I have tried to write a code in object model using C#.Net for accessing a sharepoint list items and document library, I have to set allowunsafeupdates property to be true.
Is it massive security problem to the whole site..
Could anyone clarify this ...
The biggest risk on setting SPSite.AllowUnsafeUpdates to true is in GET operations because it open your site to cross site scripting.
Have a look to this question for further details on using the true value within a safe pattern usage.
Related
I'm trying to grab only properties "id" and "userPrincipalName" from the teacher when getting educationClasses with $expand=teacher as parameter. But whatever I do, I keep getting the full teacher/user object.
https://graph.microsoft.com/v1.0/education/classes?$expand=teachers($select=id,userPrincipalName)
But it gives the same result as this one:
https://graph.microsoft.com/v1.0/education/classes?$expand=teachers
What am I doing wrong?
Or is this one of the endpoints where the expand+select feature is not fully supported? I don't want the full teacher object because it contains assignedLicenses, assignedPlans, provisionedPlans and a whole lot of stuff I will never need in this request.
And...it's production, so I'd like to avoid using the BETA endpoint if possible.
Yep, looks like the underlying AAD storage doesn't support expand plus select.
You can see what is happening under the covers by appending the &$whatif to your query.
Not a lot we can do about this, as the AAD team aren't investing in adding richness here right now.
How do I persist Glimpse (for MVC4) information for historical purposes? For example, I would like to store specific dashboard data items (e.g., time on the wire) a database, per request, so as to create a chart based on that. I have searched all over the docs and forums for something like this, but I have not found anything really useful for setting up this use case.
This question may be related to How glimpse persists debugging information?. It suggests implementing IDataStore
However, if go down this route, how do I actually reference my interface implementation so my Glimpse installation will use it?
If you are only interested in persisting the data and getting it out independently (for your dashboard) that should be fairly easy. You will will probably want to inherit from ApplicationPersistenceStore (which implements IPersistenceStore) so that you get the out of the box behavior of the default PersistenceStore and just save off to your store before calling base.Seve(...).
In order to register the you will want to take a look at whats going on here. You will see that we look to the UserServiceLocator (which is a IServiceLocator) to see if you want to customize whats going on. To register your service locator, you can do this off the Glimpse config section. Here is an example of how to do it:
<glimpse serviceLocatorType="Glimpse.Test.Core.TestDoubles.DummyServiceLocator, Glimpse.Test.Core" ...>
Let me know how you get on.
I want to associate multiple sitemaps to mvcsitemapprovider during session_start event as sitemaps names and locations are retrieved based upon the type of client/user. But, according to documents related to mvcsitemapprovider, all *.sitemaps are getting associated to mvcsitemapprovider during application start. Is there any way, I can provide this functionality using this control?
There is no built-in per session functionality, but you could implement your own ICacheProvider to handle this requirement. Also see MvcSiteMapProvider 4.0 - Extending the Cache and Multiple SiteMaps in One Application for more guidance.
Do note that the primary reason this doesn't exist out of the box is because it would be extremely memory intensive and would not scale to very many users. Unless your navigation is completely different per user, I wouldn't recommend using this approach. A better alternative is to use the preservedRouteParameters approach to force some route values to match any value (in your case userid or clientid), and then use ISiteMapNodeVisibilityProvider, SiteMapTitleAttribute, and/or manual updating of SiteMapNode properties per request to control the visibility of the node.
Please see my open question here and explain to me why you would want to do this on GitHub, as it renders most of the features useless: https://github.com/maartenba/MvcSiteMapProvider/issues/16#issuecomment-22229604
Apologies in advance as I'm sure this topic has no doubt been asked before but I couldn't find any post that answers my specific query.
Bearing in mind that I'm new to MVC this is where I have got to. I've got a project developed under VS 2010 using the MVC 3 framework. I've got a search page which consists of 6 fields and a nested model which itself holds around 3 fields.
I can successfully post all this data back to itself and the data is successfully passed as a model and back agian so the fields keep the data which the user has supplied.
Before I move on to actually using this search criteria on another view a thought hit me. I want to keep this search criteria, and possibly even the search results in memory for the duration of the users session.
The reasoning behind this is simply to save my users time by:
a) negating the need to keep re-inputting their search criteria regardless of how they enter or leave the search page
b) speed up the user experience by presenting the search results more quickly
The later isn't as important as the first requirement.
I've done some google searches and indeed had a look through this site on similar topics. From what I've read using sessions (which I would typically use if developing a PHP site) is a no no. From the reasons I've read as to why you shouldn't use sessions seem valid and I'm happy to go along with it.
But now I'm left in a place where I'm scratching my head wondering to myself what exactly is best practice to achieve this simple goal that could be applied to similar situations later down the line in the project.
I also looked at the OutputCache method and that didn't behave as I expected it to. In a test I set the timeout for 30 seconds. After submitting a search I clicked the link to my search page to see if the fields would auto-populate, they didn't. But then clicking the search button the values in the cache were retrieved. I thought I was making progress but when I tried to submit a new value the old value from the cache came back i.e. I couldn't actually change my search criteria with the cache enforced. So I've discounted this as an avenue to explore.
The last option seems to suggest the use of cookies as the most likely candidate, but rightly or wrongly I feel this isn't the best solution. I would have thought the MVC 3 design pattern would have an easier and recommended method of persisting values. I'm sure there is but I've just not discovered it yet.
I have started to use JQuery and again this has been mentioned but I'm not sure this is right direction to take either.
So in summary my question really comes down to what is considered by the wider community as best practice for persisting data in my situation. Effiency, scalability and resiliancy is paramount as I'll have a large global user base that will end up using this web app.
Thanks in advance!
Pete
I'd just use cookies. They're simple to use, you can persist them for as long as you want or have them expire when the users closes their browser, and it doesn't sound like you are storing anything sensitive in them.
I'm trying to use Orbeon 3.9 CE to create an editor for XML documents. I've hit a problem in that the xforms fields I've created for the various attributes don't show up in the web form if the existing input XML document does not have them. I've searched Stack Overflow and the Orbeon doc and wiki but haven't been able to find a setting to fix this.
This is implemented according to the specification: if the ref resolves to an empty sequence (or "empty nodeset" in the XPath 1.0 parlance used by the XForms 1.1 spec), then the control is considered non-relevant. There is no provision for having the node created automatically if missing. So this would need to be done either:
Outside of XForms, in a phase of pre-precessing of the XML to add missing element or attributes.
In XForms, after the instance is loaded, by inserting nodes in the instance as appropriate.
Unless you need to add just a few nodes, the first option is most likely more appropriate.
#avernet's response is correct.
Somebody asked a similar question on this thread.
The recommendation I made was to create an XBL component to handle this automatically. I suggested a first version of such a component, more as a suggestion than as a final, usable solution. But that might help you.