Topics for the week are the new mail proxy support, documentation about how to use a local copy of Orchard Core source code as NuGet packages, and the published Lombiq projects on NuGet! Do you want to know more? Then check out our post now! Orchard Core updates Support Mail Proxy Let's say that your web hosting provider doesn't allow outbound connections by default (IONOS Windows Shared). In this case, all outbound connections should be sent through a proxy on this platform. You can configure it for HTTP(S) by adding this in the Startup.cs of the Orchard Core web app: HttpClient.DefaultProxy = new WebProxy("http://winproxy.server.lan:3128"); However, there was no way to configure this for SMTP connections. So there was an issue about not being able to send a mail with Orchard on this hosting provider. But from now you can configure the proxy server and the proxy port number by enabling the OrchardCore.Email module and using the SMTP Settings. The documentation is also updated with these new settings. Using a local copy of Orchard Core source code as NuGet packages There is a new page in the Orchard Core Documentation about how to use a local copy of Orchard Core source code as NuGet packages. In this new article, you can see how to create your own local NuGet feed from your local source code, how to publish to your NuGet feed, and how to update your project to use the newly created feed. News from the community Configure portable object localization in ASP.NET Core There was an ASP.NET Community Standup about localizing the .NET website. There was a topic on how the .NET websites have been localized using the Orchard Core localization package with PO files. Sébastien Ros did a demo about the package, explained how the localizer works, how to inject it, how to use the module, how to create a PO file, how to use pluralization, etc. If you would like to know more about localization and haven't seen that demo yet, check out the recording of that standup meeting here! And in the meantime, now there is a new article on the Microsoft Technical Documentation where you can read more about what is a PO file, how to configure PO file support in ASP.NET Core, or how to create a PO file with several useful examples. Open-source Lombiq projects now published on NuGet We have more than 160 open-source repositories under our GitHub organization, out of which more than 140 are somehow related to Orchard (including Orchard Core and 1.x). Up until now, if you wanted to utilize our projects in your own ones, you could only reference them as Git submodules or copy over the source files. Now, however, all the Orchard Core-related projects of ours, as well as several others, are available as NuGet packages! Check out our blog post to know more about our NuGet packages! Do you want to easily publish your projects to NuGet as well? You can build on what we've created for that: Take a look at our new GitHub Actions project that we developed with the help of Orchard community member Dean Marcussen. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 238 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

This week you can read about hiding the "New" option from the admin UI if they are not authorized to edit, changing the content of the built-in recipes, and a demo about a UI testing PoC with the Lombiq UI Testing Toolbox! Are you interested in the details? Check out this post for more! Orchard Core updates Hide the "New" option if they are not authorized to edit If you have a list content type (e.g., Blog) with the contained type (Blog Post) and the user doesn't have Edit Blog Post permission, they still see the New Blog Post button on the Blog editor. Note, that the user has permission to edit the Blog. And it was a bug that could be reproduced by just following some simple steps: Create a Blog Post content type. Create a Blog content type with a ListPart containing the Blog Post type. Update the Moderator role: set Edit for Blog but don't set it to Blog Post. Create a test user and associate them with the Moderator role. Log in with the test user and create a Blog. Observe that the New Blog Post button appears on the top-right corner, but you'll get a 403 when you click on it. The solution was just to similarly to the Content list page authorize the user to edit the types so if they are not authorized to edit, then hide the New option. Remove FileContentDefinition from recipes Last December, the community decided to do not to enable the File Content Definition feature by default. And by doing that, the OrchardCore.Contents.FileContentDefinition usage was removed from the Agency and Blog recipes. It's only useful in specific cases, and most of the time you need to turn it off. The same issue is there with the Headless and Blank recipes. Especially for the Blank recipe, there is no reason to include anything apart from the bare bones. The solution was just to remove the OrchardCore.Contents.FileContentDefinition enables a step from the two recipes. Demos UI testing PoC with the Lombiq UI Testing Toolbox In this demo, we will talk about this particular pull request, which is about a proof of concept. Maybe you have already heard about the Lombiq UI Testing Toolbox, our web UI testing toolbox mostly for Orchard Core applications. Everything you need to do UI testing