The new match="autodetect" feature on the rowdelimiter places the rowdelimiter between visible rowformats instead of between all rowformats. Rowdelimiters are also not visible at the end of groups when using groupformatting. The autodetect feature cannot be used in combination with levelformatting.

Because renaming the old cache folder and creating a new cache folder made it impossible to set proper ACLs on the cache folder, the strategy has now changed. The original cache folder is no longer moved and deleted. The old cache data is now copied into a new folder inside the cache folder and then deleted. This allows administrators to give everyone full control on the cache folder.

Using Translation.Preview(), you can check whether the preview scenarios (logic filed) of a translations are being executed.

Response.SetCookie() now supports setting http only cookies (cookies not accessible through client scripting) and cookie path.

The Config Editor now has two extra menu options within the Tools menu, Edit Hosts File and Registry Editor, just to give easy access to much used tools/options.

When changing the password of an user (or visitor) and the first character of the new password equals the '@'-character, you get a client-side javascript error: '<new password without first character>' is undefined.

This is due to the fact that the @-character is used internally by Smartsite to implement some advanced client-side validation and scripting. Therefore, it is adviced not to allow the @-character within a password.

The site files (users.xml and visitors.xml in ../system/dataeditor/meta) has been adjusted to include a validation on the password field which disallows the @-character.

When you have a contenttype field which is used to store thesaurus terms (Logical field without a physical field, Thesaurus ctfp referring to a particular Thesaurus, etc.), it is now possible to make the selected terms sortable.

Two steps are required to accomplish this:

1. Add the column "SortIndex" (name of the column is fixed) to the table ContentsThesTerms (int, default 0).

2. Add the ctfp CrossTableSortColumn with the value "SortIndex" to the appropriate contenttype field(s).

Note: as of iXperion 1.2, the database creation scripts will include the SortIndex column for the table ContentsThesTerms.

Data Management/Deleted items now shows the user name of the user that deleted an item.

When rendering an item within the RAW channel, now the code of the parent is written to the xml as well (as an attribute of the parent node).

When importing this xml within (e.g.) another site, this code is then used to match and update the parent if appropriate. When a code attribute is not available, the value of the parent node itself will be used (backwards compatibility).

Notice, that the (advanced) option "Update parent information from xml" must be selected, otherwise the parent of an item will never be updated during an import.

The path used for configuring folder security, when using the "Select folder" dialog, started with a slash.

Because the actual security check is executed using legacy code, which doesn't expect the path to start with a slash, the configured file/folder security didn't behave as expected.

To fix this issue, the UserPaths meta xml file have been adjusted.

When rendering e.g. an Channel item as xml (RAW channel), the contenttypes relation is serialized to xml using the SimpleN2NStorage storagehandler. Within the xml, the contenttypes are included with their name, (primary) key and code.

When importing this xml within another site, the contenttypes relation is restored using the (primary) keys as listed within the xml. When this fails for every contenttype listed, a lookup by name is used as fallback mechanism.

This implementation is still in place, however it is now preceded by matching the related data by code when the xml contains code-attributes and the relation itself (the underlying table) contains a code field as well. If that's the case, the other implementations mentioned before will be skipped, whether matching by code succeeds or fails.

Links with spaces weren't recognized as links and therefore not parsed.

When a contenttype field uses a contentrelation to store related items, and one of the related items has a showfrom in the future, that item is not included in the RAW channel xml output of that field.

This was due to the fact that the active channel view was being used to format the content relations to xml notation, whereas the vwContent view should have been used.

When double-clicking e.g. an image file within the file explorer of the cms manager, properties of the file and a preview will usually be shown. However, on some installations the preview will not be shown.

This happens when you have a newer version of dsofile.dll, which is not compatible with earlier versions.

To solve this problem, late binding is used to detect which version is installed, and the appropriate classes and objects from that version are used.

Overloads were added for convenience (for use with the current date/time)

Ajax callbacks would seem to 'hang' when a server error occurred before the actual Smartlet execution was started.

The feedreader macro now registers the given location in AIM.

You can now set a MaxAge timespan on <se:cachefile />

Within every wizard of the cms manager, the close button has always been the default button. So, when you hit the Enter key, no matter which element within the wizard has focus, the wizard will close.

This has been changed. Now, the Next button (when enabled) will be the default, or otherwise the Finish button (when enabled). Also, the keydown javascript function responsible for this behavior has been adjusted as well. It now takes the active element into account, and when this element is a button, the click event of that button will be fired when hitting the Enter key, instead of invoking the click event of the default button.

Notice however, that you can also hit the spacebar when a button has the focus to invoke the click event (standard browser behavior).

Furthermore, you might also like to know that hitting the Escape key will invoke the Close/Cancel button and so the wizard (or any other "normal" cms dialog) will close.

When adding a new item within the cms manager, xlinks macro(s) added to the logic field without specifying a parent explicitly will not be displayed when previewing the item.

This is due to the fact that the parent for the xlinks macro can not be determined automatically when previewing a new (not yet saved) item.

However, when supplying inputdata, there's no dependency of the parent, so the xlinks should be able to display its result. This has been fixed.

When using Sxml.Execute(), you can now set a flag that allows you to catch syntax exceptions. Syntax Exceptions are normally uncatchable, except when rendering sxml indirectly using the embed macro.

Users would be prompted for credentials.

Fixed empty site and upgrade scripts.

Changes in the /Scf/jQuery/Behavior subfolders did not lead to rebuilding of the aggregated Global Scf includes, due to a bug in the FileSystem.GetlastModified() viper.

When copying a channel, errors can occur in your iXperion Publication Server if you don't make the DefaultDocument unique, and forget to change the HostHeaders Xml.

Now, when copying a channel, these two fields are emptied automatically.

The se:webservice macro can now also be used to connect to a WCF service which uses a net.tcp listener.

The Webservice module just checks the specified url, and if it starts with "net.tcp:", it automatically switches to the WCF NetTcpBinding internally.

(Support for net.pipe bindings have not been added, because access to a named pipe has some impersonation restrictions.)

The collection SXML construct now supports the inputdata attribute, to import the collection from a DataTable. Simply create a DataTable with the columns supported by the collection macro parameter, and pass it to the collection using inputdata="(your datatable)"

The character set/content encoding of the response was not taken into account when decoding the returned result.

A new Viper method was added: ContentType.Field.Exists(). It can check whether a (logical) field exists in a contenttype.

The bug caused the use of multiple embeds to fail when the page was posted (e.g. for Legacy Forms).

Several changes were made to reduce the amount of memory used by Smartsite.

A new viper was added to the contenttype Viper class: getgroups(). It allows you to pass multiple ContentType codes and get all contenttypes belonging to the given groups.

If an (Xml) item had its own Xml declaration (<?xml ... ?>), the AIM scanner would fail to process it.

When e.g. clearing the memory cache using the cms manager (reload site, clear memory cache), the locales object is flushed as well.

Due to a bug within the (re-)initialization of the locales object, however, the resource strings for the configured locales were not loaded correctly, which resulted in the fact that locale.translate to other (non-default) languages failed. This has been fixed.

When a localized string resource has been changed, using the Configure Localization action within the cms manager, this change is not always reflected on the publication engine.

This problem occurs if the required Outscaling Datasource for the database object vwLocalizedStrings is missing. This datasource should have the (local) cms instance configured as source server and the (local) pub instance as target server.

However, when properly configured, there's still another issue: after the localization cache has been flushed, localized strings are not properly translated anymore. This has been fixed.

When the render service (which is used when previewing an item within the cms manager) encounters an error, e.g. because the sxml is invalid or inconsistent, the error is not displayed anymore within the preview tab.

Instead, a generic message "Render request to InteropService did not return a response or an error was raised." is displayed.

Trying to sort the selected items in the list view would result in an error.

Rendertimes returned by this.rendertime were incorrect.

