Extending posts for forums
The standard posts for forums system allows you to create moderated or unmoderated, managable discussions. These forums can be extended in several ways:
- customising the forms
- customising the XSL- forum.xsl and forumdiscussion.xsl
- redoing the entire system as a set of data islands using the relevant searchpost and create post web services
In this page we'll looks at customising the forums using ther first two of these to create a forum that allows users to upload files and images into their discussion.
To customises a forum you need to start with a forum. Create one as normal and record its posttype ID for later. At the same time create a page to display the as yet un customised forum.
Creating the folder for uploads
We start by creating a folder in the asset tree at a suitable location. The folder rights on this should be checked to ensure that front end users can administer it this will allow them to upload into it. When created record its shortcutID as its needed later
Creating the form
We need to create a form that will allow users to upload files to the system. This is done via the standard Sitekit CMS form builder. As a bare minimum this needs to take in the following
- The posttypeID (named ID) - needed to create the post/forum addition
- Logged in user ID (named peopleID) - needed to ascertain whether the user has rights to insert
- Name field (named name) - the title of the discussion
- Description field (named body) - optional but useful
- Multipart form uploader (named postfiles) - to take the uploaded file
- Folder location for uploads (named foldershortcutid) - use the 'multi-file upload' form field for this is it the only one that allows pass through of file to web services
The form will collect this information however it needs passed on to the createpost.aspx web service so the fields must have the correct naming convention as shown in the brackets. The screen shot below shows the form builder interface for the one we've built. We've used a hidden field for peopleID and populated it with the ###:peopleid### magic word. The posttypeID will be sent directly in the web service as shown later
We then edit the relevant forms properties adding in the URL ot the external form submission. As you can see we've also edited the submit button text and the message after submission to make them more meaningful in the context of a forum
Hooking up the web service
The URL for the web service to submit is shown below
As you can see the postypeID and the foldershortcut are hardcoded in. We've also added an active=1 argument which allows users to insert items without approval. The fields from a submitted forms are appended onto this string and then posted to the webservice to create the new discussion.
The final stage is to create a snippet that will render as the form as we'll use this to embed into the XSL. The syntax is from the guide and is shown below
<ENQUIRYFORM> <FORMID>1234</FORMID> </ENQUIRYFORM>
If you're struggling to get things working you can test at eveny stage of the way and gradually build up the complexity, a good approach is as follows
- create the forum and give it the correct rights. Rights are key an are a common problem for lack of submissions
- create the creatpost.aspx web service call with the correct arguments and then put this in a borwser to see if it actually create a post. The error meassage from this if it doesn't should allow you to make adjustments.
- create the form without passing it to the web service, create a temporary page to display the form and do some submissions - check that the correctly named fields are produced in output
- hook up the form with the webservice, check submission again
- replace the form page with a normal page embedding the snipplet code - check again
Customising the XSL
The default XSLs for discussion are shown below.
- forum list page - http://yourdomain/Admin/Post/forum.xsl
- forum details page - http://yourdomain/Admin/Post/ForumDiscussion.xsl
These should be copied into a local file folder in the asset tree, and then the forum page should be edited to reference the new XSL location. In this example we'll only customise the first of these XSLs.
Open up the relevant local XSL and replace the standard form block with the snipplet shown, at the same time add a new column to display the upload. Append 'skdebug=1' to the forum page URL and then view source to see what the raw XML is that you're trying to transform. We use Xray architag for this. Alternatively view the XML by making the correct call to the searchpost web service. The correct URL for this would be like this, where ID is the relevant posttypeID
The example above should produce the following. In this case we've left the discussion the same and only modified the initial list, changing the form to allow uploads and adding the uploads to the display.
The forum could be further customised to display uploads on the discussion secton or even to allow uploading from discussion responses. similarly there are argument for createpost that prevent file overwriting in folders o these could be used to police responses. The forms could be extend with more custom post fields and also to allow multiple uploads on a single post. The display could be totally changed via CSS.
A note on security
It is possible to include a front end rich text editor (RTE) for form posts. Both the RTE and its input need sanitised to an extent to maintain security. The RTE to has no option for inputting image or link buttons. There is a setting to enable posting of html into posts. Front-end values inserted into posts are made safe by escaping potentially damaging tags. Escaping is done by replacing '<' and '>' with '<' or '>'. If html-posting is enabled, only critical tags are escaped that are potentially exploitable for injection but if html-posting is disabled, then all tags are escaped. When creating/editing posts in admin, no tags are escaped and posts that have restricted markup added in admin should still be rendered front-end. These changes were added as security enhancements in 11.0 with reference this article and advice from Microsoft