with Selenium for an Orchard app is here. We wrote about it several times here as well, first when we open-sourced it when we added some Orchard Core Features tests to it, and some weeks ago, you could read about the automated monkey testing feature of the toolbox. So, what about trying out this toolbox in Orchard itself, and let's see whether it works and whether it can be useful. Of course, we have Cypress tests in Orchard Core, so this will be something with the same goal - not necessarily useful, not necessarily wanted to add - it's a proof of concept. Let's see how it looks! If you check out the mentioned pull request, you will find a new OrchardCore.Tests.UI project which references the UI Testing Toolbox. It contains a couple of classes, the main point here is the BasicOrchardFeaturesTests one. As you can see, this contains two xUnit test methods. The first is just running the TestBasicOrchardFeaturesExceptRegistrationAsync method, which tests all the basic Orchard features except for registration with the Blog recipe. You can specify the recipe itself with several other options like enabling accessibility checks. The second test is a failing test that you can check out on the CI. It's a usual Dotnet test execution, so you get a test summary in the end. You can see what the test did, and you can find the exact reason why this test failed (because it's cannot find the element by the navbar ID on a given page). If you go to Summary and check out Artifacts, you can download a file that contains the whole dump of the application with screenshots, HTML output, the Orchard logs, everything that you may need for troubleshooting. And, of course, you can also execute the test from Visual Studio as usual. The next steps here would be to: Recreate the Cypress tests so we can see how it compares. Most possibly, this would be running TestBasicOrchardFeaturesExceptRegistrationAsync with all recipes. Using WebApplicationFactory directly instead of running the tested app with the Dotnet CLI would be useful. What's behind TestBasicOrchardFeaturesExceptRegistrationAsync would potentially need to be copied to be serious here, since if something changes in Orchard deliberately, it can fail. If you would like to know more about this PoC, head to YouTube for a recording! News from the community War in Ukraine and Lombiq War in Ukraine and Lombiq: How does it affect us at Lombiq and what we're doing to help: https://lombiq.com/blog/war-in-ukraine-and-lombiq Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 238 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

This week you can read about updating the Monaco editor to support preview, improving the documentation of Orchard Core, search form improvements, and a demo about using Vue.js Single File Components in Lombiq Vue.js module for Orchard Core! Are you interested in the details? Check out this post for more! Orchard Core updates Make the Monaco editor Field support preview Now the Monaco editor Field correctly supports the content preview feature on every change. To test this out, you just need to have a content type with a Text Field attached. Don't forget to set the editor type to Monaco editor for that field. Documentation improvements The documentation of Orchard Core has been improved. Documentation for the Audit Trail, SEO Meta, Deployment, Remote Deployment, Redis modules have been added, and there were some missing Orchard Core Demo YouTube videos that are now embedded into the corresponding page of the documentation. Search Form: allow to override Index used Let's say you have a content type, called Blog. Inside that, there are a lot of blog posts, and there is a need to search inside of that content type of Blog. The question is, how can you limit the full-text search based on that content type? Well, from now there is a new feature that allows passing a QueryString param in the search form page to override the current default Index used for displaying results. This can also be set as a hidden form input fixed value if used from a different form. These Indices are protected by permissions, so it should be fine to allow to do this, instead of needing to create a different controller per index required to be searched from. You can use this in the following way: /search?Terms=moon&Index=BlogIndex Demos Vue.js Single File Components in Lombiq Vue.js module for Orchard Core The Lombiq Vue.js module for Orchard Core is an Orchard Core module, that contains Vue.js and commonly used Vue.js components to be used in other Vue.js apps as dependencies. Provides extensibility to create Vue.js component templates as Orchard Core shapes making them able to override in themes or modules. And from now, you have the option to use Vue.js Single File Components! The module identifies Single File Components in the Assets/Scripts/VueComponents directory and harvests them as shapes. They have a custom .vue file renderer that displays the content of the <template> element after applying localization for the custom [[ ... ]] expression that calls IStringLocalizer. Besides that, it's pure Vue, yet you can still make use of shape overriding if needed. You can read more about it in the module's readme file. Now it's time to see it in action! You will find a Lombiq.VueJs.Samples project in the repository that contains