https://tuskfish.biz/rss/?id=47 Contents Introduction About this guide The quick and dirty version A few principles Stuff you won't find in Tuskfish List of subsystems Tour of the file system Overview of the architecture Content objects Handling content objects The database Composing queries Tags, collections and sections The cache Image cache Page cache Site preferences Accessing preferences Editing preferences Adding new preferences Search RSS feeds The theme and template system Themes Assigning themes to pages Switching themes conditionally Cloning an existing theme Templates Assigning data to templates Rendering templates Bootstrap Modifying a Bootstrap template to work with Tuskfish Anatomy of a typical page Security How secure is Tuskfish CMS? Single admin system Explicitly minimised attack surface Rigorous multi-level validation Prepared statements and bound parameters Optional two-factor authentication No online password recovery Single origin code If you do find a problem Sessions Initialising sessions Session security Admin authentication Validating and escaping data Developing in a hostile environment Validate don't sanitise Escape data at the point of use Validating input parameters An example of data validation Character encoding Character restrictions Mitigating SQL injection Mitigating XSS attacks Metadata and pagination Site level metadata Page level metadata Overriding metadata Creating blocks About blocks Static blocks Dynamic blocks Creating your own dynamic blocks File operations Uploading a file Appending to a file Downloading a file Deleting a file Clearing a directory Deleting a directory File type restrictions on uploads Logging errors Webserver hacks: Rattle and hum Allowing cross-site requests Setting a custom error page Forcing SSL Useful tools and resources Tools Resources Development road map [email protected] [email protected] Copyright all rights reserved