Posts by JordinB

    I agree, i love to automate things . so being able to create a script that would programatically setup a basic site and allow me to choose what i need for that specific site would be the type of thing i would create. It would be awesome if the API was more of a REST Api which allowed full control over the different resources in the system.

    Don’t forget if you’re referencing external urls like fonts or other CDN provided content you don’t need to specify a protocol the browser will use the protocol of the page. Ex: http://cdn.jquery.com becomes //cdn.jquery.com and you won’t get mixed content issues if your protocol changes from page to page.... not that it should though ;-)

    So your using the get parameter without filtering or encoding it and then using it as part of a concatenation for a URL that is used in the navigation so yes as it is it’s definitely an XSS vulnerability.


    Remember “filter inputs and encode output”


    Filter with filter_input() or filter_var() functions

    And you can encode with htmlspecialchars()


    This is not a perch issue though, learn these functions. And do some research into XSS and SQLi prevention and practices.

    Yeah I ran across something that this would be useful for. On an old site a client had uploaded multiple versions of the same logo for use in a multi region so the asset manager was polluted with the logo. But since different instances of the same logo were used by different items of the multi region we didn’t know which were in use or not. Having an icon like that would be a good visual queue to know which one to use and eventually weed out the ones not used so that they could be removed and only have one instance remaining.

    Hi just wanted to share a site we launched a couple of weeks ago: https://adrslevis.org


    Its for a local dance academy here in Québec Canada. Yes the text is french 8o.


    Currently we are in the first release which is a basic Perch site with the blog, forms, members and shop app. It uses my TinyImg app to optimize images and the shop products are the courses given by the academy. We also have another custom app that allows members to add their kids as 'students' in a (1:N) relationship to be associated with the future registration process.


    Next release we'll be adding in registration using the cart and payments as well as a class management app for instructors and sort of intranet document sharing.


    Constructive criticism is ALWAYS appreciated as well if you seen any issues with the site it would be nice to know.


    Thanks.

    seoMatt - Not too sure what extra JS you would need. Can you please explain the reasoning behind the required page load to switch the menu and why you decided not to go with a media query to toggle it ? In the interest of leaning from others ?


    Thanks!

    I’ve had sites switch back and forth between the two without problems over the years. Like Drew said if your on a shared host there is a decent chance you’re already using Maria without knowing. Just last week I had to export a Maria database and then import it into MySQL with 0 issues.


    Unless you’re using triggers, stored procedures or cursors, you’re not going to see much of a difference, and even then probably not. When Maria first came out we used it for a project because the DB admin wanted us to set up some specific trigger action that wasn’t supported in MySQL at the time, i can’t remember exactly what wasn’t supported but i’m not sure that’s even an issue any more.


    Most of the time I hear people switch it’s based on a grudge held against Oracle.

    Lets not forget that Chrome will be flagging your sites that are not secure which will show up in the address bar and may give users a off-putting experience.


    They already to for sites with login or credit card form and they plan on doing it for all sites soon.


    The tools are there to deliver SSL by default for free, I can't understand why you wouldn't do it even if you may not "Need" to. It just looks more professional even to show the closed padlock beside your url.