I've seen many tickets regarding how to show friendly delete confirmation using CGridView's CButtonColumn in ajax request. If you are using relational database, after producing CRUD functionality when you try to delete a record in ajax mode which has child record it can't be deleted and you can see the ajax loader forever. By this way you can't show the users if a record has been successfully deleted or if there are some problem in flash style (setFlash() / getFlash())
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
Few days ago i was playing with TCPF plugin to create a PDF files. Since i have checked few available extension and also checked some forum threads but still i dont get my expected result for PDF file.