Tuskfish CMS Developer Guide
10 February 2018 12814 views | Documentation v1
Contents
Introduction
- About this guide
- The quick and dirty version
- A few principles
- Stuff you won't find in Tuskfish
- List of subsystems
Tour of the file system
Overview of the architecture
- Content objects
- Handling content objects
- The database
- Composing queries
- Tags, collections and sections
The cache
Site preferences
Search
RSS feeds
The theme and template system
- Themes
- Assigning themes to pages
- Switching themes conditionally
- Cloning an existing theme
- Templates
- Assigning data to templates
- Rendering templates
- Bootstrap
- Modifying a Bootstrap template to work with Tuskfish
Anatomy of a typical page
Security
- How secure is Tuskfish CMS?
- Single admin system
- Explicitly minimised attack surface
- Rigorous multi-level validation
- Prepared statements and bound parameters
- Optional two-factor authentication
- No online password recovery
- Single origin code
- If you do find a problem
Sessions
Validating and escaping data
- Developing in a hostile environment
- Validate don't sanitise
- Escape data at the point of use
- Validating input parameters
- An example of data validation
- Character encoding
- Character restrictions
- Mitigating SQL injection
- Mitigating XSS attacks
Metadata and pagination
Creating blocks
File operations
- Uploading a file
- Appending to a file
- Downloading a file
- Deleting a file
- Clearing a directory
- Deleting a directory
- File type restrictions on uploads
Logging errors
Webserver hacks: Rattle and hum
Useful tools and resources
Development road map
Copyright, all rights reserved.