kinda goes for emails or other alerts - I feel like this one needs to be a constant reminder. Perhaps a better approach would be to prevent unpublishing any user tied to an account page and prevent saving an account page unless a valid published user is selected. So many options :)
-
Thanks @BitPoet - it probably is pretty similar in actuality, but it feels semantically correct in your case and just a bit off for my needs which aren't related to the theme's markup or menu etc. Thanks @ryan - I tried without a hook in templates/admin.php but the code was still called twice (again, the AJAX request for the page list), but as you suggest, I could definitely wrap it in a if($!$config->ajax) check. I think that probably makes the most sense. I initially thought things like Processwire::finished or Proccess::execute would only be called once but again that page list AJAX is the problem. And thanks for the session idea which sounds like a good option. Just an FYI - I have a check to make sure the integrity of some page reference fields (selected staff on client accounts) and I need to make sure if a staff member is unpublished that a warning is given. It's pretty efficient but I don't really want to run it on every admin page load, but ProcessLogin::loginSuccess isn't really enough either because our sessions don't often expire given how often we are in the admin.
-
I feel pretty silly asking this question, but I am realizing that there don't seem to be many options for a hook that is only triggered once when the admin is loaded because most of the usual suspects also get called a second time during the AJAX request to load the page tree. So far the only one I can actually find is: AdminThemeFramework::getUserNavArray Does anyone else have a better idea? And also, what about a hook that is called once when a user first loads the admin in the current browser window. I am not talking about ProcessLogin::loginSuccess because that is only called after the username and password has just been entered, but rather that first time when a user opens the admin while their session is still valid from the last time. Thanks!
-
@ryan - I have responded again to the ones that I think I bugs that still need fixing. You are right that some are feature requests - my point being that I think these are really useful requests that others would also benefit from. Of course it's up to you to decide if you agree, but obviously we are all going to push for things that we'd personally like to see.
-
@ryan - can I also kindly suggest that Profields Table needs some love. There are lots of weird bugs as well as some things that I think would really improve the experience. In my eyes this is THE banner profield that really demonstrates what PW can do, but is not quite working as it should. eg (in no particular order): https://github.com/processwire/processwire-issues/issues/1947
-
With huge amounts of gratitude for everything you do to make PW as great as it is: I know this is not in the intended spirit of this thread, so apologies for that, but honestly what I would most like to see is fixing all of the current Github Issues before anything new is implemented. I personally still have 49 open issues, many of which require ugly hook workarounds, some result in things being broken for site editors, and others are inconsistencies in the API which continue to trip me up. I am honestly struggling to put energy into thinking of shiny new feature ideas with these things always impacting my workflow.
- 127 replies
-
- 14
-
-
User Activity module AJAX forbidden due to updated apache
adrian replied to adrian's topic in General Support
Good catch @Jan Romero - I wonder if PW could rely solely on parsing $_SERVER['REQUEST_URI'] ? It seems like there might be an issue with NGINX if that happens: https://www.drupal.org/project/drupal/issues/2490870 but could be worked around with: https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/request_uri/7.x "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI." -
@DrQuincy - you might find this module useful: https://processwire.com/modules/process-redirect-ids/
-
User Activity module AJAX forbidden due to updated apache
adrian replied to adrian's topic in General Support
Thanks, I did see that flag, but as you said it's not a good approach for a fix. I agree this could be a potential issue on lots of sites. Thanks also for posting to get Ryan's attention - the more pings he has on this the better. I tend to think that the correct fix has to be related to that "?it=$1" rewrite rule because it has the potential to break many more things than just the UserActivity module. -
User Activity module AJAX forbidden due to updated apache
adrian replied to adrian's topic in General Support
Turns out I can reproduce a forbidden error by simply loading a URL like http://pwtest.test/about/?id=%3f It seems like you need to view a page that isn't the root url (hence the about child page) and that you have %3f in there. On some servers http://pwtest.test/about/%3f this also returns a 403 but on others I need the %3f to be part of a URL parameter. This Drupal ticket reports the same issue and references the same apache change that Robin noted: https://www.drupal.org/project/drupal/issues/3460799 If I make a similar change to PW's htaccess rule (as was changed in Drupal), ie: change: RewriteRule ^(.*)$ index.php?it=$1 [L,QSA] to: RewriteRule ^(.*)$ index.php [L,QSA] or: RewriteRule ^ index.php [L,QSA] then everything works again. I expected that would break PW's page routing and/or admin, but initially it looks to be OK which honestly seems weird. So other than the issue with UserActivity, we'll all need to be careful if we ever url_encode anything with a question mark (%3F) in it unless @ryan thinks an htaccess change like (or similar) that would be ok. Perhaps it will need some reworking of some of the $GET['it'] related code in PagesRequest.php to handle all scenarios? Also, I just discovered that the server with what I thought was an old version of apache, was actually not old - I almost exclusively run Debian servers, but the "old one" I mentioned is Ubuntu and someone else is managing it now and they did update to 2.4.41 which in Ubuntu world includes that %3f fix: https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.19 -
User Activity module AJAX forbidden due to updated apache
adrian replied to adrian's topic in General Support
I have updated all but one server to 2.4.61, but yes, I am still seeing the issue on 2.4.41 (including that UnsafeAllow error) so not sure what's up with that :) Figured this out - see my post below: