Jump to content
adrian

Tracy Debugger

Recommended Posts

1 hour ago, bernhard said:

But I cannot enable the console for my non-superuser?

So sorry @bernhard - I didn't read that bit of your question - my apologies!

I have purposely prevented the Console, File Editor and Adminer panels and some others from working for non-superusers. Perhaps this could be made optional, but it seemed like a good default security setting. I can work on this later for you, but for now, just remove this line: https://github.com/adrianbj/TracyDebugger/blob/b225975afdad1c86ecb7ac7d4a724b46dcbcd0f0/TracyDebugger.module.php#L1444

and this conditional: https://github.com/adrianbj/TracyDebugger/blob/b225975afdad1c86ecb7ac7d4a724b46dcbcd0f0/includes/CodeProcessor.php#L20

I think those should get you going.

  • Thanks 1

Share this post


Link to post
Share on other sites

Thx adrian, I see your intention now 🙂 I just tried the user switcher and I have everything I need there. 

Is there a reason for the guest user not being selectable in this panel? It might be helpful to switch to a guest user as well and have tracy for debugging (console, dumps, etc)?

  • Like 1

Share this post


Link to post
Share on other sites
1 minute ago, bernhard said:

Is there a reason for the guest user not being selectable in this panel?

All you have to do is start a User Switcher session and then click the logout button - that is the same as selecting guest.

Oh yeah, and good idea about using the User Switcher - sorry, too rushed to think of that this morning 🙂

Share this post


Link to post
Share on other sites
On 2/8/2019 at 8:03 AM, adrian said:

I have purposely prevented the Console, File Editor and Adminer panels and some others from working for non-superusers. Perhaps this could be made optional, but it seemed like a good default security setting.

I'd be keen to have an option to enable the Console for non-superusers on localhost. If it's limited to localhost then there's not really a security risk I think. It would be handy for checking things like $page->addable(), $page->publishable(), etc from the perspective of a non-superuser role. When testing I typically keep an incognito window open with an editor role logged in rather than work with the User Switcher.

  • Like 3

Share this post


Link to post
Share on other sites

@Robin S - I haven't ignored your request - it will be in the next version.

Speaking of the next version, I have been looking at the poll from @teppo's PW Weekly and wondering what you guys would think about Tracy dropping support for PHP < 7.1 ?

The new core Tracy 3.0-dev version requires PHP version 7.1 or newer and looking at the changes since the 2.5 version we are currently using, it won't be practical to support two versions of the core like I have done previously. So, the question is, can I make 7.1 a requirement for the new version?

Not sure how to really get your feedback on this, but maybe a "like" means your OK with it, or a "sad" if you're not happy either sticking with the current version of this module (to maintain 5.x support), or otherwise don't want to lose 5.x support just yet.

The new Tracy core comes with much faster rendering of dumped objects with a lot of depth, so we might be able to increase the default and big dump options significantly.

There have also been improvements to live dumping that I still need to experiment with, but both sound very useful to have so I would like to upgrade.

Thanks for your thoughts.

image.thumb.png.2f818fdef1679dde462e9664fb08d0b8.png

 

  • Like 5

Share this post


Link to post
Share on other sites

Just another update to the Tracy core - apparently LIVE dumps now work more reliably and are now the default when calling barDump(), so it looks like we'll be able to ditch our custom bdl() method and probably even our bdb() and db() and integrate the LIVE option into standard d() and bd() calls. 

As you can tell, I am excited about the new version 🙂

  • Like 2

Share this post


Link to post
Share on other sites

I'm biased, and probably not the biggest user of Tracy either, but in my opinion support for PHP < 7.1 should be safe to drop by now. For the folks stuck with those versions, current Tracy version still works – right?

That's what I've been doing with my modules and code recently: splitting a separate "legacy" branch for those who need it, but only focusing new development for current PHP versions. And by "current" I mean the officially supported ones.

  • Like 3

Share this post


Link to post
Share on other sites

+1 for dropping support. Maybe adding a check before upgrade and showing a warming/hint that older php versions can use the old tracy module (that is already great) with a link where to download it?

  • Like 2

Share this post


Link to post
Share on other sites
4 hours ago, bernhard said:

Maybe adding a check before upgrade and showing a warming/hint that older php versions can use the old tracy module (that is already great) with a link where to download it?

+1 one for this!

