SNAPPS Quickr Templates updated and available for Quickr 8.2
Category QuickrTemplatesI'm happy to say that a couple days ago, we posted both an update for 8.1.0.9 and 8.2 templates! Once again, we've managed (with some difficulty) to keep the same source code for all versions.
There is a trick for new installs of 8.2 that I have to get into the documentation, but I'll post it here for the moment. In qpconfig.xml, you must turn off xsrf in the security section. This is a new setting in 8.2 designed to prevent a rare kind of cross-site scripting attack. When on, Quickr validates a new form is created from a standard place (as in, "New Page or Folder" link). In the templates, however, there are several places where we create a link to open a new form, which triggers this "nonce token check". Bottom line, turn it off. Eventually we'll code the forms and links to comply with the new setting. In the meantime, you were only vulnerable to this kind of XSS if you happened to have Quickr on the extranet, and open for Anonymous access to post. Which you can't really do anyway, except in the blog template.
So, enough boring admin details, new features!
*QMeeting has a new meeting form that supports indentation in the agenda, zero-time agenda items and hiding/showing times. This feature set was sponsored by a customer, the Central Bank of the Bahamas. Thanks!
*QSurvey, QIdeas and QPresent have a new advanced delete function. When using "Delete" in one of the main forms, the delete call is intercepted and replaced with our version which will clean up remnants left behind by that action. In QSurvey, it will delete answers. In QIdeas and QPresent, it will clean up comments and versions. QSurvey also received a new feature, the ability to copy a survey to a new instance with the same questions. Of course, all these features made it into QSite.
*Six templates that have our advanced workflow engine received a new Workflow Setup form, with an enhanced and more intuitive UI for setting up the unlimited workflow steps.
The above features are in the Quickr 8.1.0.9 and 8.2 templates for download as well as the source code.
So - go get the goods and enjoy!
Lots of exciting news coming this week...new template, new free tool going to public beta, and more info coming on CU 2009!

Comments
Would this have anything to do with why I can't log into any of the places on a brand new Quickr 8.2 install?
Posted by Bruce Currier At 07:39:49 AM On 06/09/2009 | - Website - |
Do you mean any places, or the template places? No - the setting doesn't affect logins.
-Rob
Posted by Rob Novak At 07:51:08 AM On 06/09/2009 | - Website - |
I was referring to Step 4 under "Instructions for Installing a Single Template for Standalone Use" in the IBMLotusQuickRTemplatesDoc.pdf.
Posted by Bruce Currier At 08:04:43 AM On 06/09/2009 | - Website - |
Posted by Rob Novak At 10:49:42 AM On 06/09/2009 | - Website - |
Thanks, that seemed to work (once I created the QuickPlaceAdministratorsSUGroup and populated it).
Can't wait to start playing with these and seeing what we can do with Quickr.
Posted by Bruce Currier At 12:19:55 PM On 06/09/2009 | - Website - |
{ Link }
Posted by James Green At 02:05:04 PM On 06/09/2009 | - Website - |
Special Instruction: Quickr 8.2 server setting
On a new Quickr 8.2 server, in the qpconfig.xml file, you must modify the new setting for xsrf protection in the security section as follows:
<xsrf_protection enabled="false" />
If you do not modify this setting, you will receive the error message:
Warning
Problem: You can not take this action from this URL, Please go back to the previous page and try again
Solution:Try Again
Cheers,
Rob
Posted by Rob Novak At 02:37:26 PM On 06/09/2009 | - Website - |
Posted by James Green At 02:54:25 PM On 06/09/2009 | - Website - |
However still got the error message after adding the line specified in the documentation.
I am not very familiar with the qpconfig file structure so I did not know that this line had to be added within a <security> field.
After adding the following everything worked like a charm:
<security>
<xsrf_protection enabled="false"/>
</security>
Posted by Dagfinn Rasmussen At 02:41:43 AM On 06/12/2009 | - Website - |
A key to knowing where to put new items in qpconfig.xml is having a look at qpconfig_sample.xml which ships new with every version and sometimes hotfixes.
Glad you have it working now.
-Rob
Posted by Rob Novak At 05:37:37 AM On 06/12/2009 | - Website - |
After I turn on the security section and disable xsrf_protection, quickr 8.2 works nicely. Thank you very much, Rod.
What the difference does it make if the security section is turned on?
Posted by Lily At 03:27:58 PM On 07/20/2009 | - Website - |
Posted by Bernd Blue At 03:24:00 AM On 01/12/2010 | - Website - |
Posted by Rob Novak At 09:49:54 AM On 01/12/2010 | - Website - |
Posted by janita At 06:23:42 PM On 02/17/2010 | - Website - |
What version are you using of 8.2 (FixPack), and what happens when you try?
Posted by Rob Novak At 07:02:06 PM On 02/17/2010 | - Website - |