Webservice calls to Outscaling's external webservice would fail with the exception "Object reference not set to an instance of an object.".

This was due to a bug within the Smartsite.Interop.IIS.WebserviceHandler, which threw this exception when the Path registry setting within the site's logging configuration was missing.

As work-around, add the Path setting to the site's registry configuration, specifically the Logging configuration: HKLM\Software\Smartsite Software\Sites\[sitename]\Logging.

When the forms login is triggered automatically for autorization to a restricted page, the ReturnUrl query variable is passed to it. This variable is used after successful authorization, to redirect the user to the requested location. However, in the scripting-enabled situation, the variable was lost after one unsuccessful login try.

When you try to copy an item (which is a folder) to itself within the cms manager, an error dialog is shown with the message "source and destination can not be the same".

However, why shouldn't you be allowed to create a copy of a folder directly below itself? Well, there's no reason for it, so this check has been removed.

This used to be every version (local or not) of the translation (all "local" translations with the same name).

Due to a bug, the description of an item within a feed was set to null when that item didn't have a link field.

You can now use the ConfigProcedureName parameter in a connection string. The stored procedure defined by this parameter will be executed every time a connection is opened. Do not execute heavy stored procedures because that will slowdown Smartsite.

The Query Preparser is now accessible using a viper. The Query Preparser can now be bypassed in the SqlQuery macro.

Due to a bug, the string resources for the internal default locale "en-us" were not loaded when the channel's default locale has been set to e.g. dutch.

Since the internal default locale is being used to lookup translations, locale.translate was unable to translate strings to e.g. dutch.

The preview session id was not passed on to the embedded page.

The column had to be renamed to due Oracle limitations. The site upgrade script will rename the database column for you when upgrading to 1.2.

The sqlquery macro now has a database neutral way of calling stored procedures. The Sxml notation for calling a stored procedure in SqlServer and Oracle is the same. Note that there may small differences in e.g. types supported by the different database systems.

By settings a useful name on the database connection, dba's can see which connection belongs to which Smartsite site.

The Update Publication tool has been adjusted, and does now take Outscaling configuration into account. It automatically detects whether the database instance being updated belongs to an cms server instance which acts as a publisher or a subscriber.

Contents is added/updated accordingly. (When it's a database instance belonging to a subscriber, contents will not be added/updated, since Outscaling will automatically synchronize the changed content from the publisher to its subscriber(s).)

Different database providers may require different syntax for the list query. Suffix the ListQuery parameter with an underscore and either "Oracle" or "SQLServer" to set the query for the different providers. If the parameter with the required suffix is ont found, it will default to ListQuery without any suffix.

Outscaling mechanism to remove non-existing constraints or automatically send the record causing the constraint viloation when synchronizing records (e.g. user or usergroup) didn't work properly.

Also, the dataeditor meta xml files (the default set which comes with our "empty six site") have been adjusted to use this mechanism for the standard Smartsite "objects" (Users, Visitors, UserGroups, UserRoles, etc.).

- A new version (2.1) of the dsofile.dll was incompatible with Smartsite file properties dialog

- WebEditor Table menu commands didn't work in Internet Explorer 8

- Legacy Forms email binding ignored Sender field when rendering an item as message body

- Find in Tree action ignored selected keywords, filtering only on tree selection and contenttypes

- Professional edition didn't display separators in menus

The bug was fixed was overruling the encoding specified by the xslt document.

The Config Editor uses ADSI internally in various places, however without having the IIS 6.0 Management Compatibility role service installed, this is not longer supported in Windows 2008 / IIS 7.0.

The Config Editor has been updated, and now switches to (objects from) the Microsoft.Web.Adminstration namespace when IIS version 7.0 is detected.

The SendMail macro allowed only files within the site web root to be included as attachments.

The Config Editor didn't have support for Oracle connection strings.

When calling the response.redirect viper from a host header B (a non-default host header) resulted in a redirect to the default host header of the same channel.

When saving a new item using the Office Integrator (a.k.a. Remote Editing), the item isn't created with the specified title. Instead, the item is created with a title like "_tempXXX_import No Title 1", where XXX equals the item's number. This only happens when using Word/Office 2007.

This was due to the fact that Office 2007 doesn't include a title element within the head section when a document is saved as html.

Custom code have been added to fix this problem.

The sqlquery now allows you to use the "order by" statement in a sqlquery macro that uses paging before the "from" statement is used.

Because the schema information is now retrieved from the the database, the schema definition in the smartsite.data.config is now deprecated and must be removed from the configuration file. This is done automatically by the upgrade script.

The editor lost track of the insertion point if no text was selected.

Due to an older, which turned out to be an incorrect, implementation of Active Directory support within the cms manager, an user was unable to login into the manager when he/she first logged in on the front-end and vice-versa.

This was due to the fact that the implementation within the cms determined the wrong SID (Security Identifier) and therefore wasn't able to match the determined SID with any user/visitor.

This implementation has been fixed, and now both the cms and publication engine use the same SID values.

When an user is already registered with the wrong SID value, the SID value will automatically be updated to the correct value.

Notice that you have to make sure your web.config has been properly configured to use Windows Integrated Security:

<location path="cms">

<system.web>

<globalization requestEncoding="iso-8859-1"/>

<authentication mode="Windows" />

<authorization>

<allow users="*"/>

<!-- allow access for all users, the manager uses it's own implementation for authenticating users -->

</authorization>

<httpModules>

<clear/>

<!-- clear the inherited httpModules -->

<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/>

<add name="Session" type="System.Web.SessionState.SessionStateModule"/>

</httpModules>

<httpHandlers>

<clear/>

<!--clear the inherited httpHandlers-->

<add verb="*" path="/cms/webservice.dws" type="Smartsite.Interop.IIS.WebserviceHandler,Smartsite.Interop"/>

<add verb="*" path="/cms/*.dws" type="Smartsite.Interop.IIS.Handler,Smartsite.Interop"/>

</httpHandlers>

</system.web>

</location>

The Active Directory Membership Provider for the publication engine and the Windows logonhandler for the cms engine, both supporting the use of windows integrated security, have been updated:

- They now both have a symmetrical implementation of the StoreFullyQualifiedLoginName option (this option wasn't supported by the logonhandler before).

- The StoreFullyQualifiedLoginName option now also takes effect when no default domain (the first entry within membershipMappings, if any) is specified.

- Switching between Smartsite standard security and Windows integrated security is now much easier, both the provider and the logon handler do now use multiple lookups to find the appropriate user (based on the SID, loginname or loginname@domainname).

When doing a preview in the CMS, itemdata.field(<fielname>, <location>) always used the current item's data instead of the given reference.

The se:webservice macro now also supports returning the result as DataTable.

To get the result as DataTable, just set the returntype of the macro accordingly. You can then use standard formatting (se:format) to format the result.

Notice however, that the webservice being called must send the response in a format which is compatible with a DataTable.

And if the webservice does actually send a (serialized) DataTable, you probably need to set the ReadSchema property to true.

For example, when you upgrade from version 1.1 to 1.2, it will only install the files and execute the database scripts that include changes since release 1.1.

Oracle database version 10g release 2 and 11g are supported.

Only a comma was allowed. Cc and Bcc fields already allowed the semicolon.

When the web.config includes Active Directory configuration, the Config Editor now performs (basic) validation for this configuration. It checks if it can connect to the specified domain using the supplied credentials, as well as checking the specified groups.

Because of an erroneous check in the Sxml logic, item comments would throw an exception when allowNested is set to false.

To fix this in an existing site, edit the sml_ItemComments smartlet and change the line:

<se:if expression="smartlet.get(commentParent) == 0 &amp;&amp; smartlet.get(allowNested)">

to:

<se:if expression="smartlet.get(commentParent) == 0 || !smartlet.get(allowNested)">

The recommended Active Directory (AD) configuration includes creating global groups (e.g. "ad_webmasters", "ad_editors" and "ad_chiefeditors"), in which the users, dependent on their role within the organization, are distributed.