Otherwise this change forces me to bump my sites from PHP 7.0.x to 7.1.x which is great! Thanx 🙂 (I always play safe, so I'm reluctant to go higher than necessary...)

Share this post


Link to post
Share on other sites
18 minutes ago, szabesz said:

Otherwise this change forces me to bump my sites from PHP 7.0.x to 7.1.x which is great! Thanx 🙂 (I always play safe, so I'm reluctant to go higher than necessary...)

Probably worth pointing out that currently the "safe thing to do" is going with 7.1 or 7.2: 7.0 is no longer officially supported, so it's no longer receiving security updates, and even 7.1 will stop receiving (security) updates near the end of this year.

7.3 is currently the "cutting edge" version, so you might want to wait a while before going there.

In terms of security there are exceptions, such as Ubuntu, where distro maintainers have been backporting security-related fixes from new versions to old ones – but if you're already on 7.0, I would assume that it's not the one that you got with your operating system, and as such is likely that you're already using a (potentially) insecure version.

  • Like 3

Share this post


Link to post
Share on other sites

For those interested - looks like the Tracy core will be getting multiple AJAX bars in v3: https://github.com/nette/tracy/pull/336#event-2144817375

This will be great for many reasons and will also let me remove my additive approach to dumps in the AJAX bar because consecutive requests will show the dumps on separate bars, rather than overwriting the last one which is how the core currently works.

  • Like 2

Share this post


Link to post
Share on other sites
On 2/7/2019 at 8:22 PM, bernhard said:

Thx adrian, I see your intention now 🙂 I just tried the user switcher and I have everything I need there. 

Is there a reason for the guest user not being selectable in this panel? It might be helpful to switch to a guest user as well and have tracy for debugging (console, dumps, etc)?

Hi Adrian,

just tried your suggested method on another website where I only have guest + superuser. It does not work as expected, or I'm missing something. When I start a user switcher session and logout, I get the debug bar, but I still cannot open the console. So it is not possible on that site to do some quick console tests and dumps...

This would be really helpful on that setup. Or is there another hidden way how I could use the console as guest user?

Would be great to have the guest user available in the switcher! Thx

Share this post


Link to post
Share on other sites

Hey @bernhard - sorry about that - it didn't work as you expected. Please try the latest version which lets the Console panel work as a guest when you use the "logout" option via the User Switcher and also it now works on localhost when using the "Force guest users into DEVELOPMENT mode on localhost" which should take care of @Robin S's request above.

Hopefully the next version will include the new Tracy core features along with some other tweaks - just need to find some time 🙂

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites
On 2/20/2019 at 11:36 AM, adrian said:

Please try the latest version which lets the Console panel work as a guest when you use the "logout" option via the User Switcher and also it now works on localhost when using the "Force guest users into DEVELOPMENT mode on localhost" which should take care of @Robin S's request above.

Thanks for adding this feature!

There seems to be a problem with the console output though. No matter what I dump the output consists of the entire rendered page.

2019-02-21_180609.png.08545b98d2706d79c10c7043800695db.png

This occurs when using the console as guest or logged-in non-superuser. 

  • Like 1

Share this post


Link to post
Share on other sites

Hey @Robin S - sorry about - I went through a few different iterations of things and looks like I messed up a couple of things on the last version. I just made a quick fix (no version bump) that fixes it for local guest users, but I think I need to do a bit more to get non-superusers working. Feel free to test the recent commit, but hopefully will have a complete fix shortly.

  • Like 1

Share this post


Link to post
Share on other sites

Actually, thinking about non-superusers - not quite sure what I want to do here.

Using the user switcher to switch to a non-superuser I think is OK for the console etc, but I don't actually think they should be available to non-superusers unless you're on local dev. Are you ok with that?

 

Share this post


Link to post
Share on other sites
1 minute ago, adrian said:

Are you ok with that?

Okay with me as I do almost all development on localhost.

  • Like 1

Share this post


Link to post
Share on other sites
Just now, Robin S said:

Okay with me as I do almost all development on localhost.

And I think the key thing is that on a remote server you can still use the user switcher to change to a non-superuser and it will work - it's just that I don't want actual non-superuser users that might have the tracy-debugger permission from using it.

I think that last version I just committed should be ok for this scenario. I am double checking here now, but could you confirm at your end also please?

