Securing Sitecore Admin

Greetings,

One of the frequent questions I am hearing besides development related stuff is configuration related. In Sitecore world, there is always plenty of options available for you in terms of configuring your production environment. Not to get carried away, but this is really a critical aspect, especial for large enterprises. When your product cannot be flexible enough to be decoupled in components, this may represent quite a challenge. Systems forcing large footprint are more difficult to maintain, backup, secure, etc.
With Sitecore, you can pretty much create a lightweight Content Delivery instance by cutting down the configuration and files to mere 50 Mb quite with a little bit of effort. This will create a more manageable and secure environment, but what if you don’t want to go through this exercise?

A quick and proven way to handle this it rely on native IIS securing features. With IIS7 you can do that even easier. What you can do is simply deny access to /sitecore folder based on IP restrictions.

1. Make sure you have “IP Security” feature installed for IIS:

2. Locate your site in IIS, select /sitecore folder:

3. On the Features view, select “IP Address and Domain Restrictions”:

4. Configure any allow/deny rules you want:

Isn’t it easy?

Undefined text in Page Editor when clearing field

Greetings!

You may be experiencing an issue with Page Editor in Sitecore 6.1/6.2 releases when clearing a field results in “Undefined” text being written back to your item.

To work this around, follow these 3 easy steps.

1. Locate the following file: <web root>\sitecore\shell\Applications\WebEdit\WebEditElement.js
Create a backup copy of it.

2. Find the following function: Sitecore.WebEdit.Element.prototype.load = function() and replace it with this:

Sitecore.WebEdit.Element.prototype.load = function() {

  if (this.element.getAttribute("scWatermark") == "true") {

    this.element.removeAttribute("scWatermark");

    this.watermarkHTML = this.element.innerHTML;

  }else

  {

  this.watermarkHTML = "[No text in field]";

  }

this.buttons.select(".scWebEditFrameButtonIcon").each(function(icon) {

    icon.observe("dragstart", function(e) { e.stop(); });

  });

  this.element.observe("click", this.onClick.bind(this));

  this.element.observe("blur", this.onBlur.bind(this));

}

3. Then locate this function: Sitecore.WebEdit.Element.prototype.isWatermark = function() {
and replace it with this:

Sitecore.WebEdit.Element.prototype.isWatermark = function() {
  fl=false;
  if((this.watermarkHTML == this.element.innerHTML)||(this.element.innerHTML=="[No text in field]"))
               {
               fl=true;
               }
  return fl;
}

Quick disclaimer: this proved working on my local 6.2.0 (rev. 100831) installation, however, this is not a fully tested solution, so there may be conflicts depending on exact version of your Sitecore instance and level of customization.

Thanks goes to Sitecore Customer Service for quick solution!

Sitecore 6.4 in Technical Preview

 
Monday…it is a wonderful day in our Mill Valley office…I am in the mood of writing something non-technical for once, so no pipelines, custom commands or event handlers today.

That’s because a truly great piece of news hit the web today. Sitecore 6.4 is out in Technical Preview. If you have not seen Alistair’s early Sneak Peak on 6.4 post and John West’s blog series on new features, here is a quick teaser for you on what’s in the box:

• Updated Page Editor merged with Page Designer. Try it out on your iPad!
• Cross browser support
• New Rich Text Editor
• Proxies deprecated in favor of Item Cloning
• .NET 4.0
• Initial support for MVC
• More extensibility through additional pipelines
• Much more

Check out Release disclaimer.

Besides all the technological goodies included in this release, I believe that the next coolest thing about it is how Sitecore approached it. Every single feature or enhancement is purely based on your feedback. Developers wanted .NET 4.0 and MVC, even more freedom in customizing the software. Business Users wanted better behaving Rich Text Editor and enhanced Page Editor/Design experience. Everyone wanted to work in favorite browser.
Sitecore listened and executed.

So what does it mean for you, fellow Sitecorian? Now it is your chance – download, install and provide that valuable feedback as early as possible.
6.4 will be one of the coolest versions we’ve ever had, there is no doubt about that!

How to Sort your Multilist Field

Greetings!

Just recently one of the Sitecore implementation partners asked me whether there is a way to have the list of available items on a Multilist field sorted by updated date.
To clarify, by default, the left side is sorted by item name, it is by design.

So I did some digging, and have found that it is a very frequent feature request. Another thing I’ve found is that since Sitecore 6 it is actually pretty easy to change this behavior.

First thing I need for that is subclass MultilistEx class which implements is UI part of the Multilist field. This class has a method called GetSelectedItems (introduced since Sitecore 6 release) where the list of unselected items is constructed. Since this method is marked as protected virtual, I can easily override it:

namespace Sitecore.SharedSource.CustomFields
{
   public class SortedMultilist : Sitecore.Shell.Applications.ContentEditor.MultilistEx
   {
      protected override void GetSelectedItems(Item[] sources, out ArrayList selected, out IDictionary unselected)
      {
         Assert.ArgumentNotNull(sources, "sources");
         ListString str = new ListString(this.Value);
         unselected = new SortedList(StringComparer.Ordinal);
         selected = new ArrayList(str.Count);
         int index = 0;
         while (index < str.Count)
         {
            selected.Add(str[index]);
            index++;
         }
         foreach (Item item in sources)
         {
            string str2 = item.ID.ToString();
            index = str.IndexOf(str2);
            if (index >= 0)
            {
               selected[index] = item;
            }
            else
            {
               unselected.Add(GetItemKey(item), item);
            }
         }
      }
      protected virtual string GetItemKey(Item item)
      {
         return MainUtil.GetSortKey(item[FieldIDs.Created]);
      }
   }
}

The only thing I change, actually, is the line where items are added to the “unselected” list. Since the key is used for sorting, I move this outside to a separate method “GetItemKey” where instead of constructing sort key by item.Name as in default implementation, I simply read the “created” date.

After this class is compiled, all I need to define the new “Sorted Multilist” field under core:/sitecore/system/Field types/List Types:

The easiest way to do it is to duplicate the existing Multilist item ;-)

I should mention that adding complex sorting rules will definitely slow down you multilist, so you have to be very careful.

Also, there is a very handy FilteredMultilist that is already on shared source. It gives you ability to refine the left side of Multilist, so you may never need it sorted at all.

Enjoy!

Sitecore Bloggers take over the world

I just want to give a quick shout-out to all Sitecore bloggers out there who bring new fresh ideas to the surface, provoke discussions and constantly provide food for thought. The best thing about it is that you get different perspective from different levels: end user’s, developer’s (either customer or partner) and Sitecore employee’s.
I am absolutely confident that information space around Sitecore would never be as active and relevant without you guys.

Also I want to take this opportunity and urge my readers to check out our new Sitecore Community Blogs section on sitecore.net. If you are leaning towards more technical stuff, the place to go would be our Technical Blogs area.

Of course, if you have not subscribed to our RSS channel that aggregates all Sitecore related blogs, you are really missing out!