some Vue files. The module now supports these special files (where you can put the template and the script in the same file) and harvest these as shapes. If you open up the demo-sfc.vue file, you can see one unique solution for localization. As we mentioned, by using the [[ ... ]] syntax, you can perform localization via IStringLocalizer at runtime. Let's run the Vue.js Single File Component sample in the Lombiq.VueJs.Samples module! As you can see, this sample is about providing a table with some data and a pager that you can use to navigate between the pages of the table with the help of the Single File Components. And we are just scratching the surface here! If you would like to know more about using Vue.js Single File Components with the help of the Lombiq Vue.js module, check out this recording on YouTube! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 237 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Categorized tenants, change the Script Task to use Monaco Editor, update logos to NuGet packages, and automated monkey testing in the Lombiq UI Testing Toolbox for Orchard Core are the topics of this week. Interested in the details? Check out this post for the details! Orchard Core updates Categorized tenants Now you can have a Category on the Tenants page and filter tenants by category. If you want to try this out, just set up your site and make sure you have the Tenants feature enabled. Now head to Configuration -> Tenants on the admin UI and add some tenants by clicking on the Add Tenant button. Here you can see we added three additional tenants and used Category A and Category B as the category for these tenants. You can filter the list by the available categories just by clicking on the Category dropdown near the State one. Change the Script Task to use Monaco Editor If you enabled the Workflows feature, you have the option to use Workflows. You can add a Script task to your workflow that executes a script and continues execution based on the returned outcome. And the Script Task now uses the Monaco Editor instead of the CodeMirror one. New branding icons for Orchard Core projects templates and new logo to NuGet packages Now the branding icons are updated for project templates. And now we use the new logo for the NuGet packages because the packages had the default logos. Demos Lombiq UI Testing Toolbox for Orchard Core - Automated monkey testing When you are developing your software, you are always in the mindset that you actually know what your software is doing, how it works, what are the limitations. And with experience, you learn to anticipate different user behavior. Let's say that you are in the Orchard admin, and when you want to edit a content item, you know that you have to click on the Content option, and after a tiny delay, you will see a list that contains an element called Content Items. If you click on the Content Items, you will see a list of the content items. You know that you can edit a given content item by doing a single left click on the display text of the content item by default. Because it looks like a link, and you just have to click once. And if you want to save a content item, you still need to click once on the Publish button, for example. But a lot of people actually will do a double click on the Publish button. Long story short, there is a difference between what the developer can think of how users will use a piece of software and what users in the real world will actually end up doing. What you can see in this demo is about introducing monkey testing in the Lombiq UI Testing Toolbox for Orchard Core. It was done mostly by Yevgeniy Shunevych, who is a developer working a lot on automation and automated testing, including his UI testing framework called Atata. What we have done is that we used gremlins.js for automated monkey testing. Monkey testing is about random interactions. The library unleashes random interactions onto the software, and it will try to break it. If it can, then we found a bug, we can fix it. Now it's time to check it out quickly! Lombiq's Open-Source Orchard Core Extensions is an Orchard Core CMS Visual Studio solution that contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries. Please keep in mind that only those extensions are included that use the latest released version of Orchard (i.e., the very cutting-edge ones depending on a nightly build are not yet here). This solution contains the Lombiq UI Testing Toolbox as well, so we will use this one for the demo. Here we have an example for monkey tests as well, just find the MonkeyTests.cs file in the Lombiq.Tests.UI.Samples project. It's supposed to be very easy to use because the point is that you use this for features that you really want to break. The easiest way is to just test one particular page, that will do these random interactions on just that page. If it leaves the page, it will stop. And since it's random, every time it might be different, and to be able to produce deterministic repeatable results, it's also possible to provide a random seed which we have done here. But you can do the same just by using the MonkeyTestingOptions configuration class. You can find a method called TestCurrentPageAsMonkeyRecursivelyAsync. This means it won't stop if it leaves a certain page or if it leaves the page it