 

  • Like 1

Share this post


Link to post
Share on other sites
6 minutes ago, adrian said:

I am double checking here now, but could you confirm at your end also please?

Thanks, working well for me as guest/non-superuser on localhost, and when using User Switcher on remote host.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks - I actually just committed one more change and did a version bump and updated modules directory. 

Share this post


Link to post
Share on other sites
2 minutes ago, adrian said:

I actually just committed one more change and did a version bump and updated modules directory

Cool, will update.

Something unrelated I'll just throw out there for the wishlist... it would be cool if the code window in the Console didn't resize proportionally when the panel is resized. So the code window would have a pixel height rather than a percentage height and the result window would have a height along the lines calc(100% - [console window pixel height]). I know you added a lot of neat stuff relating to the code window height (line snapping and keyboard shortcuts) and for all I know this request would complicate all of that, in which case don't worry because it's not that important. 🙂

  • Like 1

Share this post


Link to post
Share on other sites
1 minute ago, Robin S said:

it would be cool if the code window in the Console didn't resize proportionally when the panel is resized

Yeah, I kinda agree with you - it's a bit annoying at times - I have gotten used to the keyboard shortcuts to increase/decrease as needed. Not sure how easy it would be to do what you want because I make use of the splitjs library (https://github.com/nathancahill/split) for that stuff and it's a percentage based setup and not sure how I would go about overriding that at the moment - it's certainly on my mind though.

  • Like 1

Share this post


Link to post
Share on other sites

Hi Adrian,

Recent Tracy versions do not work in the backend (the issue also prevents admin login), the "errors" I get (PHP 7.1.22):

Spoiler

Warning: in_array() expects parameter 2 to be array, string given in .../TracyDebugger.module.php on line 1955
Warning: in_array() expects parameter 2 to be array, string given in .../TracyDebugger.module.php on line 1962
Warning: in_array() expects parameter 2 to be array, string given in .../TracyDebugger.module.php on line 971
Warning: in_array() expects parameter 2 to be array, string given in .../TracyDebugger.module.php on line 1032
Warning: in_array() expects parameter 2 to be array, string given in .../TracyDebugger.module.php on line 1049
Warning: Cannot modify header information - headers already sent by (output started at .../TracyDebugger.module.php:1955) in .../TracyDebugger.module.php on line 1201
Modules: Failed to init module: TracyDebugger - Tracy\Debugger::dispatch() called after some output has been sent. Output started at .../TracyDebugger.module.php:1955.

I tested a few old versions and TracyDebugger-4.17.10 is ok, while TracyDebugger-4.17.16 has this issue, so something between these two introduced the problem. I reverted back to v4.17.10 for the time being.

Share this post


Link to post
Share on other sites

No problems here with Tracy 4.10.23 / 4.17.23 + PHP 7.0.33 / 7.2.6.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Robin S
      A community member raised a question and I thought a new sanitizer method for the purpose would be useful, hence...
      Sanitizer Transliterate
      Adds a transliterate method to $sanitizer that performs character replacements as defined in the module config. The default character replacements are based on the defaults from InputfieldPageName, but with uppercase characters included too.
      Usage
      Install the Sanitizer Transliterate module.
      Customise the character replacements in the module config as needed.
      Use the sanitizer on strings like so:
      $transliterated_string = $sanitizer->transliterate($string);
       
      https://github.com/Toutouwai/SanitizerTransliterate
      https://modules.processwire.com/modules/sanitizer-transliterate/
       
    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version to 2.10, add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "http://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


    • By thomasaull
      I created a little helper module to trigger a CI pipeline when your website has been changed. It's quite simple and works like this: As soon as you save a page the module sets a Boolean via a pages save after hook. Once a day via LazyCron the module checks if the Boolean is set and sends a POST Request to a configurable Webhook URL.
      Some ideas to extend this:
      make request type configurable (GET, POST) make the module trigger at a specified time (probably only possible with a server cronjob) trigger manually Anything else? If there's interest, I might put in some more functionality. Let me know what you're interested in. Until then, maybe it is useful for a couple of people 🙂
      Github Repo: https://github.com/thomasaull/CiTrigger
    • By Robin S
      I created this module a while ago and never got around to publicising it, but it has been outed in the latest PW Weekly so here goes the support thread...
      Unique Image Variations
      Ensures that all ImageSizer options and focus settings affect image variation filenames.

