This page details major change since the previous release (2.2), effects these might have on custom code/plugins/themes and what you can do about those.
Major changes
- CSRF protection module was added
- By default, this module checks for a CSRF token on every POST request
- To ensure your forms POST the CSRF token, make sure you use the form::open() helper
- To skip CSRF validation for a particular request, pass a parameter to the validate function
- Base controllers and private deployment access control
- When a deployment is set to private, access checks are run before all controllers
- Only controllers login and riverid are available to non-logged in users.
- Openlayers updated to 2.11
- This could impact any custom mapping code
- Changing mapping js and map helper to help get WMS working
- Set max resolution, extent and units to the same thing in all mapping js
- Add better hooks to the map helper
- Base layer changes
- OSM now the default
- Broken OSM layers removed
- Bing maps layer added
- ESRI maps added
- Locale renamed to Ush_Locale
- This is to avoid clashes with the PHP intl module
- Calls to locale functions need to use the new name
locale::language() becomes ush_locale::language()
- Incident_Model::is_valid_incident($id) now defaults to only return true is report is approved
- Custom code that uses this and should allow unapproved reports should pass a 2nd parameter of FALSE
- Schema changes
- Installer improvements
- This includes the introduction of an admin login email configuration.
- Hiding of admin password once installation is complete.
- Added HTML editing and more attributes to the page editor.
2.3.1
- Security fixes for session storage
- Add warnings for those who have not changed their encryption key
- Add warnings for those not using SSL
- Switch sessions to use the 'database' driver
2.3.2
- Fix 2.3.1 changes - switch back to 'cookie' session driver
- 'database' driver was causing issues
- Admin API authentication fix
- Admin API is now blocked for users with role 'member'