« SNAPPSapalooza | Main| Announcement: Brand new template added to SNAPPS Quickr Templates »

SNAPPS Quickr Templates updated and available for Quickr 8.2

QuickImage Category QuickrTemplates
I'm happy to say that a couple days ago, we posted both an update for 8.1.0.9 and 8.2 templates! Once again, we've managed (with some difficulty) to keep the same source code for all versions.

There is a trick for new installs of 8.2 that I have to get into the documentation, but I'll post it here for the moment. In qpconfig.xml, you must turn off xsrf in the security section. This is a new setting in 8.2 designed to prevent a rare kind of cross-site scripting attack. When on, Quickr validates a new form is created from a standard place (as in, "New Page or Folder" link). In the templates, however, there are several places where we create a link to open a new form, which triggers this "nonce token check". Bottom line, turn it off. Eventually we'll code the forms and links to comply with the new setting. In the meantime, you were only vulnerable to this kind of XSS if you happened to have Quickr on the extranet, and open for Anonymous access to post. Which you can't really do anyway, except in the blog template.

So, enough boring admin details, new features!

*QMeeting has a new meeting form that supports indentation in the agenda, zero-time agenda items and hiding/showing times. This feature set was sponsored by a customer, the Central Bank of the Bahamas. Thanks!

*QSurvey, QIdeas and QPresent have a new advanced delete function. When using "Delete" in one of the main forms, the delete call is intercepted and replaced with our version which will clean up remnants left behind by that action. In QSurvey, it will delete answers. In QIdeas and QPresent, it will clean up comments and versions. QSurvey also received a new feature, the ability to copy a survey to a new instance with the same questions. Of course, all these features made it into QSite.

*Six templates that have our advanced workflow engine received a new Workflow Setup form, with an enhanced and more intuitive UI for setting up the unlimited workflow steps.

The above features are in the Quickr 8.1.0.9 and 8.2 templates for download as well as the source code.

So - go get the goods and enjoy!

Lots of exciting news coming this week...new template, new free tool going to public beta, and more info coming on CU 2009!

Posted by Rob Novak On 06/08/2009 |

Comments

Gravatar Image1 - Rob,
Would this have anything to do with why I can't log into any of the places on a brand new Quickr 8.2 install?

Posted by Bruce Currier At 07:39:49 AM On 06/09/2009 | - Website - |


Gravatar Image2 - Hi Bruce,

Do you mean any places, or the template places? No - the setting doesn't affect logins.

-Rob

Posted by Rob Novak At 07:51:08 AM On 06/09/2009 | - Website - |


Gravatar Image3 - Rob,
I was referring to Step 4 under "Instructions for Installing a Single Template for Standalone Use" in the IBMLotusQuickRTemplatesDoc.pdf.

Posted by Bruce Currier At 08:04:43 AM On 06/09/2009 | - Website - |


Gravatar Image4 - I have seen this occasionally on servers set up for native Domino access. We use LDAP when building the templates. In this case, I suggest you use a super user to log in.

Posted by Rob Novak At 10:49:42 AM On 06/09/2009 | - Website - |


Gravatar Image5 - Rob,
Thanks, that seemed to work (once I created the QuickPlaceAdministratorsSUGroup and populated it).

Can't wait to start playing with these and seeing what we can do with Quickr.

Posted by Bruce Currier At 12:19:55 PM On 06/09/2009 | - Website - |


Gravatar Image6 - Hi Rob, do you know why I am getting this error? Thanks very much.