Besides these global groups, (at least) one domain local group must be created (e.g. "ixperionaccessgroup") in which the global groups must be added as a member (and no user will be a direct member of the domain local group). This domain local group must then be specified within the web.config as SmartsiteAccessGroup (Smartsite.ActiveDirectoryConfiguration section).

However, Smartsite's Active Directory MemberShip Provider didn't take parent groups into account. With the recommended AD config, you would get an access denied message when you try to login, because only direct group membership was resolved. So, although the user is member of e.g. "ad_webmasters", the membership provider didn't reckon the user is a member of the specified SmartsiteAccessGroup.

Smartsite's Active Directory MemberShip Provider implementation have been adjusted to take parent groups into account. In the above example, when an user is member of "ad_webmasters", he/she is also considered to be a member of "ixperionaccessgroup", since the "ad_webmasters" group is a member of this group.

The response.redirect viper now correctly redirects to a friendly url if the item has a friendly name.

Some RSS feeds, like all the CNN RSS feeds (e.g. "http://rss.cnn.com/rss/edition.rss"), use a datetime format for the pubDate RSS xml element containing an timezone abbreviation other than the standard "GMT".

In case of the CNN RSS feeds, the timezone abbreviation "EDT" (Eastern Daylight Time) is used (e.g.: "Wed, 08 Jul 2009 05:35:48 EDT").

The .NET DateTime object, however, can not parse datetime strings containing these timezone abbreviations (apart from "GMT"), so when trying to load the CNN RSS feed the following error was returned:

"The string was not recognized as a valid DateTime. There is a unknown word starting at index 26."

The feedreader macro has been adjusted to be able to parse datetime strings containing timezone abbreviations included in the RFC822 standard.

When using an Outscaling scenario, in which one of the cms server instances has been configured to use pulling, the items being pulled fail.

This had to do with an encoding issue, the rendered result returned from a webservice method wasn't correctly encoded and appeared to include a bunch of question marks only. This has been fixed.

This error was triggered when datatables without a table name were using in the Filter macro.

The cms manager should display an access denied message when you try to edit an item of a contenttype on which you don't have access rights.

This is the case when editing an item which is not a folder, however, when the item is a folder, the access check didn't function properly and it was possible to edit the item. This has been fixed.

Furthermore, Add Specified Item was disallowed when the default contenttype of the folder is of a contenttype on which the current user doesn't have access rights. This has been fixed as well. Now, the select contenttype dialog is shown, listing only the contenttypes the current user has access rights on.

Pdf converter now sends application/pdf as the http content type to the client to support IE6 clients that require application/pdf.

The webservice macro, by default, returns an XmlUTF8TextReader object. This object is then used by the se:xslt within the se:format, which is usually set within the webservice's parameter block.

However, when you want to save the result of the webservice to process it within a separate e.g. se:transform, the response xml should be returned as string.

The webservice macro has been adjusted and will now return the response xml directly when the resulttype has been set to "string".

The paging macro now has direct methods for going to specific pages

More information can be found here: http://docs.ixperion.smartsite.nl/?nr=29473

Requests on a non-default channel that triggered an error, were redirected to a custom error page on the default channel.

The WCF service methods all use a custom login method to be able to impersonate the current user. This mechanism fails when using Windows Integrated Security.

Specifically when the default provider has been set to the Active Directory Membership Provider, this mechanism has been adjusted.

The CMS Setup installs a new version of the Hasp License Manager: version 12.47.

This version solves the stability issues reported with earlier versions. Therefore, make sure the version of the License Manager is 12.47 or higher.

To inspect the Hasp version number, browse to the License Manager (http://localhost:1947) and select About.

The TestSuite fails to render any item and just returns "401 Authentication Required" for every single item when the site has been configured to use Windows Integrated Security.

This was due to the fact that the TestSuite didn't take the configured authentication scheme into account when creating its internal http listener and just used the default Anonymous.

The TestSuite has been adjusted and now examines the web.config (IIS 6.0) or the applicationHost.config using the Microsoft.Web.Administration.ServerManager class (IIS 7.0) to see if Windows authentication has been enabled. If so, the authentication scheme is set to AuthenticationSchemes.IntegratedWindowsAuthentication.

The Publication Server System Information within the System Panel action of the cms manager did return the wrong version number. Instead of the version number of the publication engine (in particular Smartite.Runtime), the version number of the host process (w3wp.exe) was returned.

Contenttype fields for which the ctfp ctrl:isBitPattern has been set, such as the FriendlyNameType field used in many contenttypes, fails to import correctly. The underlying value, as specified within the xml, is ignored. This occurs when manually importing an item containing this field, as well as in an Outscaling scenario.

This was due to the fact that the storagehandler(s) used for this type of field didn't have logic to detect and handle a value which represents a bit pattern. The SimpleLookupList and SimpleLookupStorage storage handlers have been adjusted to support bit patterns.

The jQuery.noConflict() method will now optionally be called, unless jQueryNoConflict is set to false.

When using the Data Management action to undelete a previous deleted item, updating (the status of) the item on the cms subscriber(s) of the local server fails with the error "Unable to load item data".

This is only applicable when using a scenario with two or more cms server instances, where the local server has at least one subscriber which is also a cms server instance.

An explicit status update has been implemented prior to the regular update operation to fix this problem.

When using a scenario of two cms server instances, each with their own publication server instance, contenttype changes will be synchronized automatically if Outscaling's eventsubscriber EventClasses registry parameter includes the "ContentTypes" event class.

If you want to synchronize contenttypes manually, or you want to make sure a specific contenttype is the same on both server, you can use the action Synchronize Contenttypes. Just select one or more contenttypes and a target cms server. When the contenttype(s) is updated on the target cms server, the publication engine of that server will be signalled as well.

However, this last step had a bug, which resulted in the error "Unknown contenttype event subtype: Update". This event subtype, which will result in reloading the contenttype, has been added. Notice that this error only occurred within this particular scenario.

When using a DualList to display a multi-select for relational (n-2-n) data or a thesaurus, the number of records to be displayed within the left selection list may become too large.

To limit the number of records to load/display, the ctfp ctrl:FilterMode can be used (in combination with ctrl:DefaultFilter to set an initial filter). However, an user would still be able to clear the filter textbox, hit the 'Apply Filter' button and it would result in loading/displaying all records again.

To solve this issue, an Required FilterMode has been introduced, which equals the value '8'. To switch to Required FilterMode, the ctfp ctrl:FilterMode (which is a bitmask) should equal e.g. 10 (2+8; 2=Display filter input, 8=Required filter; see http://support5.smartsite.nl/smartsite.dws?goto=SMWC5.CTRL.FILTERMODE).

The idea is, that the number of initial records loaded will be limited by using ctrl:defaultFilter, e.g. the letter 'A'. After that, the user will be able to load another set of records of which the "name" (the external display field to be exact) starts with the supplied filter, e.g. the letter 'B'. So far, this is just how ctrl:defaultFilter and ctrl:FilterMode (=1,2 or 3) works.

However, when ctrl:FilterMode bitmask contains 8 (=required filter), the 'Apply Filter' button will just abort when there's no valid filter input and alert the user that the specified filter doesn't contain the minimum required characters (spaces and '*' excluded, which are automatically removed from any filter string). The default minimum required characters is 1. You can use the (new) ctfp ctrl:FilterMinimumLength to adjust this default, e.g. when filtering on the first character will still result in too many records. Of course, in that case you should also adjust the ctrl:defaultFilter to include two characters.

Using the property IncludeParents, parent folders used in the Parents property are now included in theb resulting DataTable.

SignalSmartsite now supports integrated security to logon to the pub server.

The following methods were added: url.setparameters, url.removeparameters and url.removeallparameters.

Because IIS somestimes serves requests to files on disk from an asynchronous thread, the ACLs that are set on that file, were not always checked when using impersonation. The ACLs are now always checked in Smartsite.

The publication engine now also includes a generic LDAP membership provider, which can be used to connect to e.g. Novell e-Directory.

The same code base is also made available through COM-interop to the cms manager, so the same implementation is used on both the front-end and the back-end. The new cms LogonHandler SixSecurity.LDAP uses this COM-interoperable implementation and can be used for Windows integrated security as well as LDAP-enabled domains.

An exception was thrown in the CmsWebCacheDependency when the ExternalReferences table contains a relative url.

When saving an item which contains an <form> html element within the body, the compliance handler (W3CCompliance) raised an error "Invalid use of Null" and you weren't able to save the item.

This has been fixed.

Indentation should be handled in CSS.

Alignment of text should be handled by CSS.

The viper Request.IsPreview has been added. This way, developers can make exceptions in Sxml code for preview requests.

There were problems with some date representations and with Atom 1.0 feeds.

Newly added items in the TestSuite are now immediately opened in edit mode.

The iisrestart.exe tool did use ADSI objects internally to query IIS and perform its tasks. IIS 7.0 (Windows 2008 & Windows 7) does not support ADSI anymore (unless IIS 6.0 compatibility has been installed).

Therefore, iisrestart now checks the IIS version, and if it's 7.0 (or higher) objects from the Microsoft.Web.Administration namespace are used instead.

Smartsite now has a datatable.aggregate method that allows you to aggregate values grouped by zero or more columns. A new datatable is returned that contains the count, sum, average, min value and max value for each aggregated group.

The XHTML+RDFa DocType is now available natively. For more information, read http://www.w3.org/TR/xhtml-rdfa-primer/

When using the FileInput control within the cms, images (or other filetypes) added using this control will have an "absolute" path (it starts with "/", e.g. "/images/myimage.jpg").

Outscaling uses the external webservice to synchronize files which are included within the aim references.

However, the external webservice fails to resolve paths which starts with "/". This has been fixed.

Due to a flaw in session logic, using sessions could lead to random errors. This has been fixed.

AIM requests on an item caused the item to have sessions set to disabled when in the normal request {session.enable()} was called. When the AIM request was performed before a regular request was performed, an exception was thrown.

A new macro has been added to Smartsite that can generate captcha images.

You can now grant pdf readers the right to copy content from the pdf by setting the CanCopyContent command to true.

To be able to synchronize Localized String Resources between multiple CMS instances, first an appropriate Outscaling Datasource must be created.

However, notice that vwLocalizedStrings must be used as datasource name and not the table LocalizedStringRecources itself.

Due to some issues, however, records added or changed to/within LocalizedStringResources failed to synchronize. This has been fixed.

Furthermore, the dataeditor meta xml file vwLocalizedStrings.xml should be changed, especially when you have configured an Outscaling scenario with two (or more) cms server instances: add an allowedit node with value set to 2 to the field with name="ResourceKey". (It shouldn't be allowed to change the ResourceKey for existing records.)

SetAppId() can be used to create an application id that can uniquely identify the Smartlet for personalization properties, when multiple instances of a Smartlet exist in a site.

This is needed is a table definition has changed, for example when columns have been added.

The SmartNumbering trigger enumerates all columns and must therefore be recreated.

As of iXperion 1.2, the Active Directory (or any other LDAP directory) implementation, especially the group membership handling, has been changed.

Prior to 1.2, the SmartsiteAccessGroup and VisitorGroup as defined within the web.config (Smartsite.ActiveDirectoryConfiguration section) must be present within the list of externally managed groups within Smartsite. However, this was not the intended way of implementation.

As of version 1.2, it is no longer required (in fact, it is preferred) that the SmartsiteAccessGroup and ManagerAccessGroup (which replaces the VisitorGroup) are included within the list of externally managed Smartsite groups.

Instead, use a number of domain groups (e.g. "AD_Webmasters", "AD_ChiefEditors", "AD_Editors") to distribute the domain users into groups with different access levels. These groups must have a 1-on-1 representation with externally managed groups within Smartsite. Also, these groups must be a member of the specified SmartsiteAccessGroup and ManagerAccessGroup (when approriate).

When a user logs in into Smartsite, the user's group membership is determined (recursively), and when the user is (indirect) member of the ManagerAccessGroup, the user is allowed access (and when the user does not exist within the Smartsite database, a record is created with the IsVisitor bit set to 0).

When the user is not a member of the ManagerAccessGroup but (only) a member of the SmartsiteAccessGroup, the user will only have access to the front-end (and when the user does not exist within the Smartsite database, a record is created with the IsVisitor bit set to 1).

The user will automatically be added to the built-in Guests group.

The Outscaling action Synchronize Files is able to synchronize a complete folder to a selected target server.

But in rare occasions an error is reported when Outscaling tries to synchronize a protected operating system file, such as thumbs.db, when it encounters such file within the specified folder (and no filename pattern has been specified).

Other files within the same folder are synchronized nevertheless, so the error isn't too bad.

However, in iXperion 1.2 we have implemented an option within Outscaling to specify a File Exclusion List (which defaults to "thumbs.db;*.dws;*.config;*.dll;*.exe;*.asax;*.asa"). The appropriate location for this setting is the FileExclusionList registry parameter within the BackgroundComponents\Outscaling registry key.

Before synchronizing any file, the files found within the specified folder are compared to the filename patterns included in the File Exclusion list.

If the filename matches one of the filename patterns, it is removed from the list of files which are going to be synchronized.

This feature also makes sure that Smartsite, ASP and IIS specific system files (such as the assemblies, the web.config, global.asax) will not be synchronized. That is, as long as you include the appropriate filename patterns within the File Exclusion list when you override it.

The Import wizard includes the option "Only update items with a later modification date within the import file". When this option is set and the appropriate import mode has been selected ("update existing items, if not found create new items" or "update only"), the Importer should only update an existing item if the moddate of that item is older then the moddate found within the xml.

However, this functionality didn't always have the expected outcome, because the Importer used the wrong datetime value to compare the moddate with. It gave priority on the exportdate node within the import xml (if present), instead of giving priority on the moddate node (if present) for each individual item within the xml.

The Config Editor now also checks the userroles defined on each security profile within Smartsite.Security.config.

When an userrole does not exists within the (Cms) database, an error is displayed.

When you change either the (logical) fieldname or the physical field of a specific contentype field definition, Outscaling fails to synchronize this contenttype change to the (local) server's publication engine server instance.

This was due to the fact that the specific event ("ContentTypes.ContentTypeFieldChange") used for this type of change was not recognized within the publication engine. This specific event has been added.

The /nosplash argument can be used to suppress showing the Splash Screen.

Like EmbedURI before, custom post data can now be passed to the embedded item.

You can now use Viper methods to store and remove cache.

The cms manager action Import Word Document(s) did use the same location as the selected Word document(s) to store temp files.

When the selected Word document(s) is inside the www-root, this means a temp directory is created within the www-root as well and this may result in an application domain recycle.

Although this is default ASP.NET behavior (to recycle the app domain when certain file/directory changes within the www-root occur), using the Import Word Document(s) action shouldn't result in an application domain recycle. To prevent this from happening, the Import Word Document(s) action now uses a temp directory within ../system/temp, which is removed after a successful import.

You can now store global variables in the same way you can with personalization profiles. Simply call the storage vipers.

SXML in the cells would not be resolved.

The Config Editor now also validates basic Outscaling configuration (registry configuration for a scenario with 1 cms engine and 1 pub engine).

When you change the content access for specific items using the Manage Content Access action, these changes are not synchronized to (other) cms server instances.

