ProcessWire Weekly #333

In the 333rd issue of ProcessWire Weekly we'll check out what's new in the latest dev version of ProcessWire, 3.0.167, and more. Read on!

Welcome to the latest issue of ProcessWire Weekly, #333! As usual, we're going to kick things off by taking a quick look at the latest dev version of ProcessWire, right before diving into some recent online resources; forum threads, articles, and some module updates. Last but not least we'll introduce you folks to a brand new site of the week.

Thanks to all of our readers for being here with us again, and as always, any feedback is most welcome – please don't hesitate to drop us a line if there's anything in your mind you'd like to share with us.

Latest core updates: ProcessWire 3.0.167

In his latest weekly update Ryan introduces ProcessWire 3.0.167, our latest dev release. This version officially contains the updates we covered in our last week's post, as well as a bunch of completely new stuff added just this week:

  • Improvements and optimizations to several database fulltext index-based text-searching operators, such as *=, ~=, *+=, and ~+=.
  • New $input->queryStringClean() method that works like $input->queryString(), with the difference that it also provides a number of options for cleaning up (sanitizing) the query string.
  • Sanitizer array methods now support associative arrays, with a new keySanitizer option that lets one specify the sanitizer method for cleaning up array keys with.
  • Rewritten and improved version of the $sanitizer->validateFile() method.

Added security through enforced SVG file validation

Probably the most important feature included in this week's release is related to the last item on the list above, and currently only affects SVG files: if you allow uploading SVG's in a file or image field (this is something that isn't enabled by default, mind you) ProcessWire requires that you also set up proper validation for uploaded files.

Validating SVG files is quite simple, requiring only that you install the File Validator Svg Sanitizer module, which was just updated to use a new and improved validation library behind the scenes. And, in case you're wondering why this is so important, here's what Ryan has to say about this particular security feature:

This was motivated by SVG files being increasingly problematic [...] because they can contain the kind of bad stuff that regular markup can (scripts, loading external assets, etc.)

— Ryan

The SVG sanitizer requirement can be explicitly disabled on a per-field basis, but since this is a security feature, you should think twice before doing that. Check out the core updates post from Ryan for more details. Thanks!

Weekly forum highlights, tutorials, and other online resources

Here's a list of support forum highlights and other useful and/or interesting resources. As always, please let us know if there's anything important we've missed, so that we can include it in one of our future issues.

Recently updated third party modules

In addition to the articles and forum topics mentioned above, there have also been some pretty interesting new module updates recently. Here are a some highlights:

  • Tracy, the ultimate debugger and development helper for ProcessWire, is about to get a very interesting new feature: support for third party panels. In a nutshell this means that soon any third party module may be able to easily ship custom panels with additions to Tracy's already formidable set of tools. So much potential!
  • Relatively new yet already popular cookie management and async asset loading module PrivacyWire now supports a new category of cookies called "functional", has the ability to store cookie preferences in localStorage, and can output a completely unstyled cookie management banner for added customizability.
  • Table CSV Import / Export, the companion module for the commercial Profields Table fieldtype, now supports exporting subfields of Page Reference field values. This module is a major time saver whenever you're dealing with imports to, or exports from, a Table field. Definitely worth checking out.
  • Finally, we'd like to mention that Padloper, the popular ecommerce module for ProcessWire, received a new maintenance update (1.3.1) this week. This update fixes reported bugs and improves PHP 7.x support. A new major version of this module is also in the works, but not available quite yet.

If you're interested in ProcessWire news, discussions, and updates, there's always something going on at the support forum. Since we're only able to include a tiny selection of all that in our weekly updates, head down to the forum for more.

Site of the week: Cobalt Sky

Our latest site of the week belongs to a London based company called Cobalt Sky. They are a provider of award-winning IT solutions for the market research industry, with an offering consisting of online data collectio, data processing, analytics, data entry, and software solutions.

The website of Cobalt Sky was developed by ID Studio Web Agency. In terms of design the site features a stylish and modern layout, complemented by neat little animation and transition effects. As for the content, the site's got pretty much everything you'd expect to find from a top-notch business site: introduction to the company and the team, service details, news, and so on.

The front-end of the site is powered by the Bootstrap front-end framework, as well as some smaller bits and pieces, such as the Animate On Scroll JavaScript library. As for what's going on behind the scenes — well, that's largely a mystery, apart from the fact that the site is running on ProcessWire; version 3.0.148 of it, to be precise.

Once again great work from ID Studio Web Agency, as well as everyone else involved in the project. Our congratulations to the client, Cobalt Sky — their new site's looking real good, and we're happy to feature it as our latest site of the week!

Stay tuned for our next issue

That's all for the 333rd issue of ProcessWire Weekly. We'll be back with more news, updates, and content Saturday, 3rd of October. As always, ProcessWire newsletter subscribers will get our updates a few days later.

Thanks for staying with us, once again. Hope you've had a great and productive week, and don't forget to check out the ProcessWire forums for more interesting topics. Until next week, happy hacking with ProcessWire!

Post a comment