The information in this wiki hasn't been maintained for a good while. Some of the projects described have since been deprecated.

In particular, the "Ushahidi Platform v3.x" section contains information that is often misleading. Many details about this version of Platform have changed since.

This website is an extraction of the original Ushahidi wiki into a static form. Because of that, functions like logging in, commenting or searching will not work.

For more documentation, please refer to

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

This page details major change since the previous release (2.2), effects these might have on custom code/plugins/themes and what you can do about those.

Major changes

  •  CSRF protection module was added
    • By default, this module checks for a CSRF token on every POST request
    • To ensure your forms POST the CSRF token, make sure you use the form::open() helper
    • To skip CSRF validation for a particular request, pass a parameter to the validate function
      • $post->validate(FALSE)
  • Base controllers and private deployment access control
    • When a deployment is set to private, access checks are run before all controllers
    • Only controllers login and riverid are available to non-logged in users.
  • Openlayers updated to 2.11
    • This could impact any custom mapping code
  • Changing mapping js and map helper to help get WMS working
    • Set max resolution, extent and units to the same thing in all mapping js
    • Add better hooks to the map helper
  • Base layer changes
    • OSM now the default
    • Broken OSM layers removed
    • Bing maps layer added
    • ESRI maps added
  • Locale renamed to Ush_Locale
    • This is to avoid clashes with the PHP intl module
    • Calls to locale functions need to use the new name
      locale::language() becomes ush_locale::language()
  • Incident_Model::is_valid_incident($id) now defaults to only return true is report is approved
    • Custom code that uses this and should allow unapproved reports should pass a 2nd parameter of FALSE
  • Schema changes
    • TODO add info
  • Installer improvements
    • This includes the introduction of an admin login email configuration.
    • Hiding of admin password once installation is complete.
  • Added HTML editing and more attributes to the page editor.


  • Security fixes for session storage
    • Add warnings for those who have not changed their encryption key
    • Add warnings for those not using SSL
    • Switch sessions to use the 'database' driver


  • Fix 2.3.1 changes - switch back to 'cookie' session driver
    • 'database' driver was causing issues
  • Admin API authentication fix
    • Admin API is now blocked for users with role 'member'