The Manage Content Access dialog now sets the activation date to the current date/time for the (active) items on which the content access security is set, so Outscaling is able to synchronize these items to the other subscribed cms server instances, if any.

(As part of the synchronization process, the content access security information is serialized within the xml output of the RAW channel and deserialized and interpreted during the import process on the target server.)

Because of this, when moving an item (using cut/paste within the cms manager) from one folder to another folder, this change is not reflected on the cms subscriber(s) of the local server instance.

In previous versions Smartsite refused to start when unknown data types were used in the Smartsite database.

Because it is imperative that Smartsite (the cms engine) has write access to its own registry settings, the cms engine will now fail to start if this write access is denied.

Support for docx files has been added to the cms manager action "Import Word Document(s)".

A number of Viper methods are added to write data to disk.

Database queries that fail now result in an EventLog entry.

When calling a webservice using the se:webservice macro and this webservice requires a DateTime value as (input) parameter, the webservice call would most likely fail because the DateTime parameter was serialized in the wrong format.

To be able to change e.g. the target server for multiple DataSources at the same time, the Outscaling Datasources action within the Outscaling Console should allow mult-select.

The creation scripts for the EmptySix site has been adjusted to facilitate this. If you want to enable the same feature within your own existing site, you must add listMultiselect="yes" manually to the parameters of the Outscaling Datasources action (using Configure Security).

When changing the sort-order on a folder item to custom and re-arranging the order of its child items, this change is not reflected on the publication engine. This was due to the fact that for the child items no ContentChange.Activation event was generated, which is needed to synchronize the change notification to the publication engine.

When using the se:webservice macro to connect to a http-based webservice which uses the soap 1.2 protocol (such as the Flickr webservice) you get the exception "The content type application/soap+xml; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8).".

This is due to the fact that the se:webservice internally by default uses the BasicHttpBinding, which only supports the Soap 1.1 protocol.

To be able to support Soap 1.2 protocol as well, the BindingType (enum) property has been added to the se:webservice macro. When the webservice you wish to connect to uses Soap 1.2 protocol, set the BindingType to "wshttpbinding". This binding does support the Soap 1.2 protocol.

When using an Outscaling scenario of two (or more) cms server instances, each with their own database, SubTree Management changes are not synchronized to the subscriber(s) of the local server instance.

The first reason for that is the fact that the Outscaling Datasource for the table SubTreeHierarchy was missing from the default set of Outscaling Datasources. If your site doesn't have a datasource for the table SubTreeHierarchy, you should add it.

Second, because of the database design of the SubTreeHierarchy table, the Smartsite built-in MetaBinder object needed to be adjusted, to be able to determine the appropriate key when a SubTree entry was added.

Virtual Assemblies provide a way to roll out .Net components with SXML functionality (Macros, Vipers) without having to deploy physical components (dlls). They could be used before (search for VAS in the documentation), but the VAS ContentType, needed for them, is now rolled out as a part of the 1.2 package.

It used to remove the rootnode from the response.

When the calling webservice returned a fault, the se:webservice macro just returned this as a valid result.

This has been fixed, if an fault envelope is returned, this fault envelope is used to throw an Smartsite Exception.

The id was always generated and consisted of a prefix and a guid.

Use the boxid named parameter to pass it to a smartlet rendering a SmartletBox.

Virtual Assembly references would only work if they were fully qualified file references

The TestSuite would not read in the IIS7 authentication correctly: if Windows Authentication was enabled, it would use ONLY Windows Authentication and ignore other schemes.

The SiteMap macro now has a property to query only folders, so you don't have to resort to formatting to filter non-folder items out.

When a json request was done on a normal page, Smartlets would run in callback mode, causing server errors, resulting in the ajax request failing.

Smartsite iXperion has been optimized to be able to render items as quick as possible. Therefore, the publication engine caches a lot of information and many objects simply reference each other.

All security objects (users, usergroups, userroles) are no exception to this. These are read from the database upon site startup and cached in memory. Other objects, such as contenttypes, use references to these object as well. So, when e.g. an user is added or changed, it is not just a matter of reloading the information for this specific user, since it may be referenced by many other objects.

The only viable option to refresh the in-memory state of the publication engine when a security-related object has been changed, is to unload the site (which is the result of restarting the publication engine).

To remind the user of the need to restart the publication engine before the changes to a security-related object takes effect, several cms actions within Configure Security have been adjusted. The actions "Edit Users", "Edit Visitors", "Edit Groups" and "Edit Roles" will now all show a dialog after pressing the save button, informing the user about the need to restart the publication engine and whether or not this should be done right away.

The schema cache is now deleted from disk when the user refreshes the schema cache.

Smartlets use only named arguments. These arguments are defined in the public contract, the properties collection inside the smartlet macro in the Smartlet translation. These properties should be shown to users when calling the Smartlet using Viper syntax.

The itemdata macro now uses the default value if Data Navigation return an empty datatable. Previously the default value was ignored because was not null.

Purge Items isn't applicable for an Outscaling configuration of one cms instance (the cms engine/manager) and one pub instance (the publication engine). Therefore, the event responsible for synchronizing Purge Items (which is "ContentChange.PurgeItems") isn't listed within the standard EventClasses registry parameter for Outscaling's EventSubscriber.

However, when you have an Outscaling scenario/configuration which includes two (or more) cms instances, and you do include "ContentChange.PurgeItems" in the EventClasses registry parameter on both (!) servers, purge items action will be synchronized.

When sending email using the sendmail macro, XHTML was corrupted into HTML and encoding errors occurred. You can now specify HtmlBody separately (and still set Body to a plain text value) and the XHTML will not be corrupted.

Sometimes, after rendering a page, the TestSuite Dependency List could not be shown due to a threading issue.

A http status code was sent to IIS directly, so only IIS error page configuration could be used.

To make Outscaling configuration a lot easier, the Outscaling EventSubscriber now implements its own default event filtering. This default event filtering becomes active when the registry parameter EventClasses is set to "*". Events that are never applicable for any Outscaling configuration will be discarded right away. Other events, which may or may not be applicable depending on the Outscaling configuration will be added to the Outscaling event queue.

So, for iXperion 1.2 and later versions, it is adviced to use "*" as value for the EventClasses registry parameter within the Outscaling Eventsubscriber registry configuration.

This way, all relevant Smartsite events will be added to the Outscaling event queue. From there on, the Outscaling background component will evaluate each event and assign it to the appropriate server instance(s), or will discard the event if it's not applicable for any subscriber.

The extension viper SetForcedResult() now has an overload for explicitly terminating the request immediately.

Due to a flaw, the creation of error pages sometimes resulted in an exception, thus hiding the true error.

When you have an Outscaling scenario running with two cms server instances, each with their own database, and you update an channel item, the Importer/Outscaling will fail to update the item on the receiving cms instance. When updating the channel item an item validation error occurs: "Default document must be unique within the site".

This was due to fact that the ItemValidation ctfp (on the Nr field) for the Channel contenttype wasn't compatible with an import/Outscaling scenario.

To fix this problem the variable "key", containing the itemnumber in question or 0 for new items, has been made available for every ItemValidation script. This made it possible to re-write the ItemValidation ctfp in such a way that it is now compatible with an import/Outscaling scenario.

As temporary fix, you can safely remove the ItemValidation ctfp of the Channel contenttype on the receiving server instance. It will be restored/fixed when running the update to 1.2 script.

Scf now includes a way of calling translations from client-side Scf code.

The built in cross-site scripting filter in Internet Explorer 8 would break the error dialog presented when there is a conflict in FriendlyNames.

Validation failed in prior releases when Sxml macros were used in the html elements script, style, dl and option.

When your site (the front-end) has been configured to both use Forms authentication and SSL and you're using IIS 7.0, the cms manager can not be accessed and you get the standard Forms authentication login page when browsing to the cms manager. This happens only when the Smartsite.config of your site contains a ManagerAddress appSetting which is also set to an https address.

