Saturday, August 23, 2008

Reminder: AllowUnsafeUpdates Issues

What is the AllowUnsafeUpdates property?
The Microsoft idea behind introducing the AllowUnsafeUpdates property is to protect you from cross-site scripting attacks.

When to use?
If your application is running in an HTTPContext (for instance an application page, web part, ...) and the request is a GET request, SharePoint will refuse to do any changes. For this reason you will have to set the AllowUnsafeUpdates to true. Note: By default that property is set to false for GET requests.

When not to use?
In a console application, class library, ... where the HTTPContext.Current is null - AllowUnsafeUpdates will be always true. So you don't have to set this property.

What about breaking role definition inheritance?
When any object that implements ISecurable (those are SPWeb, SPList and SPListItem) breaks or reverts their role definition inheritance. This means every time you call SPRoleDefinitionCollection.BreakInheritance(), BreakRoleInheritance(), ResetRoleInheritance() or set the value of HasUniquePerm the AllowUnsafeUpdates property of the parent web will reset to its default value and you may need to set it back to true in order to do further updates to the same objects.

Bad piece of code:

SPList sharedPictures = curWeb.Lists["Shared Pictures"];
sharedPictures.Title = "My Pictures";
curWeb.AllowUnsafeUpdates = true;
//--> no help!
sharedPictures.BreakRoleInheritance(true);
ReducePermissonsOnLibrary(sharedPictures);
//---> crash!

Exception will be probably: Updates are currently disallowed on GET requests. To allow updates on a GET,set the 'AllowUnsafeUpdates' property on SPWeb.

Working piece of code:

SPList sharedPictures = curWeb.Lists["Shared Pictures"];
sharedPictures.Title = "My Pictures";
sharedPictures.BreakRoleInheritance(true);
CurWeb.AllowUnsafeUpdates = true; //BreakRoleInheritance set AllowUnsafeUpdates back to false!
ReducePermissonsOnLibrary(sharedPictures);


Conclusion: Always set AllowUnsafeUpdates back to true after you break inheritance in an environment with HTTPContext.

AllowUnsafeUpdates and Try/Catch
Steven Van de Craen wrote about this issue.

Resources:

What you need to know about AllowUnsafeUpdates (Part 1)
What you need to know about AllowUnsafeUpdates (Part 2)

Friday, August 1, 2008

PointFire 2007 v2: A Quick Review

SharePoint 2007 is a great product, but it also has his shortcomings. It's not that bad that a platform is not completely mature. It would be bad if we aren't aware of his imperfection. Awareness of its shortcomings means progression! That's the reason why we are working on a vista platform now and not using the win 95 anymore.

Variations

Ok, we all have to admit that SharePoint provides a poor multilingual support. SharePoint is "able" to create and deploy websites that are multi-lingual. It has a feature called Variations that can be used to deploy content in one or more languages. Unfortunately they're not good enough...

why?
Dumping MOSS 2007 variations - Part 1
Dumping MOSS 2007 variations - Part 2
Dumping MOSS 2007 variations - Part 3

Are you sure they are not good enough?
5 reasons why you should not use variations (and more solutions to keep using them)


What about language packs?

Language packs enable site owners and site collection administrators to create SharePoint sites and site collections in multiple languages without requiring separate installations of Windows SharePoint Services 3.0. Language packs are typically used in multinational deployments where a single server farm supports people in different locations or in situations where sites and Web pages must be duplicated in one or more languages.

An important thing to note:

You cannot change an existing site, site collection, or Web page from one language to another by applying different language-specific site templates; once you choose a language-specific site template for a site or a site collection, the site or site collection will always display content in the language of the original site template.


PointFire 2007

IceFire -Canadian company- developed an add-in called PointFire 2007 (why not calling it FirePoint? Sounds much better :)) that provides multilingual user interface and content management for SharePoint 2007 (MOSS & WSS).

I've been testing the product with some colleagues and I have to admit that this is probably the best multilingual solution available. It's easy to install, easy to use and really really powerful! In 1 click you can easily translate your site settings, userprofile information details, built-in sharepoint menus, ...

PointFire also has a Multilingual Translations List to enable users to add, edit and override any interface translations. It's like a dictionary in which you can store terms in different languages.

Another fancy thing is that you are able to hide/show certain content depending on the current language.

It provides more features than described above ... for a complete list take a look at MOSS is now multilingual and also at the official site for new added features. Here's a video to see a few features in action. Here's a product overview (.ptt).

Oh... I forgot to mention one thing. PointFire has also his shortcomings. But it's not that bad - remember? ;)