starts with and will continue to test every page until it either finds a bug or if it runs out of time because you can also specify how much time it will spend on a single page. And if it leaves that page and comes back to the same page, it's still from that same time. Now let's see what will happen if you actually run a given test. You can easily run a monkey test by using the Test Explorer window of Visual Studio and finding a test under Lombiq.Tests.UI.Samples/Lombiq.Tests.UI.Samples.Tests/MonkeyTests. How it starts is like a standard UI test. First, it runs the setup, and if you have multiple tests just as before, it can reuse the same snapshot from the site that you have run the setup for. After, it will open the page and log in to the admin. And then you see it clicks everywhere, typing different kinds of keys and so on. This goes on until the time runs out. And that's not all of it! Do you want to know more about this new addition to the Lombiq UI Testing Toolbox for Orchard Core? Then check out this recording on YouTube! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 238 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

New custom path for the ChangePasswordConfirmation, Fluid 2.2.14 with several fixes and improvements, Orchard Core on the ASP.NET Community Standup are the topics of this week. Check out this post for the details! Orchard Core updates Fix route ChangePasswordConfirmation The idea is that now there is a custom route for the ChangePasswordConfirmation instead of using the generic one. So, the action OrchardCore.Users.Controllers.ChangePasswordConfirmation() is now mapped to /ChangePasswordConfirmation, because that action was mapped to /OrchardCore.Users/ChangePasswordConfirmation. And the documentation of Orchard Core has been also updated with this new custom path. Fluid 2.2.14 Fluid 2.2.14 has been released with several fixes and improvements. Let's see some of the changes here! The first one is about displaying the source of an error message. Now, if there is a parser error, it will tell you the location of the error (line and column) but it will also show the line with the error. And this way it's easier to understand where the issue is. And if you have multiple templates, for instance, then you don't have to guess what template contains the error because you can see the error directly. Now FluidParserOptions can be configured by using Fluid.MvcViewEngine. This introduces a small set of further changes to support the recent work allowing for FunctionValues. Update to FluidViewParser constructor to pass FluidParserOptions argument. Update to sample projects to use the new constructor. The next improvement is to fix some keyword conflicts. Someone finds an issue in Orchard is that if you have a variable that is named emptyThing, the parser would find that you mean the empty keyword and will fail saying what is this Thing after the empty? And it's the same for blank, true and false. So, if you have variable names starting with empty, you can have them now, this is what this PR is fixing. And another one is to implement offset continue. Now you can assign a range directly to a variable with this version. Before you could not. The second thing is that you can do offset with the keyword continue. So, in this case, continue is a keyword and what happens is that it will do another loop starting from where the previous loop stopped. So here, if you say limit: 2, it will start from the 4th item. And you can also pass another limit if you want. So, here the idea is that we loop for three items in the array, and then we loop again for the rest and display all the items. News from the community ASP.NET Community Standup - PO (portable object) localization with Orchard Core There was an ASP.NET Community Standup about localizing the .NET website. The topics were how the .NET websites have been localized using the Orchard Core localization package with PO files. Sébastien Ros did a demo about the package, explained how the localizer works, how to inject it, how to use the module, how to create a PO file, how to use pluralization, etc. If you would like to know more about localization, check out the recording of that standup meeting here! DotNest Core is on Orchard Core 1.2.2 DotNest Core is a complete redevelopment of the DotNest platform, all on the latest version of Orchard Core. We've been running it with a couple of select few customers for a while now, and it's time to open it up a bit more. While you can't yet simply create an Orchard Core-based DotNest site, you can sign up for our limited beta here. You'll soon be able to get a fully functional, reliably hosted Orchard Core site on DotNest where you can build your personal website or something to showcase your Orchard skills with. And now the DotNest Core sites run on Orchard Core 1.2.2! Do you want to have a hassle-free Orchard site running in the cloud? Then sign up for the beta here! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 239 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Fluid provides optional support for functions, optimizing SlugServie and MediaTokenService, and hiding a shape sample in the Lombiq Training Demo for Orchard Core are the topics of this week. Check out this post for the details! Orchard Core updates Optimize SlugService The goal here was to increase the performance of the SlugService as much as we can. Marko Lahma went through the thing, and the problem was that the ZString haven't been used, it was leaking all the time thus bad perf. BenchmarkDotNet=v0.13.1, OS=Windows 10.0.22000AMD Ryzen 9 5950X, 1 CPU, 32 logical and 16 physical cores.NET SDK=6.0.101 [Host] : .NET 6.0.1 (6.0.121.56705), X64 RyuJIT DefaultJob : .NET 6.0.1 (6.0.121.56705), X64 RyuJIT General easy rule (when implicit usings aren't being used): If there's using System.Linq; at the top of the performance-critical code, try to find a way to get rid of it. Reduce allocations in MediaTokenService and improve performance Since Orchard Core can use all .NET 6 goodness, Marko Lahma improved the performance of the MediaTokenService too. And what did he change? Don't ToString StringValues, keep them as-is as in dictionary once built. Parse commands and other commands with one pass using constructs that QueryHelpers uses. Allocate static command arrays to return from processors, some of them were always returning new ones. Change GetHash not to allocation anonymous closure each time by using Try/Set construct, using the same logic that extension method GetOrCreate uses. Change hash calculation to use stackalloc and spans for workloads < 1024 bytes (common case). Use the custom AddQueryString method that understands spans and concrete a dictionary type. Here you can see the numbers: Before: After: Fluid functions Now there is a new optional feature in Fluid called Functions. It's optional because the goal of Fluid is to be able to as close as possible to Liquid, but Liquid doesn't have Functions. If you open up the readme file of Fluid, you can see a new section there called Functions. There is a new option in the FluidParser that you can say AllowFunctions. By setting the AllowFunctions to true, you can call functions like this: {{ field('user') }}. The format of this one is {{ identifier('arguments')}} just like in JavaScript or in C#. Or you can say {{ field('pass', type='password') }} which is like {{ identifier('values', type='named value') }}. How it works is a field is an object, a FluidValue of type FunctionValue. In Fluid, anytime we access something like {% assign name = "Bill" %}, the name is a FluidValue, and in this case, the type is StringValue. When we find a field, the field is a value of type FunctionValue, and the FunctionValue implements the method name InvokeAsync. There is InvokeAsync, there is GetPropertyAsync, etc., everything that an object can do, and when this FunctionValue's Invoke is invoked it will execute something. And to invoke a FluidValue you use parenthesis. If we do parenthesis on something like name, which is a string, we can do name(), it will invoke the string, but it just returns NIL value. So you can invoke name if you want, it will not do anything. If it's a function, it will do something. To learn more about Functions, check out the documentation of Fluid! News from the community Hiding a shape sample in the Lombiq Training Demo for Orchard Core The Lombiq Training Demo for Orchard Core is a demo Orchard Core CMS module for training purposes guiding you to become an Orchard developer. And the module has a new sample, which is a shape table provider that hides shapes. Check out the code of the new ShapeHidigingShapeTableProvider here! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 240 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Orchard Core 1.2.2 is now available that addresses some other security issues. Check out this post to know the content of this release of Orchard Core and to see the latest features of the framework! Orchard Core updates Media search indexing The idea here was to allow to search for content in files. Last summer, you could see a demo in this This week in Orchard post that shows a feature that provides a simple implementation to index media for search. More precisely, it indexes media files related to content items, so said content items will turn up in search when one of their media files matches the search query. And now this feature is merged to the main branch of Orchard Core! Check out the updated documentation to know more! Remove multiple compilation paths on MediaTokenService From the next minor version, Orchard Core will only build with .NET 6.0, so we can remove all the things from the code that do not target .NET 6.0 specifically. This time the ParseQuery method of the MediaTokenService got simpler because now we don't need to use the slower version, we can use the fast version with structs now. Add response to SmtpResult When you send an SMTP request, the response can be read, and now you can do whatever you want with the response. We already know if it failed or not from the SmtpResult, but now there is even more information in the Response. News from the community Orchard Core 1.2.2 release Orchard Core 1.2.1 has been released a few days after the 1.2.0 one, and here comes 1.2.2 to address some other security issues. If you open up nuget.org and search for the OrchardCore.Application.Cms.Targets package, you will find the newest released version of Orchard Core! Don't forget that 1.2.x is the latest minor version of Orchard Core that can be built by .NET Core 3.1 and .NET 5. If you take the main branch, it will only