This was due to a bug in determining whether the AppDomain's virtual path (for the cms manager) equals the configured manager address. This has been fixed.

Now, the Timeout property will be used as http request/read timeout

The url.getbaseurl viper did not return the base url for urls hosted by Smartsite but returned the url of the browsestartpage instead.

The PlaceholderData macro did not behave as predicted and had schema validation problems.

New overloads exist for retrieving the logical name based on the physical field name.

This could cause an error during AIM rendering.

In the Empty site, the translation content has been changed to:

{sys.iif(itemdata.code()=='ASPNETMASTER' OR !contenttype.field.exists(itemdata.contenttypecode(),title), '', itemdata.rawfield(title))}

When requesting secured items within the AIM channel as the guest user, the AIM rendering result may still display partial results.

This was due to the fact that the AIM rendering module received a 401 status code as (partial) result and just went on with determining static AIM results.

When it's an AIM request and authentication is required, an exception should be thrown instead of returning 401 status code. This has been fixed.

When specifying redirect="InternalErrorPage" for custom errors, you can now force the callstack error page to be shown for specific errors.

When showing the details of an item, the manager ignored the subtree assignment in channels.

Host headers used to be defined in the channel items but as of version 1.2, they should be configured in the Smartsite.config file. Host headers can still be configured in the database but this feature should only be used for backwards compatibility.

The Sql native client returns length -1 for varchar(maxlength) fields instead of 2147483647.

When previewing pages in edit item, pressing the 'Source' button ignored the selected channel.

Changing the webservice username or password required a TestSuite restart. Now the username and password are effective without restarting.

The se:pdfdocument macro, whether or not streaming was enabled, always wrote response headers to the output. However, when using the save="..." option on the macro to capture the pdf output and re-use it for further processing, the response headers (usually) shouldn't be written.

To accommodate for this scenario, the WriteResponseHeaders property has been added to BinaryBase, the macro from which PdfDocument inherits. With this property, writing response headers can be suppressed.

Site.Settings.GetStringValue() now fully supports XPath queries

The Config Editor did check access rights to the path "C:\Windows\system32\LogFiles" for every account specified within Smartsite.Security.config.

However, these accounts do not need to have access rights to this folder, only the application pool identity of the cms application pool. The Set Site Security tool does check, and when selected grants, the appropriate access rights.

Therefore, the access rights check for the LogFiles folder within the Config Editor has been removed.

Open in new window now show a list of all channels an item can be viewed in.

The Edit Item actions now support a 'Read Only' mode. When a user tries to edit an item that is in use, the message shown now allows him/her to open the item in a 'Read Only' mode. You can also explicitly open an item in 'Read Only' mode, using a new user action.

If all the host headers of a channel are unique to that channel, the friendly name of that channel is no longer written when generating friendly urls for items that have a short friendly url.

Binding cache directly to contentchange events was broken since iXperion 1.1.

When using the 'Add to global include' checkbox, the style and script links generated by Scf would always point to the deafult channel instead of the current channel.

Smartsite iXperion 1.2 includes the new "Set Site Security" tool, which is intended to be used for validating (and fixing, when selected) ACLs on the filesystem, registry and HTTP namespace permissions.

Therefore, ACL validations which were executed by the Config Editor has been removed. Within the Config Editor, you can access the "Set Site Security" utility from the Tools menu.

The iXperion Publication Server hostheader settings were not respected when displaying content in actions like 'Show Details', 'Open in New Window', 'Details', etc...

When using restrictive channel hostheaders, Smartlets would create wrong urls in methods like smartlet.getresource() and in Ajax callbacks.

The Preview channel dropdown now filters on subtrees

The Cms.GetDescendantByTitle() vipers (and Smartlet.GetResource()) ignored the current channel context and generated a link to the default channel.

The method translation.scope() is added. It can be used within translations to get the folder number a translation is scoped to.

Smartlet Ids are normally auto-generated. You can however pass a named argument 'id' to a Smartlet.

The TestSuite now has a debug option to visualize SXML in the site front-end.

Translation.SetNullResult() allows you to let a calling viper/translation decide to handle the returned null value using default=.

When incoming AIM relations exist in items below a folder that is deleted, these relations must not block deletion unless coming from outside the tree structure to be deleted.

Due to a bug in the .Net xml parser, sxml validation failed when the sxml ended with a ']'. A workaround has been implemented.

When the content/sxml validation fires and an validation error is found, sometimes two dialogs where shown, one of them being blank.

This has been fixed.

Also, content/sxml validation didn't take place when using Set Item State. This has been fixed as well.

The Jump action now also searches items by friendly url and facilitates browsing through multiple results.

The Smartsite.pdf.config configuration file is intended to be used to configure default settings/commands, which should be used when generating pdf.

While the hid=pdf functionality did use the settings from this configuration file, the se:pdfdocument macro did not. This has been fixed, so the configuration within Smartsite.pdf.config now also applies to pdf generated using the se:pdfdocument macro.

When using the se:transform macro to transform xhtml, and this xhtml contains a doctype definition, you get the exception:

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

The XmlReader used internally needs to be configured to allow for DTD processing. Therefore, two new properties have been added to the se:transform macro: AllowDTD and ResolveExternalReferences.

To be able to transform xhtml containing a doctype (e.g. xhtml1-strict.dtd) you need to set the AllowDTD property to true. At the same time, it is then recommended to set the property ResolveExternalReferences to false (it defaults to true), otherwise the presence of the doctype definition will cause the xml processor to contact the w3.org website to obtain the doctype(s).

In previous releases, Sendmail required the To address.

Sessions can now be disabled for a content type altogether by setting the CTFP "EnableSessions" to "false" on the Nr field of a content type. Sessions are enabled by default, except for the content types bin, img, ref and flt. Once disabled, sessions cannot be enabled for this content type by using the viper {sessions.enable()}.

When editing a file using the (cms manager) File Explorer, an Outscaling event is automatically generated to synchronize the file changes. This is needed for files such as properties meta (../system/propmeta.xml), but in some other cases you might not want the changes to be synchronized.

To facilitate this scenario, the implementation has been changed and no automatically generated Outscaling event to synchronize the file changes will be generated.

Instead, when the Outscaling configuration includes multiple (cms) server instances, a checkbox is displayed within the Edit File dialog, giving you control whether or not the changes should be synchronized. Just check the checkbox to synchronize the changes to all subscribers of the local server.

When the file being edited is a configuration file (e.g. smartsite.config, web.config), the checkbox will automatically be disabled.

When using CtfpShortcuts.js to directly link to the ContentType Field Properties dialog from a CMS editor, the BinaryData control's labels could not be doubleclicked.

The Response.SetExpires() vipers are now deprecated in favor of the Response.SetMaxAge() viper. Because they both serve the same purpose, we've standardized on the MaxAge which causes less confusion and time bugs. A bug in the caching mechanism was also fixed that caused http 304 replies to have no new MaxAge causing future requests to the same item to not use the client cache.

The DBTraceListener does include code to dynamically add non-existing LogCategories and/or LogTypes, however the implementation of this feature contained a bug.

Therefore, logging messages with a non-existing LogCategory and/or LogType failed. To be able to log such messages, you would need to manually add the non-existing LogCategory and/or LogType.

The implementation of the feature to dynamically add these missing LogCategories and/or LogTypes have been fixed, so you don't need to add them manually anymore.

The SendMail macro now has support for inline attachments which allows you to add attachments to mails directly from data stored in e.g. the database.

When using scope notes in the Keywords thesaurus, these notes were wrongfully selected into the tag cloud.

