Message-ID: <126657783.2062.1556113521409.JavaMail.javamailuser@localhost>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_2061_903363839.1556113521408"
------=_Part_2061_903363839.1556113521408
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Migrating to Ushahidi 2.3
Migrating to Ushahidi 2.3
This page details major change since the previous releas=
e (2.2), effects these might have on custom code/plugins/themes and what yo=
u can do about those.
Major changes
=09- =C2=A0CSRF protection module was added
=09
=09=09- By default, this module checks for a CSRF token on every POST req=
uest
=09=09- To ensure your forms POST the CSRF token, make sure you use the f=
orm::open() helper
=09=09- To skip CSRF validation for a particular request, pass a paramete=
r to the validate function
=09=09
=09=09=09- $post->validate(FALSE)
=09=09
=09=09
=09
=09
=09- Base controllers and private deployment access control
=09
=09=09- When a deployment is set to private, access checks are run before=
all controllers
=09=09- Only controllers login and riverid are available to non-logged in=
users.
=09
=09
=09- Openlayers updated to 2.11
=09
=09=09- This could impact any custom mapping code
=09
=09
=09- Changing mapping js and map helper to help get WMS working
=09
=09=09- Set max resolution, extent and units to the same thing in all map=
ping js
=09=09- Add better hooks to the map helper
=09
=09
=09- Base layer changes
=09
=09=09- OSM now the default
=09=09- Broken OSM layers removed
=09=09- Bing maps layer added
=09=09- ESRI maps added
=09
=09
=09- Locale renamed to Ush_Locale
=09
=09=09- This is to avoid clashes with the PHP intl module
=09=09- Calls to locale functions need to use the new name
locale::language() becomes ush_locale::language()
=09
=09
=09- Incident_Model::is_valid_incident($id) now defaults to only return t=
rue is report is approved
=09
=09=09- Custom code that uses this and should allow unapproved reports sh=
ould pass a 2nd parameter of FALSE
=09
=09
=09- Schema changes
=09
=09
=09- Installer improvements
=09
=09=09- This includes the introduction of an admin login email configurat=
ion.
=09=09- Hiding of admin password once installation is complete.
=09
=09
=09- Added HTML editing and more attributes to the page editor.
2.3.1
=09- Security fixes for session storage
=09
=09=09- Add warnings for those who have not changed their encryption key<=
/li>
=09=09
- Add warnings for those not using SSL
=09=09- Switch sessions to use the 'database' driver
=09
=09
2.3.2
=09- Fix 2.3.1 changes - switch back to 'cookie' session driver
=09
=09=09- 'database' driver was causing issues
=09
=09
=09- Admin API authentication fix
=09
=09=09- Admin API is now blocked for users with role 'member'
=09
=09
------=_Part_2061_903363839.1556113521408--