Criticism of UMI.CMS

Published on January 22, 2012

Criticism of UMI.CMS


    UMI.CMS is positioned as a "new generation site management system." The official site welcomes us with a joyful message that more than 86,000 licenses have been issued, but it is worth noting that all types of licenses are considered here, not only paid, but also free. So, for example, I needed to get more than a dozen free licenses, and since all licenses are tied to a domain, when transferring sites to working domains, you need to get the license again.

    On the main page of the official site it is written that UMI.CMS use more than 10,000 sites and a list of large sites that use this system is given. The first site on this list is the Skolkovo site, which has already left UMI.CMS on ASP ( they already wrote about it on the hub)) The second site on this list is the Svyaznoy site, it is not clear which site is meant, but the official site www.svyaznoy.ru works on Bitrix, and not on UMI.CMS. The same thing is with the Moscow government website , although the official UMI.CMS website indicates that they work specifically on this CMS.

    The source code of the main page of the official site UMI.CMS pleases us with such a layout:
    <h2 class="h2_style_main_page" style="margin-bottom: 0; display: inline-block; *width: 281px; margin-left: -21px; float: left;">Отзывы от владельцев сайтов</h2>
    <a style="margin-bottom: 0; position: relative; bottom: 0; text-decoration: none; display: inline-block; float: right; right: 64px; top: 3px; font-weight: bold;" href="/product/reviews/">Все</a>
    <h2 class="h2_style_main_page" style="margin-bottom: 0; display: inline-block; float: right; margin-right: 162px;">Отзывы от разработчиков сайтов</h2>
    <div class="clear" style="height: 1px; margin: 0; padding: 0;"> </div>
    </div>
    <div class="clear" style="height: 1px; margin: 0; padding: 0;"> </div>
    <div id="respones" class="respones" style="width: 920px !important; *height: 420px !important;">
    <div id="responesContainer" style="width: 920px !important;">


    It’s good that the site is not made up of tables, as, for example, the official site of CMS DLE .

    The site " Documentation of the site developer " and " Documentation of the developer UMI.CMS " are made not on UMI.CMS, but on the basis of simple HTML pages using frames (by the way, the title of the document in the layout is not written on all pages).
    The wiki site is also not made on UMI.CMS, but on the open source MediaWiki engine.

    To install UMI.CMS on your hosting you need to download the install.php file, which itself will download all the CMS files from the Internet. Accordingly, it will not work to have UMI backups of different versions, since the latest version is always downloaded. It should be noted that UMI.CMS requires the presence of the php xsl extension on the server, which is not installed on all hosting services. The full trial version of UMI.CMS without installed demo sites takes 180 mb (4,985 files and 1,277 folders), the database consists of 80 tables with a size of 3.5 mb.

    Validation of the admin part of UMI.CMS by a validator gives 36 errors and 3 warnings (document type not declared, missing alt tags for images, non-standard attributes).

    When editing materials in UMI.CMS there is no simple button “Preview”, but there are three buttons “Save”:


    Adding images (a known CMS problem) turns into hell if the number of images becomes more than 20-50, because after loading the image you must first find it (by name or preview), select it and only then insert it. Those. There is no simple mode - I selected the file, downloaded, pasted.

    Layout


    One of the main advantages according to the creators of UMI.CMS is the edit-in-place mode, which allows you to edit the site in visual mode right on the page without going to the admin panel. The flip side of this feature is the use of non-standard attributes in html tags (for example: umi: element-id = “44” umi: region = “row” umi: field-name = “name” umi: empty = “Section name” umi: delete = “Delete” ), which results in a non-valid layout.

    UMI.CMS uses macros that trigger certain actions (for example, displaying a catalog item, photo galleries, etc.). When you paste these macros into the visual editor (using Tinymce), they are wrapped with p tags. As a result, when most macros are triggered, div tags appear inside the p tag, which leads to invalid layout.

    In addition, legacy tags are commonly used in templates.
    <b> и <i>
    instead of semantically more correct
    <strong> и <em>
    and the styles are not written in CSS, but in the HTML code. Same thing with Javascript.