When passing settings key/value pairs to a behavior, the value is now tested for 'undefined'. If the value is 'undefined', it will not be passed into the Json string for the behavior. This way, the behavior can use the efficient and concise Object.extend() method to have the passed settings override default settings:

Object.extend({textColor: '#33b', caption: 'Weather'}, settings);

The TestSuite now has a separate option for suppressing client cache for static files.

When a trace message, which is already written to the log, contains a CDATA section, the XmlFileTraceListener fails to (re)initialize upon the next site restart.

This has to do with the fact that the XmlFileTraceListener, when initializing, needs to read the existing log (xml) file to determine the current entry-ID. When this xml file contains nested CDATA sections, which is invalid, initializing the XmlFileTraceListener fails and no trace messages will be written to the log file.

The XmlFileTraceListener now replaces CDATA sections within trace messages (with commented CDATA, so "<![CDATA[" is replaced with "<!--[CDATA[" and "]]>" is replaced with "]]-->") to prevent nested CDATA sections to appear within the log file.

Furthermore, when one of the trace listeners failed to process a trace message, the subsequent trace listeners (if any) were not callled to process the same trace message. This has been fixed as well.

When calls to translations were used inside expressions (thus without the Viper syntax outer '{' and '}' characters, these translations were not detected by the AIM scanner.

When downloading pdf files in IE, the no-cache no-store header is now automatically because Internet Explorer can't handle pdf files with no-cache no-store headers. The max-age is set to 1 second.

Two vipers have been added to the session viper module.

The session.isnewsession() viper just exposes the HttpContext.Current.Session.IsNewSession property.

This property returns true if the session is initiated (it's a new session) from the current request, otherwise false.

The session.isexpired() viper tests if the current session is expired. This is true if it's a new session but the ASP.NET SessionId cookie already exists. Notice that the session.isexpired() viper can only give a valid result within the first request after the session has been expired. Within this first request, a session variable may be set, and within the next request the IsNewSession property on the Session object will be false again.

Changes to records within the LocalizationCultures table fail to synchronize. This had to due with the fact that Outscaling didn't handle tables with a non-numeric primary key very well. However, this issue has already been addressed as part of the fixes required for another work item (1.2 release).

Notice that, to be able to synchronize changed records within the LocalizationCultures table, you need to create a datasource for this table on the (main) cms server instance. And when the table osDatasources haven't been configured to synchronize automatically, you also need to create the same datasource on the (cms) subscriber(s).

The image macro has new properties Title (html title attribute), AutoTitle (copy alttext to title if title has not been set) and UseFallbackImage (render alternative image if the given location is invalid)

Previously you were only able to specify a full connection string in the Smartsite.Logging.config file. Now you can also specify one of the database id's from the Smartsite.Data.config file.

When using the xml import wizard with the option to update existing items, updated items will be set to inactive/prepublished unless the (advanced) option 'Import As Active' has been selected.

Since this is usually not the desired result, the xml import wizard now automatically asks whether or not to switch on the 'Import As Active' option. Notice that this only applies when the import mode 'Update existing' or 'Update only' has been selected and the 'Import As Active' option hasn't been selected.

You can now execute sxml in the scope of another item by specifying the item location to use as translation scope.

When your operating system is Windows 2008, Windows 7 or Windows Vista, the System Information action within the cms manager displays "Unknown version". This has been fixed.

The paging macro required the id parameter. Now, it can be scoped using a localid.

You can now set the total count of a pagin macro using a viper, to account for scenarios where you want to calculate it on first use. After that, the totalcount is passed using the querystring.

Then calling e.g. viper:exec with the parameter "position()" or "true()", the type that is returned in sxml is now float resp. boolean. In previous versions of Smartsite the result was converted to a string before inserting it into sxml.

In previous versions sxml in xslt formatting was not resolved.To restore the old behaviour, you can set the compatibility setting "compatResolveSxmlInXsltFormatting" to false in the Smartsite.config file.

Because viper:exec calls are now xml decoded before executing the viper, you can now use &quot; to create quotes you may need to build your sxml statement. Because ' and " are already in use by the surrounding xml and viper:exec call, these are not available to use.

You can now access channel state to store channel-specific data at runtime.

You can now check whether your code is being executed within a cache macro, so you can conditionally run code against the cache, such as adding key dependencies.

Some viper methods, like sys.iif() and sys.eval(), execute their parameters themselves instead of having the parameters resolved before having them passed to the method. In these parameters, translations would not be detected by AIM.

The paging macro generated absolute links when calling extension Viper methods.

Even when specifying the translation.localscope prefix, the global version of a translation was selected if set to non-overridable.

The QueryPrefix parameter can be used to avoid collisions when using paging in Smartlets and translations when using the default scoped LocalId. Since the LocalId/Id property setting would automatically be used a a prefix for the data passed over the querystring, multiple paging macros would end up using the same querystring variables.

The TestSuite now allows you to choose between the IE 7 compat mode, IE 8 compat mode or force the IE 8 compat mode.

The string.eval() and sys.executesxml() viper methods have been deprecated. Use the equivalent sxml.execute() method.

The DateTimeUtil.ConvertWithTimeZone function, used e.g. within the se:feedreader macro, only recognized timze zone abbreviations which are part of RFC 822. Since sometimes other time zone abbreviations are used within RSS feeds, the internal list of recognized time zones have been expanded with all the time zones listed at http://www.timeanddate.com/library/abbreviations/timezones.

Notice that some time-zone abbreviations (such as "CDT", "EDT", etc.) can stand for two different UTC offsets (North America vs. Australia). In the internal list of time zones, the North American UTF offset values are used and not the values used in Australia.

To help resolve Active Directory issues, Smartsite.Security now includes extensive logging, which gives better insight in the process of getting an user from the Active Directory and determining the group membership of an user.

The LogCategory used is "Security", the logtype for most of the log entries is "Trace" and the log levels range from 1 to 7.

When the image server is enabled for an image that is stored in the cms database, url would be displayed as "?id=" followed by either the item number or item code.

Outscaling doesn't require initial entries within osDatasources anymore, since Outscaling now includes built-in Datasources for all standard Smartsite tables.

Only in rare occasions or when Outscaling need to synchronize one of your own custom tables, it is required to create an Outscaling Datasource.

The Sys.Thread Viper class was added.

When using Active Directory security on the front-end of your site, adding/editing a forum topic did fail.

This was due to the fact that the se:cmsupdate macro being used automatically tries to retrieve the user's username and password.

The solution is to specify fixed credentials (username and password parameters) within the internally used se:cmsupdate macro instances, within the SaveTopic() translation. However, these fixed credentials will then also be used when adding/editing any forum topic.

To fix this problem, the se:cmsupdate macro now passes the currently logged on user's username as hidden parameter (when fixed credentials has been specified as macro parameter), so any cms action is executed on behalf of this user.

See also the knowledge base article Forum Smartlet fails when using Active Directory security on the front-end.

Within Active Directory, each user is member of one primary group. This primary group is not returned when querying the Active Directory using "memberOf", so the primary group was never added to the user's list of groups.

Therefore, it was not possible to use the primary group (e.g. "Domain Users") as member of the configured Smartsite Access Group.

This has been fixed. The primary group is now retrieved as well and added to the user's list of groups.

The Scf macro can now work with original jQuery file names (jquery-major.minor.revision.min.js and jquery-major.minor.revision.js) and will automatically take the highest version available in /scf/jquery/ unless the jQueryLocation property is specified.

If the /scf/jquery/ folder changes, Scf will automatically use the latest version available in it.

You can now pass settings to the Scf client runtime. These will be available in scripting as jQuery.scf.settings.<yourSetting>.

When a config file changes, the TestSuite will ask whether to restart. Pressing 'Yes' would however sometimes make the current TestSuite instance crash.

TestSuite now restarts gracefully when configuration files or important ASP.NET files or folders are modified. Session data currently being edited will be restored automatically.

You can now pass username and password properties to retrieve protected feeds.