build with .NET 6.0, and the upcoming versions will be only shipped with .NET 6.0. .NET 6.0 is an LTS and shipped for many months now with some security updates already. It will also make the local builds with Visual Studio faster, the CI is faster because it doesn't have to build everything three times and run the tests three times. Now let's see the fix that is in this release! If you have a Link Field, you can provide a URL to that field, and the URL is now sanitized. Before this change, you could pass some JavaScript in the URL. With that what we are doing is checking the link that we are generating is sanitized. This issue was also in the Menu Item Link Field and also in the HTML Menu Item Link Field, so everywhere where we pass a link. Another fix was in the AuditTrailContentController.cs to be consistent with the other fixes. Error messages can't contain HTML and the issue that the _notifier.WarningAsync is asking for a LocalizedHtmlString. Why is it asking for a LocalizedHtmlString? It's because WarningAsync expects a LocalizedString using H[""]. In this case, the goal was to render an error message as a notification. But the error message is a string. So the developer decided to wrap the error message into a LocalizedHtmlString and pass it. And by doing that we say this is a safe string, this is already encoded, so it can be used in a view. This is what the H[""] does. So, everything here is safe. So, it can be passed as a LocalizedHtmlString. We are lucky that the error message is safe because internally it's a static string. But we don't do that, because it could be like some other developers will copy this code without understanding that this is safe or not. So, let's assume that it's not safe, and you shouldn't pass it as a LocalizedHtmlString, because that will prevent the notifier from encoding the result. The fix here is to pass the error message as an argument and because it's passed as an argument it will be encoded. So, this is how we pass a LocalizedHtmlString to a notifier from an unknown string safely. We can just pass it as an argument. And if you would like to know more about the fixed security issues, don't forget to check out this recording on YouTube! Looking for some useful Orchard Core extensions that can help improve your Orchard Core 1.2.2 application faster and easier? Here's a bundle solution of all of Lombiq's open-source Orchard Core extensions (modules and themes). Clone and try them out now! This is an Orchard Core CMS Visual Studio solution that contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries. And we have also updated the solution to use Orchard Core 1.2.2! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 240 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Orchard Core 1.2.1 is now available to fix some security issues. Check out this post to know the content of this release of Orchard Core and to see the latest features of the framework! Orchard Core updates Remove exists check for blobs Instead of querying the blob, if it exists any time, we just try to get it, and maybe the server will return with a BlobNotFound error. This way, if it's there, we prevent one external network communication to check if it's there before asking for it. So, we just ask for it, and then if it fails, it fails. It's a pretty common issue with Blob Storage because of its high latency you need to do as few communications as you can. Starting background tasks without waiting for initialized tenants You can have a scenario where you would like Orchard itself to starts its background tasks without the need of a request for each one of the tenants. Until now, you need to make a request to as parent tenant and to every child tenant to be sure background tasks of each tenant start to run. So, by default background tasks are waiting for their shell to be lazily built on a first matching request. From now, you have a ShellWarmup bool option in the appsettings.json that allows you to eagerly build shells just before executing their first background task. News from the community Orchard Core 1.2.1 release Orchard Core 1.2.0 has been released on the 6th of January. But after a few days, a vulnerability security issue has been filed. That's the reason why the community had to create a new Orchard Core 1.2.1 release, to fix that security issue. You can update to the new version as usual. If you open up nuget.org and search for the OrchardCore.Application.Cms.Targets package, you will find the newest released version of Orchard Core! But let's see the fix that is in this release! It's not critical in the way that only users that are authenticated and have access to the dashboard can do things. Looking at the security issue and then how to not have them anymore. These are XSS issues, which means you can inject custom JavaScript in a page that could be triggered automatically, and then if you inject some fancy JavaScript you can force a user to submit queries and on this site, you could extract secrets or have them do things they don't want to do on the site. We encode everything we output. This means if the thing you output contains some JavaScript, it will be encoded, which means it will be rendered and not the JavaScript itself to be executed. In this case here, what was happening is that the translation was called