Tags: EiffelWebFramework/ROC
Tags
Contributions from the eiffel.org project (metadata, taxonomy, XSS pr…
…otection, etc...) .
Use meaningful content values to set the html page metadata.
- Try to use content summary or title, or whatever value is close to a "description" in order to set the html page metadata "description".
- Use tags related to page content, in addition to the site keywords to set the keywords metadata.
- Include the site keywords only on front page.
Taxonomy:
- When listing all terms from a vocabulary (taxonomy), sort then by number of occurrences and display the number of occurrences.
- When listing all entities related to a term (taxonomy), add a link to display list of all terms from the associated vocabulary.
- Fixed query related to taxonomy, to find entities associated with a specific term.
XSS security vulnerabilities:
- added permissions on content format usage
- Added a new SECURITY_HTML_CONTENT_FILTER content filter, to remove unwanted <script> ... onload="..." src="javascript:..." .
- Fixed security vulnerability when generating the feed, be sure to use the associated format for `summary`.
- Added cms format related helper feature, and also a shortcut for secured format (using the security filter).
- Use {htmlentities}..{/htmlentities} at many additional places in templates.
Authentication:
- improved "approval" mechanism for new user registration (still in progress, may need deeper design workflow changes)
Core:
- Added a way to set custom path alias.
- New CMS_MODULE.add_optional_dependency (...)
- Protect cache creation/update against failure such as no more memory.
- Updated cms block design to allow setup even on block loaded from cache.
- Added FEED_PROVIDER_HOOK to access directly FEED object if available within CMS.
(note: it avoids being an http client of itself)
- The CMS response uses the utf-8 charset.
- Minor design change in RECAPTCHA_API to have integer attributes instead of strings.
Webapi:
- Added session auth for webapi (useful for script embedded in cms pages).
- Ensure the json webapi response is really UTF-8 encoded!
Modules:
- Contact: Fix html for contact notification email.
- Contact: Improved the "contact" notification email by adding information about the sender!
- File: - Added permission to delete its own uploaded files.
- Wikitext: - Generate TOC for any WIKITEXT_FILTER generation.
- Wikitext: - Added quick and basic help for wikitext editing.
- Embedded video: Updated embedded video filter implementation.
- Google search: Removed deprecated google_search module (replaced by google_search_20).
Removed obsolete calls (mostly conversion from string 8 to string 32, or reverse).
Fix code to follow recommendation from the Code analyzer.
Reverted after EiffelWeb reverted the change that made WSF_URI_HANDLE… …R and WSF_URI_TEMPLATE_HANDLER inheriting from WSF_EXECUTE_HANDLER.
Fixed conflicts between versions of repeatedly inherited feature.
Fixed session logout by setting expiration date in the past and empty… … content.
List user roles for each users in the admin list of users.
Fixed "destination" support when login. (i.e when visitor click on signin from page A, one he is signed, he will be redirected to the initial page A.)
Updated CMS_HOOK_BLOCK, to provide a better block_identifiers (CMS_RE… …SPONSE): detachable ITERABLE [READABLE_STRING_8] query, to be implemented by CMS_HOOK_RESPONSE_BLOCK descendants. Added CONFIG_READER.table_keys: detachable LIST [READABLE_STRING_32].
Added missing change to installed file for demo example.
PreviousNext