Sitecore today published the Security Hardening Cookbook for the Sitecore Web Content Management System. I updated my post that links to the best Sitecore documentation.

With Sitecore CMS, you’ve always been able to pass a data source item and any number of additional parameters to control how each sublayout and rendering functions. Prior to version 6.1, you could enter parameters in the control properties dialog as key=value pairs. Sitecore parses XSL code and uses reflection to determine the parameters available for XSL and .NET presentation components. For example, if you add the IncludeDetails parameter to the default sample XSL rendering:

<xsl:param name="IncludeDetails" />

Then you will see this parameter in the control properties dialog, along with the default parameters:

Sitecore 6.1 introduces parameters templates to let you define specific user interfaces to enter parameters for each rendering and sublayout. The Presentation Components Reference manual describes parameter templates in detail, but here’s my quick summary of how to implement a parameters template:

• Create a parameters template data template that inherits from the System/Layout/Rendering Parameters/Standard Rendering Parameters data template.
• Add fields to the parameters template data template (for this example, a checkbox field named IncludeDetails).
• In the rendering or sublayout definition item, in the Editor Options section, in the Parameters Template field, select the parameters template created previously.

The fields you defined in the parameters template now appear in the new control properties dialog:

In some organizations, Sitecore CMS users function as both editors and reviewers in a single workflow, but should not be able to review and approve their own changes. There is no “out-of-the-box” Sitecore feature that meets this requirement, but it’s relatively easy to add one.

Add a class such as the following to the Visual Studio project:

namespace Sitecore.Sharedsource.Workflow.Actions
{
  using System;

  public class ValidateApprover
  {
    public void Process(Sitecore.Workflows.Simple.WorkflowPipelineArgs args)
    {
      if (String.Compare(
        args.DataItem.Statistics.UpdatedBy,
        Sitecore.Context.User.Name,
        true) != 0)
      {
        return;
      }

      Sitecore.Web.UI.Sheer.SheerResponse.Alert(
        "You cannot approve your own changes.");
      args.AbortPipeline();
    }
  }
}

In the Content Editor, under the Approve command under the Review state of the workflow, insert an item named ValidateApprover using the System/Workflow/Action data template. In the Data section, in the Type string field, enter the type signature:

Sitecore.Sharedsource.Workflow.Actions.ValidateApprover, Assembly

I added this class to the Sitecore Shared Source Library project and updated the corresponding documentation.