      Background
      When using methods that produce image variations such as Pageimage::size(), ProcessWire includes some of the ImageSizer settings (height, width, cropping location, etc) in the variation filename. This is useful so that if you change these settings in your size() call a new variation is generated and you see this variation on the front-end.
      However, ProcessWire does not include several of the other ImageSizer settings in the variation filename:
      upscaling cropping, when set to false or a blank string interlace sharpening quality hidpi quality focus (whether any saved focus area for an image should affect cropping) focus data (the top/left/zoom data for the focus area) This means that if you change any of these settings, either in $config->imageSizerOptions or in an $options array passed to a method like size(), and you already have variations at the requested size/crop, then ProcessWire will not create new variations and will continue to serve the old variations. In other words you won't see the effect of your changed ImageSizer options on the front-end until you delete the old variations.
      Features
      The Unique Image Variations module ensures that any changes to ImageSizer options and any changes to the focus area made in Page Edit are reflected in the variation filename, so new variations will always be generated and displayed on the front-end.
      Installation
      Install the Unique Image Variations module.
      In the module config, set the ImageSizer options that you want to include in image variation filenames.
      Warnings
      Installing the module (and keeping one or more of the options selected in the module config) will cause all existing image variations to be regenerated the next time they are requested. If you have an existing website with a large number of images you may not want the performance impact of that. The module is perhaps best suited to new sites where image variations have not yet been generated.
      Similarly, if you change the module config settings on an existing site then all image variations will be regenerated the next time they are requested.
      If you think you might want to change an ImageSizer option in the future (I'm thinking here primarily of options such as interlace that are typically set in $config->imageSizerOptions) and would not want that change to cause existing image variations to be regenerated then best to not include that option in the module config after you first install the module.
       
      https://github.com/Toutouwai/UniqueImageVariations
      https://modules.processwire.com/modules/unique-image-variations/
    • By Sebi
      I've created a small module which lets you define a timestamp after which a page should be accessible. In addition you can define a timestamp when the release should end and the page should not be accessable any more.
      ProcessWire-Module: http://modules.processwire.com/modules/page-access-releasetime/
      Github: https://github.com/Sebiworld/PageAccessReleasetime
      Usage
      PageAccessReleasetime can be installed like every other module in ProcessWire. Check the following guide for detailed information: How-To Install or Uninstall Modules
      After that, you will find checkboxes for activating the releasetime-fields at the settings-tab of each page. You don't need to add the fields to your templates manually.
      Check e.g. the checkbox "Activate Releasetime from?" and fill in a date in the future. The page will not be accessable for your users until the given date is reached.
      If you have $config->pagefileSecure = true, the module will protect files of unreleased pages as well.
      How it works
      This module hooks into Page::viewable to prevent users to access unreleased pages:
      public function hookPageViewable($event) { $page = $event->object; $viewable = $event->return; if($viewable){ // If the page would be viewable, additionally check Releasetime and User-Permission $viewable = $this->canUserSee($page); } $event->return = $viewable; } To prevent access to the files of unreleased pages, we hook into Page::isPublic and ProcessPageView::sendFile.
      public function hookPageIsPublic($e) { $page = $e->object; if($e->return && $this->isReleaseTimeSet($page)) { $e->return = false; } } The site/assets/files/ directory of pages, which isPublic() returns false, will get a '-' as prefix. This indicates ProcessWire (with activated $config->pagefileSecure) to check the file's permissions via PHP before delivering it to the client.
      The check wether a not-public file should be accessable happens in ProcessPageView::sendFile. We throw an 404 Exception if the current user must not see the file.
      public function hookProcessPageViewSendFile($e) { $page = $e->arguments[0]; if(!$this->canUserSee($page)) { throw new Wire404Exception('File not found'); } } Additionally we hook into ProcessPageEdit::buildForm to add the PageAccessReleasetime fields to each page and move them to the settings tab.
      Limitations
      In the current version, releasetime-protected pages will appear in wire('pages')->find() queries. If you want to display a list of pages, where pages could be releasetime-protected, you should double-check with $page->viewable() wether the page can be accessed. $page->viewable() returns false, if the page is not released yet.
      If you have an idea how unreleased pages can be filtered out of ProcessWire selector queries, feel free to write an issue, comment or make a pull request!
×
×
  • Create New...