[Radiant] [ANN] Radiant 0.6.5 Release Candidate 1
Sean Cribbs
seancribbs at gmail.com
Mon Mar 3 11:20:38 CST 2008
Aitor,
We will need to investigate what it takes to use this. It may have to
delay until the next release if it requires changing a lot of view
code. Also, what are the risks of leaving it out? I'm not aware of
what it specifically protects.
Sean
Aitor Garcia Rey wrote:
> On Tue, Feb 26, 2008 at 6:51 AM, Sean Cribbs <seancribbs at gmail.com> wrote:
> > Radiant 0.6.5 has been a long time coming! And just to be sure, we want
> > to release a candidate or two to make sure we have everything solid.
> > There are some really major changes in this release, and here's the two
> > big ones:
> >
> > * Rails 2.0.2 included
>
> Is this new version of radiant going to use the Rails 2 new CSRF
> protection system?. In the SVN trunk I can only see this feature
> explictly disabled on test enviroment (config/enviroments/test.rb#27)
> and since the application.rb is still unchanged (with no
> protect_from_forgery as in the new Rails2 apps) that suggest me that
> the CSRF measures are going disabled.
>
> I know radiant's forms are mostly handmaded without helpers (same for
> the ajax processes) and that enabling the anti-forgery measures will
> break a few forms/views. So... what is your view about this?. I'll
> gladly submit the needed patches if finally we go with the protected
> version (even if this go fot the 0.6.6... ).
>
> Last but by no means least... thanks to the radiant community for
> this great software and to all the commiters for this new version.
>
> --
> Kind Regards,
> Aitor Garcia
> Cofounder - Linking Paths
> http://www.linkingpaths.com
> _______________________________________________
> Radiant mailing list
> Post: Radiant at radiantcms.org
> Search: http://radiantcms.org/mailing-list/search/
> Site: http://lists.radiantcms.org/mailman/listinfo/radiant
>
>
More information about the Radiant
mailing list