« Older Entries

Webforms and Security: Three things worth repeating

"Security" by Henri Berguis

“Security” by Henri Berguis

Webforms are among the most powerful tools in the WMS, but with great power comes great responsibility.

Here are 3 things to bear in mind when using a webform on your site.

1. It’s never too late to authenticate.

Wherever possible require users to sign in – this is your first and best defence against spam.

This can be done by unchecking “anonymous user” from the Submission Access settings and selecting only the role(s) that should be allowed to submit the form.

2. It’s worth your while to use Private Files.

If you are using a File component to enable your users to send files, set the Upload destination to “Private files.”

This ensures that files reside in a secure, private directory on your site that can only be accessed by people with the correct permissions.

3. No sign in? Don’t let spam in.

If your form needs to be available without a sign in (e.g., to users from outside the McGill community), make sure to avoid certain components to ensure that your site and users are protected:

  • File Upload fields which can be used to upload malicious files to the site
  • Text Area fields which can be used to disseminate spam content
  • Email Address fields which can also be exploited for spam

You should also avoid sending submission confirmation emails that contain sensitive or personal information such as McGill IDs and other personal information. You can always glean this information from the Submissions tab.

These three things to remember when you are working with webforms should go a long way towards ensuring that your WMS site remains secure and your visitors protected from spam or other malicious content.

For more information, see KB Article #2711: Create Forms in the Web Management System

 

Watch now! WMS Powertools presentation video

We had a great turnout at the Web Service Group’s December 2016 special presentation where we showcased some of the powerful tools in the Web Management System — tools that allow you to create dynamic websites easily and effectively.

Thanks to all the site managers and editors who came and learned how to harness the power of the WMS — the power to work smarter, not harder!

Wishing everyone a safe and happy holiday season! See you in the new year!

WMS Powertools presentation on YouTube

 

Creating Attractive Websites Using the WMS

CCS would like to extend thanks to all the site managers and editors who took the time to attend the special session on May 5, 2016 where we presented tools to create attractive sites. We were pleased to see your interest and we hope that you were inspired by the topics presented.

We would like to hear your feedback so if you haven’t already, please take a moment to complete the evaluation.

If you were unable to attend or would like to revisit certain topics, we invite you to watch the recording.

woman sitting at computer

For hands-on help, you can always register for WMS 302: Lab for editors and managers.

Don’t forget to keep an eye out here on The Beta Blog for interesting news or updates!

Iteration 41

Iteration 41 ran from March 24th until April 10th.

Work undertaken in this iteration included:

  • Outstanding issues with the Channels client system including:
    • Removal of any/any blocks on Drupal 6 sites.
    • Fix for excessive hover-intent calls.
    • Adding proper descriptions to Channels RSS feeds.
    • Channels migration issues with published data overwrites.
    • Adjustments to channels migrations to reflect recent changes to the building content type.
    • Ensuring that Channels video attachments appear for anonymous users.
    • Adjustment of hardcoded categories help text.
    • Style tweaks for channels blocks.
    • Errors encountered when deleting channels items.
    • Import tab altered to allow imports without specified category.
  • Switching inaccessible sites to maintenance mode model.
  • Issues with site migrations including:
    • Localization update errors.
    • Unrestricted landing pages of restricted pages restricted in D7.
    • Custom aliases not migrating properly in all circumstances.
    • Unusual HTML in some migrated blocks.
    • Additional layout issues with images.
    • Universal removal of FLV/SWF references.
    • Menu migration issues on edge case sites.
    • Smaller sized banners not migrated correctly.
    • Incorrect revisions on edge case sites.
  • On this page issues discovered in UAT.
  • Adjustments to work bench file list.
  • Adjustments to taxonomy display for all content types.
  • Custom webform component for convocation project.
  • D6 banner image problems on /study.
  • Adjustments to custom views for D6 music.

Iteration 39

We’ve just began work on iteration 39 which runs from February 10th until Feburary 27th.

Work undertaken in this iteration includes:

  • Addressing a number of bugs uncovered in automated and manual testing of the new D7 Channels system including:
    • Missing audiences in taxonomy term lists.
    • Edge case issues with web services.
    • Warnings displayed when channels blocks are not associated with tags.
  • Additional automated test for the channels module.
  • Development of a thorough integration plan for the various elements of the channels systems.
  • Porting elements of the D6 Global Health application to D7.
  • Porting content types, views and blocks from the HR Job Posting application to D7.
  • Addressing a number of bugs uncovered in site migrations including:
    • An issue that forces users to log into sites twice in order to gain appropriate credentials.
    • Issues with a subset of migrated menu items.
    • Issues with a subset of migrated blocks.
    • Issues with slideshows transitioning at frenetic speeds.
    • Missing styles for quotes and highlight blocks.
    • Issues with text wrapping around floated images.
    • Duplicate images in restricted pages.
    • Broken links.
  • Adjustments to mentoring tools.
  • The deployment of scripts and interfaces to provision QA and development sites.
  • Finalization of the Munasa module in D7.
  • The finalization of the /maps module in D7.
  • Populating content for D7 training sites.
  • Installation of the Google Search Appliance BMC connector.

 

Iteration 37

We’ve just began work on iteration 37 which runs from December 16th until January 16th.

