This page details major change since the previous release (2.5), effects these might have on your code and what you can do about those.

Switched WYSIWYG HTML editor to Redactor as previous editor had many issues

Sharon to add details

Use OAuth to grab twitter feeds

Linda to add details

Better XSS protection

• Add HTMLPurifier library for proper HTML sanitization
• Add function to html helper
  • html::escape($input) - Escape HTML entities.
  • html::strip_tags($input, $escape = TRUE) - strip all tags. Optionally escapes HTML entities too.
  • html::clean($input) - Limit HTML tags to only whitelisted elements.
• These should be used instead of htmlentities, string_tags or other built in HTML cleaning functions
• If you're upgrading make sure to copy the new config options (see below) from config.template.php

• If you make heavy use of HTML in your report descriptions you may need to modify the whitelist options in config.php

• If you are upgrading from you should copy the following config into you config.php file:
  
  

/**
 * Allowed HTML tags in report description and other large text fields
 * 
 * Formated is based on http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed
 */
$config['allowed_html'] = "a[href|title],p,img[src|alt],br,b,u,strong,em,i,h2,h3,h4,h5,h6";

/**
 * Allowed iframe URLs in report description and other large text fields
 * 
 * Formated is based on http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp
 */
$config['safe_iframe_regexp'] = '%^http://(www.youtube.com/embed/|player.vimeo.com/video/|w.soundcloud.com/player)%';

Theming changes

• The following functions are now deprecated (but should continue to work)

  • plugin::add_javascript() - use Requirements::js()

  • plugin::add_stylesheet() - use Requirements::css()

  • plugin::remove_javascript() - use Requirements::block()

• Add theme inheritance and css/js overriding
  • This still default to including the default theme

  • Allows themes to specify CSS/JS files to include through readme.txt

    Theme Name: Default Description: Version: 1.0 Author: Ushahidi Author Email: team@ushahidi.com Demo: http://www.ushahidi.com CSS: base,accordion,slider,style JS:

  • Allow themes to override CSS/JS from parent theme by include a file of the same name
• Split out themes/default/css/style.css
• Handle all CSS / JS includes through 1 library: Requirements
  • This enables us to combine and compress these files
  • We're adding CSSMin and JSMin to compress files
  • A bunch of new options in application/config/requirements.php
• Add support for RTL css files through Requirements library.
  • All CSS files can be replaced by a file of the same name with the -rtl suffix.
• Now using CDN (when configured) for theme files too #904
• Further documentation here: https://wiki.ushahidi.com/display/WIKI/Managing+CSS+and+JS+in+Ushahidi

Updating your theme:

If your main theme CSS file was name 'style.css' this will now be overriding the default style.css.
If you still need the default theme CSS to be included just rename your CSS file to something else.

The following CSS files will be included automatically: base.css, style.css, _default.css
To use a different CSS file name, add it to readme.txt in your theme.

CSS / JS compression issues

If you have problems with CSS / JS compression after the upgrade, you can disable this feature in application/config/requirements.php

Reworking reports upload and download

Review the github issue here:#792 .

• Streamlined the "successful upload" view
• Adding support for upload/download of reports via XML format
  • Inclusive of import/creation of forms and their respective form field structures into deployments that may not have those forms already in place
  • Handles category creation, their subcategorisation and import of their respective translations
• Additional fixes for import of custom form fields via CSV
  • Form_id to downloaded CSV, allowing for import of reports/field responses matched with their respective forms.
  • Custom fields within different forms but with the same name shall be differentiated by the form_id appended to column names
  • Handling case insensitivity issues when uploading custom form field responses.

For additional information, review the CSV upload guide and the XML Upload guide

New hooks and events

• Added hook for getting the incident object from the member's report controller #891
• Add new event to change members main tabs #882
• Add event to allow adding extra variables to a view #550
• Add report_save hook to incidents model #913

Full details of changes are available in the changelog