ProcessWire Weekly #493

In the 493rd issue of ProcessWire Weekly we'll check out ProcessWire 3.0.230, introduce a couple of brand new modules, and more. Read on!

Welcome to the latest issue of ProcessWire Weekly! In this week's issue we're going to take a quick peek at what's new in the latest development version of the core, 3.0.230, and introduce two brand-new modules: LoginTimer and SkipInputfieldLabel.

As always we've also got a new site of the week, and this week that is the new website of the one and only two Michelin star restaurant in Scotland, Restaurant Andrew Fairlie. Their website is one of the most beautiful sites we've come across in a while, so be sure to check them out.

Thanks to all of our readers for being here with us again, and as always, any feedback is most welcome – please don't hesitate to drop us a line if there's anything in your mind you'd like to share with us. Enjoy our latest issue and have a great weekend!

Latest core updates: ProcessWire 3.0.230

This week we've got a new version of ProcessWire, 3.0.230, available via the dev branch at GitHub. The latest weekly update from Ryan introduces this update, and also a new module he's just released, called LoginTimer.

What's new in ProcessWire 3.0.230?

Compared to 3.0.229, this version includes a few relatively minor bug fixes — nothing major, but it's still worth updating if you're already using the dev branch — but also some new or improved features:

  • The Pageimage::webp() method accepts an optional array of arguments, making it possible to override applicable settings ("useSrcUrlOnSize", "useSrcUrlOnFail", and "quality") on a case by case basis while creating a WebP variation.
  • The wireIconMarkup() function was rewritten and expanded with new features, such as added support for custom attributes and optional non-breaking space ( ) appended to the resulting icon markup.
  • Pageimage::width(), Pageimage::height() and Pageimage::ratio() methods return a value cached in the database by default, improving heir performance. They will, though, still attempt to recalculate the size if an earlier attempt has failed.

More details can be found from the GitHub commit log for ProcessWire version 3.0.230. As Ryan mentions in his weekly update, current plan is to merge these updates to the master branch soon, perhaps as soon as next week.

That's all for our core updates section this week. Be sure to also check out the weekly update post from Ryan at the support forum. Thanks!

New module: LoginTimer

LoginTimer is a brand-new module created by Ryan. Introduced in this week's weekly update and the accompanying blog post, this module adds a new security feature that helps prevent a somewhat complex type of attack, commonly known as timing attack:

Timing attacks take advantage of the fact that different inputs to login forms can take differing amounts of time to process. Timing how long different input takes over repeated attempts begins to reveal patterns that an attacker may extrapolate and build from.

— Ryan

The way this module works is that it makes sure that all login requests take similar time, regardless of whether they were successful or unsuccessful, if the username or password was valid or not, etc. This approach effectively nullifies timing attacks, since the attacker can no longer gain any new insight from the login flow.

There is a downside to this approach: since it needs to delay the response, it increases the risk of denial of service attacks. Though, as Ryan mentions in his post, ProcessWire automatically throttles login requests, thus making this less of an issue.

For most use cases LoginTimer will work right out of the box automatically, but in case you need to do something special in your own code that is login related, the module provides an API consisting of three methods: start, save, and apply.

For more details, be sure to check out the timing attacks and how to prevent them blog post from Ryan. If you'd like to give this module a try, you can install it via the built-in modules manager in admin, or clone or download it from the LoginTimer repository.

New module: Skip Inputfield Label

Skip Inputfield Label is a brand-new module that makes the built-in skipLabel option for inputfields available via the admin field editor, making it possible to visually hide the label, or even remove it completely, for any given field.

The use case for this module is to reduce clutter in the admin interface. In some cases the label can feel a bit much, as there may already be enough information for the user to figure things out. Please note, though, that using this module can also result in non-userfriendly interfaces. Especially removing the markup for the label may cause pretty serious accessibility issues.

If you'd like to give this module a try, you can install it via the built-in modules manager in the admin, clone or download the module's source code from the SkipInputfieldLabel GitHub repository, or install it via Composer. If you have questions or run into problems, visit the Skip Inputfield Label support forum thread for assistance.

Site of the week: Restaurant Andrew Fairlie

Our latest site of the week belongs to Restaurant Andrew Fairlie, currently the only two Michelin star restaurant in Scotland.

Founded in 2001, Restaurant Andrew Fairlie can be found at the Gleneagles Hotel. They are specialized in French-inspired cooking using locally sourced, seasonal ingredients. Their website provides a very interesting introduction to the history of the restaurant, discusses their evolution and what sets them apart, and provides a simple reservation system for those interested in visiting the restaurant for a splendid fine dining experience.

Discover Restaurant Andrew Fairlie, nestled discreetly within the renowned Gleneagles hotel. This exclusive, two-Michelin-starred restaurant offers an unforgettable dining experience, where impeccable service and creative cuisine take center stage.

— Sites directory entry for the Restaurant Andrew Fairlie website

The Retaurant Andrew Fairlie website was crafted by Equator, a Scotland based Digital Transformation Consultancy. The front-end of this site appears to be custom-built, so there's no full-blown front-end framework in play here, while the bulk of the content has been created using a block builder type approach.

Taking a quick peek under the hood, one familiar third party module was quite easy to recognize: the commercial caching and minification tool ProCache. Other third party modules we could spot include FormBuilder and Dynamic Selects.

Congratulations to the team behind this site for a job well done — and of course also to the client, Restaurant Andrew Fairlie, for their brilliant, ProcessWire powered website!

Stay tuned for our next issue

That's it for the 493rd issue of ProcessWire Weekly. We'll be back with more news, updates, and content Saturday, 28th of October. As always, ProcessWire newsletter subscribers will get our updates a few days later.

Thanks for staying with us, once again. Hope you've had a great and productive week, and don't forget to check out the ProcessWire forums for more interesting topics. Until next week, happy hacking with ProcessWire!

Post a comment