<
From version < 28.7 >
edited by Vincent Massol
on 2010/10/25
To version < 29.1 >
edited by abusenius
on 2010/10/25
>
Change comment: Improved the note about testing csrf protection

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.VincentMassol
1 +XWiki.abusenius
Content
... ... @@ -185,7 +185,9 @@
185 185  [[image:referenceType:referenceData||paramN=valueN]]
186 186  {{/code}}
187 187  
188 -{{info}}This syntax is not enabled by default, you must edit ##xwiki.cfg## and add it to the ##xwiki.rendering.syntaxes## setting to try it out.{{/info}}
188 +{{info}}
189 +This syntax is not enabled by default, you must edit ##xwiki.cfg## and add it to the ##xwiki.rendering.syntaxes## setting to try it out.
190 +{{/info}}
189 189  
190 190  === [[Interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]] ===
191 191  
... ... @@ -263,14 +263,28 @@
263 263  
264 264  == General Notes ==
265 265  
266 -{{warning}}If you're running in a multiwiki setup you'll also need to define the property //xwiki.store.migration.databases=all// to your //xwiki.cfg// file or explicitly name all databases to be migrated as in //xwiki.store.migration.databases=db1,db2,...//.{{/warning}}
268 +{{warning}}
269 +If you're running in a multiwiki setup you'll also need to define the property //xwiki.store.migration.databases=all// to your //xwiki.cfg// file or explicitly name all databases to be migrated as in //xwiki.store.migration.databases=db1,db2,...//.
270 +{{/warning}}
267 267  
268 268  You may also want to [[import the default wiki XAR>>Main.Download]] in order to benefit from the improvements listed above.
269 269  
270 -{{warning}}Always make sure you compare your //xwiki.cfg// file with the newest version since some configuration parameters were added. Note you should add //xwiki.store.migration=1// so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.{{/warning}}
274 +{{warning}}
275 +Always make sure you compare your //xwiki.cfg// file with the newest version since some configuration parameters were added. Note you should add //xwiki.store.migration=1// so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.
276 +{{/warning}}
271 271  
272 -{{warning}}Experimental support for CSRF protection is included in this release, although not enabled by default. This mechanism changes the way data is supposed to be saved, a change which will not completely break custom applications in most cases, but which might insert an extra validation step needed for actually saving the data.{{/warning}}
278 +== Migration Notes ==
273 273  
280 +The main entry point for the search UI is now the Main.Search page that will use the configured search engine (Lucene by default). If you want to refer to Lucene or Database search explicitly you can use the ##Main.LuceneSearch## and ##Main.DatabaseSearch## pages. Note that nothing is broken here (##Main.WebSearch## page is still there and internally it includes the ##Main.DatabaseSearch## page), it's just the new clean way of targeting the search page.
281 +
282 +=== Testing CSRF protection ===
283 +
284 +An experimental support for CSRF protection is included in this release, although not enabled by default.
285 +
286 +{{warning}}
287 +This mechanism changes the way data is supposed to be saved, a change which will not completely break custom applications in most cases, but which might insert an extra validation step needed for actually saving the data.
288 +{{/warning}}
289 +
274 274  It is **strongly recommended** to set up a testing/development environment, enable this feature and fully test all the code. In most cases things should work with no additional changes. If the default edit mode is not used, or if the default velocity templates are not used, it should be enough to add the following line:
275 275  
276 276  {{code language="html"}}
... ... @@ -277,10 +277,6 @@
277 277  <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
278 278  {{/code}}
279 279  
280 -== Migration Notes ==
281 -
282 -The main entry point for the search UI is now the Main.Search page that will use the configured search engine (Lucene by default). If you want to refer to Lucene or Database search explicitly you can use the ##Main.LuceneSearch## and ##Main.DatabaseSearch## pages. Note that nothing is broken here (##Main.WebSearch## page is still there and internally it includes the ##Main.DatabaseSearch## page), it's just the new clean way of targeting the search page.
283 -
284 284  === Removed deprecated flickr plugin ===
285 285  
286 286  The old flickr plugin was outdated and the API was broken, so, as a consequence, it has been removed. A new plugin will be available in the future. Meanwhile you can still find it in the contrib-retired at this [[link>>http://svn.xwiki.org/svnroot/xwiki/contrib/retired/plugin-flickr/]].

Get Connected