Headline
CVE-2022-40488: ProcessWire: An open source CMS with a powerful API
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
// Render your site’s primary navigation
echo $pages->get('/')->children->each('<li><a href={url}>{title}</a>');
// Find buildings: built before 1950, 10+ floors, sort by height
$pages->find('template=building, year<1950, floors>=10, sort=height');
// Output field “headline” when present or “title” if not
echo '<h1>' . $page->get('headline|title') . '</h1>';
// Get “email” field from /contact/ page and use it in link
<a href='mailto:<?= $pages->get('/contact/')->email ?>'>Email</a>
// Output first “images” field item on page at 90px width
<img src='<?= $page->images->first->width(90)->url ?>'>
// Set “headline” field value on page and save to database
$page->setAndSave('headline', 'Hello world');
Every bit of content in your site is never more than 1-line of code away. It doesn’t matter how large or small your site is, with ProcessWire all your content is connected, making it fast and easy to find, and incredibly simple to access, output and manipulate.
All fields in ProcessWire are custom fields that you easily define and edit in the admin. You can create as many of them as you want, and of any type. You can even bundle them in repeatable groups called Repeater fields. ProcessWire is built to adapt to your content needs.
Every field has a type and there are dozens of different types. It’s all here—text, rich text, numbers, files, images, multi-language, dates, page references, custom repeatable groups, and on and on… plus you can easily add more, since they are plugins/modules!
Related news
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).