Drupal 6 work undertaken in this iteration includes:

  • Production deployment of staging sites for /applying and /student-health.
  • A fresh import of important dates data for our partners in Enrolment Services.
  • A bug fix for the date-picker used in home page date creation

Drupal 7 work undertaken in this iteration includes:

  • A bug fix for features integration in block access module.
  • Caching adjustments for D7 search.
  • Fixing an issue with install hooks not firing on site creation.
  • Migration of internationalization data for menu content.
  • Additional work to migrate revisions.
  • Additional work to tokenize media upon migration.
  • Final featurization of media handling configuration.
  • Fixing a bug that causes duplicate document links to appear in WYSIWYG content.
  • Appropriate overflow styles for horizontal menu content.
  • Updating our site creation script to work with D7.
  • Porting the AOC login module.
  • A migration tool for custom AOC content.
  • Pushing our updated D7 code base onto production servers.
  • A migration tool for channels content.
  • General integration testing for channels.
  • Additional automated testing for channels.
  • Porting the Channels Import module.
  • Channels QA deployment.
  • Porting list pages to D7.
  • A migration tool for list page content.
  • Styling of building content.
  • Automation of the site migration process.

Iteration 34

We’ve just begun work on iteration 34 which will run from October 13th until October 31st.

Drupal 7 work undertaken in this iteration includes:

  • a bugfix for channels timezone handling.
  • appropriate date styles for channels events.
  • a module that allows restricted page functionality to be turned on or off for certain sites.
  • ensuring that restricted pages and regular pages all have menu items associated with them.
  • a styling issue with language negotiation.
  • converting several channels sub-modules to Drupal 7.
  • final setup for D7 training sites.
  • the creation of several D7 QA sites for use in UAT.
  • migration tools for blocks, webforms and arts internships data.
  • creating a McGill RAS module to give RAS users greater autonomy on D7 development sites.
  • adding features integration to media-nivo-slider module.
  • ensuring that a home link is created for all new Drupal sites.
  • updating quicktabs and spamspan modules.
  • converting AOC’s McGill Winners application to D7.
  • porting the mcgill_caps application to d7.
  • adding shared secret support to mcgill_commerce.
  • fixing an error that occurs when modules are installed in D7.
  • fix a conflict between masquerade and logout_toboggan modules.
  • address simpletest failures within mcgill_assets module.
  • provide libraries staff with access to the new remote application server.
  • additional controls related to home page menu links.
  • addressing a warning message in menu_control_perms.
  • creation of appropriate themes for nivo-slider.
  • Featurization of nivo-slider config.

Drupal 6 work undertaken in this iteration includes:

  • the creation or promotion of several staging sites.
  • ensuring that site managers see appropriate tabs in search.
  • code review for our partners in libraries.
  • fixing bad publication dates on a few channels items.
  • additional translation for the new search interface.
  • fixing a validation error with the new search UI.
  • removing extraneous function calls related to search.
  • additional testing of the new search interface.
  • deployment of the new search interface.
  • deployment of the new important dates interface.

Iteration 29

Iteration 29 is currently underway and will run from June 17th to July 10th.

This is our first iteration devoted primarily to the new Drupal 7 upgrade project.  Drupal 7 work undertaken includes:

  • Upgrading our servers to a new version of PHP.
  • Google analytics integration.
  • Upgrading a number of custom modules to D7 including emergency messaging, status, menu control, multisite and the creation of a new module combining JS and CSS from a number of sources previously found in d6.
  • Testing and deploying a number of modules contributed by the Drupal community including modernizr, internationalization, secure pages, masquerade, login toboggan, quick tabs, scheduler, better exposed filters, custom breadcrumbs, block class, lightbox 2, redirect, localization update, webform, webform validation and advagg.
  • Updating our standard Moriarty theme to work with Drupal 7.
  • Setting up infrastructure that allows us to utilize automated test-driven development in D7.
  • Setting up infrastructure for D7 training sites.

Additionally, we will be doing a limited amount of Drupal 6 work including:

  •  Finalizing improved search.
  • A revised interface for important dates content.

Iteration 28

Iteration 28 is currently underway and will run from May 27th to June 13th.

Work underway includes:

  • A bug fix for the homepage slideshow.
  • CSS exceptions for our partners in libraries.
  • Making the new /ece site live.
  • Creation of a staging site for /medadmissions.
  • Creation of a staging site for /music.
  • An issue with a broken thumbnail on the McGill home page.
  • Creation of search infrastructure for the new /importantdates site.
  • Research into an appropriate video solution for Drupal 7.
  • Deployment of distributed global navigation.
  • A bug fix for accordions styles within columns.
  • CSS fix for missing admin menu on WordPress sites using the McGill Base theme.
  • A bug wherein site manager access is lost for content -> edit.
  • Addition of venue field for replacement music calendar.
  • Deployment of /music calendar solution.
  • Finalization of localization server config.
  • Media guide data import from WMS to McGill Profiles.
  • Design implementation for new /importantdates site.
  • Automated tag restructuring with /importantdates content.
  • Deployment of Drupal-based global search.
  • Deployment of DAR’s new Drupal 7 site.
  • Deployment of AOC/Channels integration.
  • Featurization of home page audience selector.
  • Review of home page content in an effort to uncover linked slideshow nodes.
  • Issues with channels content when ANY/SourceSite is selected.
  • Issues with /mentoring mentor selection process.
  • Data export of WPS channels items for the Faculty of Law.
  • Refeaturization of teaching snapshots application.

A McGill Social Media module

Our next deployment will include a new social media feature. Under Structure you will find “Site follow links” which will allow Site Managers to advertise selected social media networks in a block to be placed on your website.
Currently the application supports

  • Facebook
  • Tumblr
  • Twitter
  • Flickr
  • Google plus
  • YouTube
  • LinkedIn
  • WordPress (under publications.mcgill.ca and blogs.mcgill.ca)
  • Vimeo
  • Picassa
  • RSS
« Older Entries
Blog authors are solely responsible for the content of the blogs listed in the directory. Neither the content of these blogs, nor the links to other web sites, are screened, approved, reviewed or endorsed by McGill University. The text and other material on these blogs are the opinion of the specific author and are not statements of advice, opinion, or information of McGill.