Source Browser, Content Request Culture Provider cookie setting - This week in Orchard (12/07/2021)
Fixing forms multi submit, set the cookie in the Content Request Culture Provider, Source Browser with Orchard Core, and many more coming this week!
Orchard Core updates
Set the cookie in the ContentRequestCultureProvider
ContentRequestCultureProvider allows you to switch the current culture based on the content item URL. If you have a site in French and English and you go on a page that contains a French content item, then the full request will go in French. This is what the
RequestCultureProvider does, it assigns the current thread culture to the one that a content item is taken.
The issue is the following. Assume you have a drop-down French and English to switch languages. Like you are, for instance, on the home page for English. And in the drop-down, you select French using the content picker. In this case, your whole navigation is back in French. Everything you will click should be in French now; the widgets, the content items, everything. But if you go to a page that is in English, the cookie is still for French, which means the next page that will open will assume you still want to be in French. This new option lets you switch the cookie to the culture of the content item you are watching. That means if you go to a content item with a different culture, your cookie will say: 'Oh, I want to be in this culture now, I don't want to be in the one that the drop-down selected before!'.
By default, the ContentCulturePicker sets a cookie for the
CookieRequestCultureProvider. This can be disabled in the Configuration -> Settings -> Localization -> Content Culture Picker settings page.
ContentRequestCultureProvider can set the cookie based on the ContentItem that matches the current URL. This setting can be edited in the Configuration -> Settings -> Localization -> Content Request Culture Provider settings page.
Minor security issue: Internal File Path Disclosure
An issue has been raised that the Media module can potentially expose internal file paths, letting a would-be attacker find out what OS the server is using and gaining knowledge about the file structure being used by the web application.
If you open up the AdminController and check out the HttpPost version of the Upload action, you would see the following lines in the code that prints the path of the given file.
The media file stores are supposed to catch all exceptions and rethrow them as a FileStoreException. The issue was the result contains the path, while it shouldn't. This issue has been fixed by now.
Fix forms multi submit
The idea here is that if you add the no-multisubmit class, then you can't submit a form twice. So when you double click, there won't be two POST requests, just a single one. And the issues that it triggered were like locking issues or concurrency issues like two content items use the same version and then two published versions. This is preventing issues like this. And you had to change every single form to prevent that.
Document Static File Provider Feature and robots.txt for Tenants
Source browser website generator that powers https://referencesource.microsoft.com, http://sourceroslyn.io, https://source.dot.net, and others.
Create and host your own static HTML website to browse your C#/VB/MSBuild/TypeScript source code. Note that it does require an ASP.NET Core website for hosting (symbol index is kept server-side), so without ASP.NET Core the search function doesn't work.
Dean Marcussen decided to build one for Orchard Core. And you can now browse the source code of Orchard Core using Source Browser.
You can find the source code in the dm/orchardcore branch of this repository.
If you would like to see a nice demo and discussion about this feature, don't forget to check out the following recording on YouTube!
News from the community
Lombiq Helpful Libraries: Contents Libraries
The Lombiq Helpful Libraries consist of several various libraries that can be handy when developing for Orchard Core CMS, to be used from your own Orchard modules. This time we will see some helpful constants and extensions regarding contents.
CommonContentDisplayTypes static class contains values that can be used with
OrchardRazorHelperExtensions.DisplayAsync to safely select the correct display type. Here we have a
BuildDisplayAsync method that loads the content item if the display type is not
SummaryAdmin. As you can see, we could use the
SummaryAdmin constant string here.
PublicationStatus enum can be used for instance to query content items based on the status of the content item. The
WithContentItem extension method also uses these enums to filters a query to match the publication status in
ContentItemIndex. You can see we have a
query.WithContentItem(PublicationStatus.Published) call that will extend the given query with the
ContentItemIndex index and use the given status of the content item.
Orchard Dojo Newsletter
Lombiq's Orchard Dojo Newsletter has 207 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course.
Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!