Shortcodes improvements, Lombiq Training Demo updates - This week in Orchard (14/08/2020)

Gábor Domonkos's avatar
Documentation, This week in Orchard, Workflows, Shortcodes, Audit Trail - This week in Orchard (31/07/2020)

This week we see the latest improvements of the Shortcodes module and the new pages of the Orchard Core documentation! Don't forget about our Traning Demo module, which has now got a new RESTful web API sample! Check out our current post for more!

Orchard Core updates

Highlight invalid fields

When you have a driver for your content part or for your content field, the UpdateAsync method will be called when you are about to save and persist the new values of it. Let's say you have a TextField and you want to set it to be required. In the UpdateAsync method of the TextFieldDisplayDriver, we get the TextFieldSettings and if the value of the Required property is true and the Text property of the TextField has no value, then it's time to show an error for the user.

The UpdateAsync method of the TextFieldDisplayDriver

Notice the second parameter of the AddModelError method. This is about passing a key to the ModelStateDictionary. The key would be the value of the Text property of the TextField and the Prefix would be the BlogPost.Subtitle string. But why is it important right now? Because there was an issue in Orchard Core about the different highlightings. If there is a validation error, it would be great to highlight the input editor, not just showing the validation summary at the top of the form. So, imagine you have a site installed with the Blog recipe and you set the Subtitle TextField of the Blog Post content type to be required. If you would like to save the existing blog post without providing a subtitle, the driver will pass the BlogPost.Subtitle as the Prefix and the name of the field.Text will be null. It's a small, but a good to know tip to provide a better user experience when editing values.

Highlight required Text Fields

Document Link Tag Helper

There is a Tag Helper and a Liquid Helper in Orchard Core called Link that you can use to define the relationship between the current document and an external resource such as a favicon or stylesheet. This helper is available for a while, but there were no words in the documentation about it. Now you can find some lines in the documentation about how to use these helpers in your Orchard Core site.

Link helper documentation

Add user updated event

Two weeks ago we wrote about the new user deleted event, which is about to add a new DeletedAsync method to the IUserEventHandler. Now there is another new event for user events, that is about to occur when a user is updated. You can find the new UpdatedAsync method in the IUserEventHandler.

And a new event is also accessible from your workflow type. If you create a new workflow type and click on the Add Event button, you will find the User Updated event in the User category.

New User Updated event

Password configuration documentation

The password restrictions are set with the settings configured in ASP.NET Identity. Those options are used to define the required password strength when a user password is set. You can configure these requirements in order to specify properties like the minimal password length or if the process is expecting digits, uppercase, or non-alphanumeric characters. Check out the new how-to guide in the Orchard Core documentation to see how to change these settings and how to read configuration from an external config file!

Password requirements documentation


Shortcodes improvements

Two weeks ago we wrote about the upcoming Shortcodes feature for Orchard Core. Shortcodes are essential to WordPress, and for the Orchard Core, we wanted a similar feature. The parser was written by hand as the syntax is simple and it needs to be efficient. Check out that post if you haven't read that yet and don't forget to watch the recording on YouTube about that too! Now, let's continue from where we left off and see the newest improvements in that module!

Set up your site using the Blog recipe, then head to Configuration -> Features to enable these features:

  • Shortcode Templates: The Shortcode Templates feature provides a way to write custom shortcode templates from the admin.
  • Shortcodes: The Shortcodes feature adds shortcode capabilities.

Now head to Design and notice that the Shortcode Templates options is renamed to Shortcodes. Click here and add a new Shortcode! Here you will meet with a slightly changed editor. The first thing that you will notice is when you are starting to fill out the Name, the Hint, and the Usage inputs you will get a live preview in the right about how the card of the Shortcode will look like. You can ask what card do we mean, but let's not move so fast!

The safeimage Shortcode

The Categories selector is now working the same when you add tags to your blog post. You can type to search for the existing categories or add a new category right here from the editor. The Content will be about having the logic of the Shortcode. Here we create a Shortcode called safeimage, it means we sanitize the input from the user before rendering the content. We also created another Shortcode called unsafeimage. That would be the same, the only difference is we didn't call the sanitize Liquid helper.

Now edit the Article content item named About. The HTML editor here has the Insert Shortcode button on the toolbar. Click on it and now you will see the cards we have just mentioned a few lines ago!

Available Shortcodes modal

Here you can filter by the name of the Shortcode and can filter by categories. Now let's try out the unsafeimage and the safeimage Shortcodes! After editing the code we have the following lines in the HTML body:

unsafeimage: [unsafeimage]media/samoyed.jpg" onload=alert('xss')[/unsafeimage]
unsafeimage: [unsafeimage]media/samoyed.jpg[/unsafeimage]
safeimage: [safeimage]media/samoyed.jpg[/safeimage]

Notice the script in the first line! Because we added this inside an unsafeimage Shortcode, it will render the alert when the user views this page. If we would put this little hack inside a safeimage Shortcode, then it would prevent the alert to appear.

The xss alert when using the unsafeimage Shortcode

But that's not all about Shortcodes! If you would like to see more, don't forget to check out this recording on YouTube!

News from the community

RESTful web API sample in the Lombiq Training Demo for Orchard Core

The Lombiq Training Demo for Orchard Core is a demo Orchard Core CMS module for training purposes guiding you to become an Orchard developer. You can use this module as part of a vanilla Orchard Core source that includes the full source code - which is the recommended way. You can also use it as part of a solution that uses Orchard Core NuGet packages, however, it's harder to look under the hood of Orchard Core features.

And the module just got a new little RESTful web API sample! Check it out if you're learning Orchard and want to develop web APIs!

New ApiController in the Lombiq Training Demo Module

Orchard Core workshops

The contributors of Orchard Core will hold some unique online workshops in September 2020. So even with Orchard Harvest postponed due to the coronavirus pandemic we'll get some new learning events.

Are you looking to get up to speed with Orchard? Check out the workshops' details on the Orchard Core homepage!

Orchard Dojo Newsletter

Now we have 157 subscribers of the Lombiq's Orchard Dojo Newsletter! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post published to Orchard Dojo, including This week in Orchard of course.

Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!

If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

There will be no This week in Orchard post next week because of vacation, so see you in two weeks!

No Comments

Add a Comment