<
From version < 28.6 >
edited by Vincent Massol
on 2010/10/25
To version < 29.1 >
edited by abusenius
on 2010/10/25
>
Change comment: Improved the note about testing csrf protection

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.VincentMassol
1 +XWiki.abusenius
Content
... ... @@ -156,9 +156,9 @@
156 156  
157 157  == Experimental xwiki/2.1 wiki syntax ==
158 158  
159 -The xwiki wiki syntax sees further improvements as xwiki/2.1 is still in an experimental stage. A new feature is an enhanced syntax for links, which is more generic and allows easier extensions with new link types, demonstrated in this release with support for path and [[interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]].
159 +The xwiki wiki syntax sees further improvements as xwiki/2.1 is still in an experimental stage. A new feature is an enhanced syntax for links and images, which is more generic and allows easier extensions with new link types, demonstrated in this release with support for path and [[interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]].
160 160  
161 -Basic syntax:
161 +Basic syntax for links:
162 162  
163 163  {{code language="none"}}
164 164  [[label>>referenceType:referenceData]]
... ... @@ -178,13 +178,29 @@
178 178  {{velocity}}[[reset the history>>path:$doc.getURL('reset')||queryString="confirm=1"]]{{/velocity}}
179 179  {{/code}}
180 180  
181 -{{info}}This syntax is not enabled by default, you must edit ##xwiki.cfg## and add it to the ##xwiki.rendering.syntaxes## setting to try it out.{{/info}}
181 +Basic syntax for images:
182 182  
183 +{{code language="none"}}
184 +image:referenceType:referenceData
185 +[[image:referenceType:referenceData||paramN=valueN]]
186 +{{/code}}
187 +
188 +{{info}}
189 +This syntax is not enabled by default, you must edit ##xwiki.cfg## and add it to the ##xwiki.rendering.syntaxes## setting to try it out.
190 +{{/info}}
191 +
183 183  === [[Interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]] ===
184 184  
185 -Basic syntax:
194 +Basic syntax for XWiki Syntax 2.0:
186 186  
187 187  {{code language="none"}}
197 +[[label>>path@interwikiAlias]]
198 +[[Interwiki links>>Interwiki_links@wikipedia]]
199 +{{/code}}
200 +
201 +Basic syntax for XWiki Syntax 2.1:
202 +
203 +{{code language="none"}}
188 188  [[label>>interwiki:wikiAlias:path/data]]
189 189  [[Interwiki links>>interwiki:wikipedia:Interwiki_links]]
190 190  {{/code}}
... ... @@ -249,14 +249,28 @@
249 249  
250 250  == General Notes ==
251 251  
252 -{{warning}}If you're running in a multiwiki setup you'll also need to define the property //xwiki.store.migration.databases=all// to your //xwiki.cfg// file or explicitly name all databases to be migrated as in //xwiki.store.migration.databases=db1,db2,...//.{{/warning}}
268 +{{warning}}
269 +If you're running in a multiwiki setup you'll also need to define the property //xwiki.store.migration.databases=all// to your //xwiki.cfg// file or explicitly name all databases to be migrated as in //xwiki.store.migration.databases=db1,db2,...//.
270 +{{/warning}}
253 253  
254 254  You may also want to [[import the default wiki XAR>>Main.Download]] in order to benefit from the improvements listed above.
255 255  
256 -{{warning}}Always make sure you compare your //xwiki.cfg// file with the newest version since some configuration parameters were added. Note you should add //xwiki.store.migration=1// so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.{{/warning}}
274 +{{warning}}
275 +Always make sure you compare your //xwiki.cfg// file with the newest version since some configuration parameters were added. Note you should add //xwiki.store.migration=1// so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.
276 +{{/warning}}
257 257  
258 -{{warning}}Experimental support for CSRF protection is included in this release, although not enabled by default. This mechanism changes the way data is supposed to be saved, a change which will not completely break custom applications in most cases, but which might insert an extra validation step needed for actually saving the data.{{/warning}}
278 +== Migration Notes ==
259 259  
280 +The main entry point for the search UI is now the Main.Search page that will use the configured search engine (Lucene by default). If you want to refer to Lucene or Database search explicitly you can use the ##Main.LuceneSearch## and ##Main.DatabaseSearch## pages. Note that nothing is broken here (##Main.WebSearch## page is still there and internally it includes the ##Main.DatabaseSearch## page), it's just the new clean way of targeting the search page.
281 +
282 +=== Testing CSRF protection ===
283 +
284 +An experimental support for CSRF protection is included in this release, although not enabled by default.
285 +
286 +{{warning}}
287 +This mechanism changes the way data is supposed to be saved, a change which will not completely break custom applications in most cases, but which might insert an extra validation step needed for actually saving the data.
288 +{{/warning}}
289 +
260 260  It is **strongly recommended** to set up a testing/development environment, enable this feature and fully test all the code. In most cases things should work with no additional changes. If the default edit mode is not used, or if the default velocity templates are not used, it should be enough to add the following line:
261 261  
262 262  {{code language="html"}}
... ... @@ -263,10 +263,6 @@
263 263  <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
264 264  {{/code}}
265 265  
266 -== Migration Notes ==
267 -
268 -The main entry point for the search UI is now the Main.Search page that will use the configured search engine (Lucene by default). If you want to refer to Lucene or Database search explicitly you can use the ##Main.LuceneSearch## and ##Main.DatabaseSearch## pages. Note that nothing is broken here (##Main.WebSearch## page is still there and internally it includes the ##Main.DatabaseSearch## page), it's just the new clean way of targeting the search page.
269 -
270 270  === Removed deprecated flickr plugin ===
271 271  
272 272  The old flickr plugin was outdated and the API was broken, so, as a consequence, it has been removed. A new plugin will be available in the future. Meanwhile you can still find it in the contrib-retired at this [[link>>http://svn.xwiki.org/svnroot/xwiki/contrib/retired/plugin-flickr/]].

Get Connected