Shortcodes improvements, Lombiq Training Demo updates - This week in Orchard (14/08/2020)
This week we see the latest improvements of the Shortcodes module and the new pages of the Orchard Core documentation! Don't forget about our Traning Demo module, which has now got a new RESTful web API sample! Check out our current post for more!
Orchard Core updates
Highlight invalid fields
When you have a driver for your content part or for your content field, the
UpdateAsync method will be called when you are about to save and persist the new values of it. Let's say you have a
TextField and you want to set it to be required. In the
UpdateAsync method of the
TextFieldDisplayDriver, we get the
TextFieldSettings and if the value of the
Required property is true and the
Text property of the
TextField has no value, then it's time to show an error for the user.
Notice the second parameter of the
AddModelError method. This is about passing a key to the
ModelStateDictionary. The key would be the value of the
Text property of the
TextField and the
Prefix would be the
BlogPost.Subtitle string. But why is it important right now? Because there was an issue in Orchard Core about the different highlightings. If there is a validation error, it would be great to highlight the input editor, not just showing the validation summary at the top of the form. So, imagine you have a site installed with the Blog recipe and you set the Subtitle
TextField of the Blog Post content type to be required. If you would like to save the existing blog post without providing a subtitle, the driver will pass the
BlogPost.Subtitle as the
Prefix and the name of the
field.Text will be null. It's a small, but a good to know tip to provide a better user experience when editing values.
Document Link Tag Helper
There is a Tag Helper and a Liquid Helper in Orchard Core called Link that you can use to define the relationship between the current document and an external resource such as a favicon or stylesheet. This helper is available for a while, but there were no words in the documentation about it. Now you can find some lines in the documentation about how to use these helpers in your Orchard Core site.
Add user updated event
Two weeks ago we wrote about the new user deleted event, which is about to add a new
DeletedAsync method to the
IUserEventHandler. Now there is another new event for user events, that is about to occur when a user is updated. You can find the new
UpdatedAsync method in the
And a new event is also accessible from your workflow type. If you create a new workflow type and click on the Add Event button, you will find the User Updated event in the User category.
Password configuration documentation
The password restrictions are set with the settings configured in ASP.NET Identity. Those options are used to define the required password strength when a user password is set. You can configure these requirements in order to specify properties like the minimal password length or if the process is expecting digits, uppercase, or non-alphanumeric characters. Check out the new how-to guide in the Orchard Core documentation to see how to change these settings and how to read configuration from an external config file!
Two weeks ago we wrote about the upcoming Shortcodes feature for Orchard Core. Shortcodes are essential to WordPress, and for the Orchard Core, we wanted a similar feature. The parser was written by hand as the syntax is simple and it needs to be efficient. Check out that post if you haven't read that yet and don't forget to watch the recording on YouTube about that too! Now, let's continue from where we left off and see the newest improvements in that module!
Set up your site using the Blog recipe, then head to Configuration -> Features to enable these features:
- Shortcode Templates: The Shortcode Templates feature provides a way to write custom shortcode templates from the admin.
- Shortcodes: The Shortcodes feature adds shortcode capabilities.
Now head to Design and notice that the Shortcode Templates options is renamed to Shortcodes. Click here and add a new Shortcode! Here you will meet with a slightly changed editor. The first thing that you will notice is when you are starting to fill out the Name, the Hint, and the Usage inputs you will get a live preview in the right about how the card of the Shortcode will look like. You can ask what card do we mean, but let's not move so fast!
The Categories selector is now working the same when you add tags to your blog post. You can type to search for the existing categories or add a new category right here from the editor. The Content will be about having the logic of the Shortcode. Here we create a Shortcode called safeimage, it means we sanitize the input from the user before rendering the content. We also created another Shortcode called unsafeimage. That would be the same, the only difference is we didn't call the
sanitize Liquid helper.
Now edit the Article content item named About. The HTML editor here has the Insert Shortcode button on the toolbar. Click on it and now you will see the cards we have just mentioned a few lines ago!
Here you can filter by the name of the Shortcode and can filter by categories. Now let's try out the unsafeimage and the safeimage Shortcodes! After editing the code we have the following lines in the HTML body:
unsafeimage: [unsafeimage]media/samoyed.jpg" onload=alert('xss')[/unsafeimage]unsafeimage: [unsafeimage]media/samoyed.jpg[/unsafeimage]
Notice the script in the first line! Because we added this inside an unsafeimage Shortcode, it will render the alert when the user views this page. If we would put this little hack inside a safeimage Shortcode, then it would prevent the alert to appear.
But that's not all about Shortcodes! If you would like to see more, don't forget to check out this recording on YouTube!
News from the community
RESTful web API sample in the Lombiq Training Demo for Orchard Core
The Lombiq Training Demo for Orchard Core is a demo Orchard Core CMS module for training purposes guiding you to become an Orchard developer. You can use this module as part of a vanilla Orchard Core source that includes the full source code - which is the recommended way. You can also use it as part of a solution that uses Orchard Core NuGet packages, however, it's harder to look under the hood of Orchard Core features.
And the module just got a new little RESTful web API sample! Check it out if you're learning Orchard and want to develop web APIs!
Orchard Core workshops
The contributors of Orchard Core will hold some unique online workshops in September 2020. So even with Orchard Harvest postponed due to the coronavirus pandemic we'll get some new learning events.
Are you looking to get up to speed with Orchard? Check out the workshops' details on the Orchard Core homepage!
Orchard Dojo Newsletter
Now we have 157 subscribers of the Lombiq's Orchard Dojo Newsletter! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post published to Orchard Dojo, including This week in Orchard of course.
Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!
If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!
There will be no This week in Orchard post next week because of vacation, so see you in two weeks!