    Prior to version 2.8.5, the UMI.CMS theme files were located in different folders:
    css in / css
    js in / js
    tpl in / tpl / content, / tpl / news, / tpl / catalog, etc.
    xslt in / xsltTpls

    i.e. the structure was not convenient and a large amount of time in creating a theme took constant transitions between folders. Transferring templates between projects was also complicated. Fortunately, in version 2.8.5, the developers proposed a new option - placing all the templates in the templates folder.

    SEO


    UMI.CMS has certificates “Optimal for SEO” and “UMI.CMS meets the requirements of SEO” www.umi-cms.ru/product/system/seo .

    In the SEO settings, you can specify a prefix for the Title tag, although it is more advisable to specify a suffix rather than a prefix. Automatic generation of description and keywords tags is also not supported. By default, you cannot create CNC using addresses like system modules (for example, news, catalog, etc.), as a result, pages with the names news1, catalog 1 appear on the site (although it is possible to enable support for such CNCs, but they are strongly recommended in the documentation do not do this). The CNC in UMI.CMS is generated automatically, but by default, the underscore character "_" is used as separators between words, although the recommended character is a hyphen "-" (you can enable the use of a hyphen, but it is hidden very deeply and is configured in config.ini )

    The latest versions of UMI.CMS have built-in support for the MegaIndex service and you can specify your data from an account to this service in the settings of the SEO module. By default, there are data from UMI - login and password hidden behind asterisks. This password can be easily spied (for example, through the Web Developer extension for Firefox). As a result, you can get to your UMI account on the MegaIndex website , where there is a list of sites that have used this feature on their site. The report data shows keywords, site positions, and other information.

    Security


    UMI.CMS has a “secure web application” certificate www.umi-cms.ru/product/system/safe , although, for example, when using tpl templates (which are still very popular and are used on many sites) when inserting html code ( including iframe) in the fields “Name”, “Field H1”, “Field meta DESCRIPTIONS”, “Field TITLE”, “Field meta KEYWORDS” it is not processed at all and is displayed on the page as is, i.e. it’s very easy to break the entire site, having access only to editing materials. In addition, javacode is also not processed in any way, i.e.
    <script>alert('XSS');</script>
    works great.

    When using the xslt template, javascripts only work if you paste them into a text editor (which is also enough to do the troubles).

    Updates


    Updates are a sore subject of many CMS. In UMI.CMS, for example, when updating the old version to a new one, some modules that were in the previous version of the system may disappear, i.e. In addition to paid updates (and paid updates), you will need to pay extra for modules that are missing during the update.
    There were also cases that new errors appear in the new version, which were not in previous versions, and technical support itself recommends restoring the site from backup made before the update.

    Development


    The system files are found in the classes folder, most of the functions and classes in them are not documented in any way (there are comments in only 82 files out of 786), i.e. deeply understand UMI.CMS without spending a large amount of time will fail.

    All of its additional functions in UMI.CMS should be written in custom.php files, which should be placed in system folders. Over time, the custom.php file grows with its functions, and accordingly there are problems with enabling / disabling individual functions, transferring them between projects.

    Additional functionality (paid or free) for UMI.CMS is available very little. Of the additional paid modules, there is only the GeoIP module , some of the projects are on the UMI HUB, all the missing functionality will have to be written independently.

    Mistakes


    Errors and glitches can be different, one of the funniest - you change b tags to strong - you get non-working macros after the place where the tags are changed.

    One of the last mistakes I encountered today. Install UMI.CMS or use the demo version , set it in the admin panel using any one template (xslt or tpl), then go to the editing of this template and delete all information about it (name, file address, etc.). As a result, we get the error: Despite the fact that the template for the user part of the site was changed, the site admin also stopped working. If you want to have this system as the "heart of your site", then I remind you that the most complete version of UMI.CMS costs 29,900 rubles. UPD
    Неперехваченное исключение
    Ошибка (coreException): Undefined templater






    The most discussion in the comments was caused by security issues, in particular, the lack of processing the output of standard material fields in tpl templates. The representative of UMI.CMS flatly refuses to recognize this as a vulnerability or potential vulnerability, calling it a "flaw." He also unequivocally blames UMI.CMS for such "flaws" on the developers of the site. Everyone will make conclusions for himself.