uAdmin v0.5.2 Release Notes

Release Date: 2020-08-20 // about 1 year ago
  • ๐Ÿ› Bug Fixes:

    • โž• Added CSRF token to inlines form for deleting
    • ๐Ÿ‘‰ User was overwritten with old user on logout when using cache sessions

Previous changes from v0.5.1

  • [0.5.1] Atlas Moth - 2020-08-07

    โž• Added

    ๐Ÿ”„ Changed

    • dAPI function method can return a value if the method called has a return. Note: if you have a return, you cannot use $next to redirect.

    ๐Ÿ—„ Deprecated

    โœ‚ Removed

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed false possitive SQL Injection in dAPI join.
    • ๐Ÿ›  Fixed false detection in customGet for private fields of type []struct as an M2M field.
    • ๐Ÿ’ป Typo in uadmin command line tool.

    ๐Ÿ”’ Security

    • CSRF protection in dAPI in functions: add, edit, delete and method.
    • Tamplate function CSRF implemented in uadmin.RenderHTML and uadmin.RenderHTMLMulti. It returns anti CSRF token.
    • uadmin.IsAuthenticated recognizes nouser sessions. These sessions are for users who are not authenticated in the system. To set a session cookie, user SetSessionCookie
    • uadmin.SetSessionCookie receives a pointer to a session and sets the session cookie in a secure way. If you pass a nil to the session, the session will be created as a nouser session which is still a session but gives the user to access as an authenticated user. These sssions can be used to protect against CSRF attacks in case you have a public API.