{ Link }

Posted by James Green At 02:05:04 PM On 06/09/2009 | - Website - |


Gravatar Image7 - @James, that's exactly the error you will get if the above referenced xsrf protection is not turned off. I just updated the documentation with the exact step to take to avoid the error, and posted in the forum as well. Here is a recap for others who might get this error (it happens on any form launched from a place other than Quickr's own "New Page or Folder" scene):

Special Instruction: Quickr 8.2 server setting

On a new Quickr 8.2 server, in the qpconfig.xml file, you must modify the new setting for xsrf protection in the security section as follows:

<xsrf_protection enabled="false" />

If you do not modify this setting, you will receive the error message:

Warning
Problem: You can not take this action from this URL, Please go back to the previous page and try again
Solution:Try Again

Cheers,
Rob

Posted by Rob Novak At 02:37:26 PM On 06/09/2009 | - Website - |


Gravatar Image8 - Thanks Rob, I was wondering whether this was it. Mine was an upgrade so the xsrf setting must be the default in 8.2 even if it doesn't exist in qpconfig.xml

Posted by James Green At 02:54:25 PM On 06/09/2009 | - Website - |


Gravatar Image9 - I had the same error msg as James.
However still got the error message after adding the line specified in the documentation.

I am not very familiar with the qpconfig file structure so I did not know that this line had to be added within a <security> field.

After adding the following everything worked like a charm:

<security>
<xsrf_protection enabled="false"/>
</security>

Posted by Dagfinn Rasmussen At 02:41:43 AM On 06/12/2009 | - Website - |


Gravatar Image10 - Hi Dagfinn,

A key to knowing where to put new items in qpconfig.xml is having a look at qpconfig_sample.xml which ships new with every version and sometimes hotfixes.

Glad you have it working now.

-Rob

Posted by Rob Novak At 05:37:37 AM On 06/12/2009 | - Website - |


Gravatar Image11 - I had same error as James after Quickr is upgraded from ver 8.1 to ver 8.3.
After I turn on the security section and disable xsrf_protection, quickr 8.2 works nicely. Thank you very much, Rod.
What the difference does it make if the security section is turned on?


Posted by Lily At 03:27:58 PM On 07/20/2009 | - Website - |


Gravatar Image12 - It would be useful to know WHERE I could found the qpconfig.xml file...

Posted by Bernd Blue At 03:24:00 AM On 01/12/2010 | - Website - |


Gravatar Image13 - @Bernd it is in the data directory - unless you have a default setup in which case you create it as a copy of qpconfig_sample.xml

Posted by Rob Novak At 09:49:54 AM On 01/12/2010 | - Website - |


Gravatar Image14 - why can't i make an enhanced task in quickr 8.2? fyi i'm assigned as a manager..

Posted by janita At 06:23:42 PM On 02/17/2010 | - Website - |


Gravatar Image15 - Hi Janita,

What version are you using of 8.2 (FixPack), and what happens when you try?

Posted by Rob Novak At 07:02:06 PM On 02/17/2010 | - Website - |


Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)

Calendar

Rock On With Me and SNAPPS

Join me and the great team at SNAPPS at these upcoming events:

Collaboration University Webinar: Taking Quickr to the Next Level - Was held March 11 - GREAT event and feedback, watch for more Webinars this summer!
Lotus Quickr Development Boot Camp - April 12-14, limited to 12
iPhone Development for Business Seminar - April 16, limited to 15, not IBM-specific

These last two new events are very limited capacity. Hope to see you there!

Be With the Band

Follow me on Twitter!


Opt in to receive Rob's semi-regular newsletter about Quickr, Sametime, Free Stuff and Conferences. Just enter your email address below, you can unsubscribe at any time.
Subscribe to my newsletters...
Email:

On With The Show

Here is a list of the SNAPPS templates for Lotus Quickr and other free resources on QuickrTemplates.com:
Templates:
QContacts
QIdeas
QIssues
QMeeting
QPhotos
QPresent
QProject
QSite
QSurvey

Utilities:
AnyPlace SiteMap
AnyPlace ServerMap
AnyPlace Designer for Dreamweaver

Free Apps:
PandaBear: Cross-Platform File Management
Flippr: Lightweight Quickr Admin Client
SnappFiles: iPhone Client for Quickr, Filenet, ICM...

Downloads: 104,397
Countries: 161
Read about the templates in Intranet Journal

Search

Archive

Googles

  • No Search Referers