Agency Oasis Developers

Code syntax highligher

So by simply adding a workflow action before the Auto Publish action with the logic below, you will ensure that the relations will be published before the actual item:

I recently happened to help a few customers resolve an issue with Helicon ISAPI URL Rewrite module when Sitecore runs in Integrated mode. So, I decided to make create a quick post about it as it took me awhile to figure out why this was happening. I even had to contact Helicon support channel to see if they had any insights into this issue.

"using (new SecurityDisabler()) 07 { 08 destinationLanguageItem.Editing.BeginEdit(); 09 10 destinationLanguageItem["myField"].Value = sourceLanguageItem["myField"].Value; 11 12 destinationLanguageItem.Editing.AcceptChanges(); 13 }"

Custom notifications, alerts, confirmations

Tangle is a JavaScript library for creating reactive documents. Your readers can interactively explore possibilities, play with parameters, and see the document update immediately. Tangle is super-simple and easy to learn.

This simple plugin helps you to give more life to the boring timelines. Supports horizontal and vertical layouts, and you can specify parameters for most attributes: speed, transparency, etc..

A plugin that makes your plain HTML lists super flexible, searchable, sortable and filterable

Combine share counter into a single counter

WeBlog is a blog module for Sitecore 6.2+. It is the successor to the EviBlog module. Features Windows Live Writer integration (MetaWeblog API) Page Editor support and custom WebEdit ribbon Wordpress Import CSS-based themes, with custom themes possible (one included) Various blog navigation components Comments (with author notification and optional approval workflow) Comment CAPTCHA through MSCaptcha or reCAPTCHA Gravatar Support Social sharing through ShareThis or AddThis, and other Facebook and Twitter widgets Tagging and tagcloud RSS Feeds (Sitecore Integrated RSS) Multi-server (staged architecture) support Globalized labels and messaging (English, Danish, Dutch, and Japanese translations provided) Most importantly, WeBlog has been architected to allow you to easily integrate it into your existing content and design, and to allow you to customize its templates and layout to your project requirements.

OpenCalais Integration module allows you to to automatically discover semantic relations between your content, Create relevant tags in the Sitecore Taxonomy and tag your content with those by integrating the Sitecore Taxonomy Module, WeBlog Module or any Sitecore item based taxonomy seamlessly with OpenCalais service without additional development. The service is open for commercial and non-commercial use and is free if you don't need to tag more than 50,000 documents a day. The service is easy to apply in your project with this module and almost effortless if you're already using the Sitecore's Shared Source Taxonomy Module.

"Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks"

"ViewStateUserKey isn't preventing CSRF?"

"Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "

"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."

"Know who to hire to help fix PCI compliance issues on a client's website?"

"How To: Protect From Injection Attacks in ASP.NET"

"How To: Prevent Cross-Site Scripting in ASP.NET"

It's a simple website that helps to prepare to Sitecore CMS update by displaying update steps and links to appropriate pages on SDN. You just need to specify source / target versions, and click "Process".

Produce Cleaner Code with Aspects: Encapsulate common support behavior, such as exception handling, into classes that can be applied using .NET attributes. Remove Boilerplate Code: Stop duplicating code in and across systems. Build a support framework that your team can leverage across multiple apps. Focus on What Matters: Reduce system knowledge required across your team by factoring complex issues, such as multithreading, into aspects.