Tuskfish CMS Developer Guide
10 February 2018 | 322 views | Tags: Documentation
- About this guide
- The quick and dirty version
- A few principles
- Stuff you won't find in Tuskfish
- List of subsystems
- Content objects
- Handling content objects
- The database
- Composing queries
- Tags, collections and section
- Assigning themes to pages
- Switching themes conditionally
- Cloning an existing theme
- Assigning data to templates
- Rendering templates
- Modifying a Bootstrap template to work with Tuskfish
- How secure is Tuskfish CMS?
- Single admin system
- Explicitly minimised attack surface
- Rigorous multi-level validation
- Prepared statements and bound parameters
- Optional two-factor authentication
- No online password reset
- Single origin code
- If you do find a problem
- Developing in a hostile environment
- Validate don't sanitise
- Escape data at the point of use
- Validating input parameters
- An example of data validation
- Character encoding
- Character restrictions
- Mitigating SQL injection
- Mitigating XSS attacks
- Uploading a file
- Appending to a file
- Downloading a file
- Deleting a file
- Clearing a directory
- Deleting a directory
- File type restrictions on uploads
Copyright, all rights reserved.
In this collection
How the file handling system works in Tuskfish CMS.
Introduction to the Tuskfish CMS Developer Guide.
A short list of tools and resources I found helpful in developing Tuskfish.
An explanation of the theme and template system and how to work with it.
Future plans for improvement of the Tuskfish Content Management System.
The inner workings of the Tuskfish search subsystem.
How to organise content with tags, collections and sections in Tuskfish CMS.
How to create, render and display content blocks in Tuskfish CMS.
How to set and override site- and page-level metadata.
How session management and security works in Tuskfish CMS.