On Tue, Feb 26, 2008 at 6:51 AM, Sean Cribbs <[EMAIL PROTECTED]> wrote: > Radiant 0.6.5 has been a long time coming! And just to be sure, we want > to release a candidate or two to make sure we have everything solid. > There are some really major changes in this release, and here's the two > big ones: > > * Rails 2.0.2 included
Is this new version of radiant going to use the Rails 2 new CSRF protection system?. In the SVN trunk I can only see this feature explictly disabled on test enviroment (config/enviroments/test.rb#27) and since the application.rb is still unchanged (with no protect_from_forgery as in the new Rails2 apps) that suggest me that the CSRF measures are going disabled. I know radiant's forms are mostly handmaded without helpers (same for the ajax processes) and that enabling the anti-forgery measures will break a few forms/views. So... what is your view about this?. I'll gladly submit the needed patches if finally we go with the protected version (even if this go fot the 0.6.6... ). Last but by no means least... thanks to the radiant community for this great software and to all the commiters for this new version. -- Kind Regards, Aitor Garcia Cofounder - Linking Paths http://www.linkingpaths.com _______________________________________________ Radiant mailing list Post: [email protected] Search: http://radiantcms.org/mailing-list/search/ Site: http://lists.radiantcms.org/mailman/listinfo/radiant
