uAdmin v0.5.1 Release Notes

Release Date: 2020-08-07 // over 3 years ago
  • [0.5.1] Atlas Moth - 2020-08-07

    ➕ Added

    🔄 Changed

    • dAPI function method can return a value if the method called has a return. Note: if you have a return, you cannot use $next to redirect.

    🗄 Deprecated

    ✂ Removed

    🛠 Fixed

    • 🛠 Fixed false possitive SQL Injection in dAPI join.
    • 🛠 Fixed false detection in customGet for private fields of type []struct as an M2M field.
    • 💻 Typo in uadmin command line tool.

    🔒 Security

    • CSRF protection in dAPI in functions: add, edit, delete and method.
    • Tamplate function CSRF implemented in uadmin.RenderHTML and uadmin.RenderHTMLMulti. It returns anti CSRF token.
    • uadmin.IsAuthenticated recognizes nouser sessions. These sessions are for users who are not authenticated in the system. To set a session cookie, user SetSessionCookie
    • uadmin.SetSessionCookie receives a pointer to a session and sets the session cookie in a secure way. If you pass a nil to the session, the session will be created as a nouser session which is still a session but gives the user to access as an authenticated user. These sssions can be used to protect against CSRF attacks in case you have a public API.