on a variable, but we can't translate it. When we call T[], the IHtmlLocalizer will lookup for this text. If it finds this text in the translations, it will render the translation, otherwise, it will render the text as-is. That's why we always pass the English versions, such that if it doesn't find a localization, it will render this text in English. So, we don't have to create the translation for English, we just use that key that we passed. But the T[""] can contain HTML. And that's how we do to translate notifications, links, and stuff like this. And because it can contain HTML, the @ before that will just render it as is. So, whatever is passed there, it will be rendered as-is and not encoded. If we put some HTML or JavaScript inside that, this will be rendered as is and not encoded. What happened there is that when we do any string, like @T["Add widget"] is fine because we know this is a static string to generate. So, we know what we are rendering. But when we do it in a variable like @T[item.value], it can contain anything. And we don't know what it contains. And if it's user inputted, then there can be bad issues. So, we should never translate a user inputted value like this. This is an encoding issue over a bug. This is a list of SelectListItem, which itself contain a localized string instantiated value. There is no reason to use a localized string here. We use localized string as a type when we know that the property needs to be a localized string and should be a sign with a call to T for instance. This piece of code from the DashboardController is just to list the display name of the content type and the technical name of the content type. It's just a list of content types to allow you to create a new content item based on the type. The first solution is to don't translate variables. We have the design and started the PR for dynamic content translations, which is supposed to fix that, to provide a solution to be able to translate content types, permissions, and all the things that are user inputted and dynamic in the database (not static text). We should either not translate dynamic variables or use the new localization PR. The second option is to explicitly encode it for just this vulnerability. In this case, it's not breaking anyone, and it's secure because here, we explicitly translate the encoded value of the display name. So, it would break people who have spaces in their content type display name, because now they have to translate Foo&nbsp;content&nbps;type not Foo content type. .NET Foundation Most Active Community Projects 2021 Shaun Walker shared this image on Twitter that contains the most active community projects based on the number of pull requests, the number of commits, and the number of new contributors. As you can see, Orchard has 1507 pull requests in 2021, which is great. Orchard has 1291 commits, which is weird. Why do we have more pull requests than commits? Do we really close that many pull requests? We have some mini PRs created by Dependabot. And we haven't talked about which projects are using squash and merge and which projects aren't. But it's still a nice thing to be able to see Orchard in the top 10! :) Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 238 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

We are thrilled to announce that Orchard Core 1.2 is now available! Check out this post to know the latest features of this release of Orchard Core and see a demo about an upcoming feature to have a jobs queue for scheduling! Let's get started! Orchard Core updates Support data annotations PO localization This feature is about to be able to localize data annotations. Let's say you have a required field and you would like to save your form without providing any value for that field. In this case, you will get a validation error of course something like: The {fieldname} field is required. And from now you can easily translate the default error messages for data annotations attributes. If you open up the DataAnnotationsDefaultErrorMessages sealed class, you will find the default error messages that you can translate. But how can you translate these? In your PO file, you have to target the DataAnnotationsDefaultErrorMessages marker class, provide the value of the variable that you want to translate (msgid), and provide the translated text after the msgstr keyword, which is the Arabic version in this case. In the following GIF, Hisham Bin Ateya shows you the given scenario mentioned above by using the Arabic translation for a required field. Code cleanup For C# code files, Visual Studio 2022 has a Code Cleanup button at the bottom of the editor (keyboard: Ctrl+K, Ctrl+E) to apply code styles from an EditorConfig file or the Code Style options page. If a .editorconfig file exists for the project, those are the settings that take precedence. After you've configured code cleanup, you can either click on the broom icon or press Ctrl+K, Ctrl+E to run code cleanup. You can also run code cleanup across your entire project or solution. Right-click on the project or solution name in Solution Explorer, select Analyze and Code Cleanup, and then select Run Code Cleanup. For more information about code style, check out this page. The codebase of Orchard Core got this cleanup, which means 312 file changes in this