Tuskfish CMS Developer Guide
10 February 2018 | 218 views | Tags: Documentation
- About this guide
- The quick and dirty version
- A few principles
- Stuff you won't find in Tuskfish
- List of subsystems
- Content objects
- Handling content objects
- The database
- Composing queries
- Tags, collections and section
- Assigning themes to pages
- Switching themes conditionally
- Cloning an existing theme
- Assigning data to templates
- Rendering templates
- Modifying a Bootstrap template to work with Tuskfish
- How secure is Tuskfish CMS?
- Single admin system
- Explicitly minimised attack surface
- Rigorous multi-level validation
- Prepared statements and bound parameters
- Optional two-factor authentication
- No online password reset
- Single origin code
- If you do find a problem
- Developing in a hostile environment
- Validate don't sanitise
- Escape data at the point of use
- Validating input parameters
- An example of data validation
- Character encoding
- Character restrictions
- Mitigating SQL injection
- Mitigating XSS attacks
- Uploading a file
- Appending to a file
- Downloading a file
- Deleting a file
- Clearing a directory
- Deleting a directory
- File type restrictions on uploads
Copyright, all rights reserved.
In this collection
How the error logging system works in Tuskfish CMS.
How to validate and safely escape data in Tuskfish CMS.
An explanation of session management in Tuskfish CMS.
How to access and control RSS feeds in Tuskfish CMS.
How to edit, access and add new site preference values.
Instructions on how to construct database queries with the Tuskfish CMS API.
An overview of the major file system components and their functions.
A few tips on configuring your webserver to allow cross-site requests, set a custom error page and force SSL.
A step through a sample Tuskfish CMS page with an explanation of the code.
How the Tuskfish CMS cache system works.