PR. And if you would like your code to be nicer, check out the Lombiq.NET Analyzers repository. Our Lombiq .NET Analyzers repository contains .NET code analyzers and code convention settings for Lombiq projects. We also had a demo about the analyzers in This week in Orchard post! Fix index cursors management When there are hundreds of thousands of rows the results returned by QueryIndex() may not be ordered by Id by default. In that case, services as AutorouteEntries using an index cursor on the Id column are not working properly, the _lastIndexId being not well managed. In this case when first publishing an item having an Autoroute, in place of only adding one Autoroute entry, it was trying to add thousands of them in an unordered way and was taking a very long time. Jean-Thierry Kéchichian also enhances the lookup of Autoroute entries to evict, the ones related to contained items of a given container. Demos Background Jobs Orchard Core has a background task infrastructure that runs tasks on a minute-by-minute schedule on a CRON job. But it doesn't actually allow us to have a queue where we can put jobs into a queue. This demo is about an upcoming feature to have a jobs queue for scheduling. In this demo (to show you this feature), Dean Marcussen used the Publish Later feature of Orchard Core to keep track of the background jobs, and by running a scheduler, you can run the Publish Later Job immediately without the need of waiting for the given time to be elapsed. Watch this recording on YouTube to know more about this upcoming feature! News from the community Orchard Core 1.2 release Orchard Core 1.2 is released! If you open up nuget.org and search for the OrchardCore.Application.Cms.Targets package, you will find the newest released version of Orchard Core! Upgrade your solution to 1.2 now! If you head to the repository of Orchard Core and head to releases, you will find the 1.2.0 release with the list of changes and the contributors. Feel free to drop on the dedicated Gitter chat or use the Discussions on GitHub and ask questions! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 236 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Topics for this week are the Fluid updates; better NRE handling for Widget and MenuItem stereotypes; allowing sending emails without "To" if "Cc" or "Bcc" is provided. Do you want to know more? Then check out our post now! Orchard Core updates Allow sending emails without "To" if "CC" or "BCC" is provided Let's say you have a system to send emails to many recipients at once and want the recipients to be in the BCC header instead of the To one. The email module of Orchard Core was required to have at least one recipient in the To header, so, the scenario described above cannot be implemented in Orchard Core. The solution for this is that now you can send an email without a recipient in the To header. The mail message should have at least one of these headers: To, CC or BCC. Here you can see the editor of the Send Email task where we provided an email address for the BCC header but kept the To and the CC headers empty. Fluid v2.2.8 In Liquid, you can have an identifier that starts with a number like: {% assign 1st = "first" %} {{ 1st }} It was not easy to parse, but now Fluid supports this one with version 2.2.8. And just a note here. If you navigate to the Liquid Sandbox of Jumpseller, you can find a sandbox that is using Liquid but in Ruby, which is the actual implementation of Liquid. You can use LiquidJs to test, but that is a custom implementation in JavaScript, so it might not be as true as the Ruby implementation. Better NRE handling for Widget and MenuItem stereotypes As you may guess, the NRE handling is about catching the null reference exceptions and showing proper error messages instead of displaying the "An error occurred while executing this request.". What were those errors? For example, follow these steps: Create a new content type with stereotype = MenuItem. Add a menu item of that type to a menu. Delete the content type created in step 1. Go back to the menu you created in step 2. Observe a Null Reference Exception. Here we created a new content type with the MenuItem stereotype called NewContentType. The site that we are using was set up by using the Blog recipe, so we have the Main Menu admin menu where we can easily add menu items by just clicking on the Add Menu Item button. And if we delete the NewContentType and navigate back to the Main Menu, we will see the following messages instead. News from the community Lombiq's Open-Source Orchard Core Extensions now updated to Orchard Core v1.1 Looking for some useful Orchard Core extensions? Here's a bundle solution of all of Lombiq's open-source Orchard Core extensions (modules and themes). Clone and try them out! This is an Orchard Core CMS Visual Studio solution that contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries. Please keep in mind that only those extensions are included which use the latest released version of Orchard (i.e. the very cutting-edge ones depending on a nightly build are not yet here). And this project, with all of our Orchard-related projects, is now updated to Orchard Core v1.1! Check it out here! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 235 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!