You can now make AIM generate soft links by using the new "ExternalSoftLink" or "ExternalAutonomousSoftLink" options.

On sites that use forms-based logins, the credentials (username and password properties) will not work, since the server will not return a 401 HTTP status to allow passing the network credentials. Instead, a 302 (Object moved) will occur, linking to the forms login page.

To get this scenario working in your app, you'll have to:

1) do get of the requested page. if you are not logged in, the response will be a redirect header (302 probably).

2) do a get of the response url which should be the login page

3) parse the login page html for the username and password fields

4) post the field values to the login page.

5) if valid, you should get another redirect response with a cookie to use on future get/puts, and the url of the original page you requested. if the site is cookieless, you will get a munged url of the orginally requested page.

6) with the login cookie or munged url, you can now get your original page.

You can now overrule the executionTimeout setting of the web.config using SXML for the current request, by using Request.SetTimeout().

With the introduction of host headers in the Smartsite.config file, support for editing host headers has also been added to the ConfigEditor.

This was due to the fact that both libraries were added with the same priority setting (10 - by the Scf macro).

Now, jQuery is set to priority 100 and jQuery.Scf is set to 50

When launching the TestSuite, it should detect whether it was started from the site bin folder. If so, it should launch the containing site. Until now, the Windows Current Directory was checked for this. Now, the running exe itself is used as a reference.

If not started from the Bin/ folder, TestSuite.exe would look for the /s commandline argument. If missing, it would then look at the Registry setting 'SiteFolder' in 'HKEY_CURRENT_USER\Software\Smartsite Software\Smartsite\Smartsite.TestSuite'. This is no longer the case.

There is however a new, friendlier way to start the TestSuite: the /n(ame) command line argument. The name of the site as installed in 'HKEY_LOCAL_MACHINE\SOFTWARE\Smartsite Software\Smartsite\Sites' can be used. Example: SmartsiteTestSuite.exe /n:emptysix

The Config Editor that comes with iXperion 1.2 contains a lot of new and changed validations, only applicable for sites running iXperion 1.2 or later.

Therefore, executing these validations or changing configuration values for sites running iXperion pre-1.2 version shouldn't be possible. That's why the Validate, Unlock and Restore Defaults buttons are now disabled when the selected site's bin folder contains a pre-1.2 version of Smartsite iXperion.

To validate and/or configure a pre-1.2 site, you should use the Config Editor that comes with the particular version of that site.

When you have a large and complex Active Direcotry, the Active Directory integration with Smartsite iXperion can lead to a degraded performance.

To improve the performance, once logged in Active Directory users are now internally cached.

When importing content using the option "Import as Active", the friendly name as specified within the xml is not taken over. This has been fixed.

The forward slash is used to split multiple Oracle sql statements. A parser bug prevented the forward slash from being used as a divide operator.

In previous releases, content relations had to have a column named "Nr". By specifying the CTFP "ExternalKeyField", you can now use a column with a different name in the content relation view.

When a contenttype field property (ctfp) contains CDATA sections, these CDATA sections needs to be escaped (because each ctfp value is already enclosed within a CDATA section when it is serialized to xml, and it is not allowed to nest CDATA sections).

But when importing the contenttype (using the wizard or the Paste button within Manage Contenttypes), the escaped CDATA sections were not replaced with their unescaped variants. This has been fixed.

When you want to manually synchronize a subscriber, e.g. when using an "OTAP" configuration/scenario, you need to set the synchronization mode of this subscriber to 'None' (which effectively disables automatic synchronization).

However, due to a bug within the Outscaling background component, events will still be assigned to a subscriber with synchronization mode set to 'None'.

This has been fixed within the next release, but in the meantime you can implement a workaround which will remove these events from the Outscaling event queue by adding the following trigger to the site's database:

CREATE TRIGGER [dbo].[TRG_OSEVENTQUEUESTATUS] ON [dbo].[osEventQueueStatus]

INSTEAD OF INSERT

AS

BEGIN

SET NOCOUNT ON;

DECLARE @nrServerInstance int;

SELECT @nrServerInstance=nrServerInstance FROM inserted;

DECLARE @syncMode int;

SELECT @syncMode=SyncMode FROM osServerInstances WHERE Nr=@nrServerInstance;

IF (@syncMode=1) BEGIN

INSERT INTO osEventQueueStatus (eventID, nrServerInstance, Status, ModDate)

SELECT eventID, nrServerInstance, Status, ModDate FROM inserted

END

END

To remove events assigned to subscribers with synchronization mode set to 'None' which are allready within the Outscaling event queue, run the following query:

delete from osEventQueueStatus

where nr in (select es.nr from osEventQueueStatus es

join osServerInstances si on es.nrServerInstance=si.nr

where si.SyncMode=0 )

Escaped ampersand(s) where replaced with unescaped variant(s) when field data was loaded from contentversions.

This was due to an unnecessary encoding step, which by default shouldn't take place on version data.

The web.config have been adjusted, and will now work on both IIS 6.0 and IIS 7.0.

This meant that only items that were accessible to groups which contained the user's current role were shown.

Affected macros and vipers include

• Parents
• Siblings
• SiteMap
• XLinks
• Security.ContentAccess.*

The TestSuite sometimes threw a NullReferenceException when validating a field.

You could not use the {request.query()} viper to read querystring parameters in a cms:region in an .aspx file.

Outscaling contains a mechanism to detect if any occurring error is due to the fact that a connection failure occurs.

When this is the case, the internal error count (on a specific server instance) is increased and when 5 subsequent connection failures have occurred, the server instance is taken offline for 10 minutes (to prevent keep sending messages to offline servers).

However, the detection of a connection failure didn't function anymore. This has been fixed.

Because the last modified date of the render template was ignored in determining the last modified date of an item, changes to the render template did not trigger cache updates.

A request to an image that was receiving image commands through both the querystring and sxml caused the request to the image to hang.

When running the UpdatePublication.exe, the web.config will automatically be updated to the new recommended configuration.

For IIS 6, the new recommended configuration is:

<httpHandlers>
      <add verb="*" path="*/*.net" type="Smartsite.AspNet.Bridge.Handler,Smartsite.AspNet.Bridge" />
      <add verb="*" path="/res/*" type="Smartsite.AspNet.Bridge.ResourceHandler,Smartsite.AspNet.Bridge" />
      <add verb="*" path="/res/*/*" type="Smartsite.AspNet.Bridge.ResourceHandler,Smartsite.AspNet.Bridge" />
    </httpHandlers>

For IIS 7, the new recommended configuration is:

<handlers>
   <add name="PubResourceHandler" path="/res/*" verb="*" type="Smartsite.AspNet.Bridge.ResourceHandler,Smartsite.AspNet.Bridge" preCondition=""/>
   <add name="net" path="*.net" verb="*" type="Smartsite.AspNet.Bridge.Handler,Smartsite.AspNet.Bridge" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv2.0"/>
   <add path="*/*.net" verb="*" type="Smartsite.AspNet.Bridge.Handler,Smartsite.AspNet.Bridge" name="Bridge" preCondition=""/>
</handlers>

The publication engine already had code to disable the so-called File Changes Monitor, which is responsible for causing an appdomain unload when a folder is deleted.

The http handler for the cms manager now also includes code to disable this File Changes Monitor.

Function DATALENGTH() has been added to Oracle to retrieve the byte length of a BLOB field.

The LDAP Gateway, which is used through COM-Interop when the cms manager has been configured to authenticate against Active Directory, did use Basic authentication by default.

This resulted in a limitation of the search requests that could be performed: you would need to specify the (full) distinguished name of an "OU" (or "cn=Users") and only users within the specified OU were found. Users within another OU (on the same level) couldn't be found.

This was actually a security issue, because a connection established using Basic authentication is limited to search operations on the specified root (the searchBase) only.

The LDAP gateway has been changed, and now automatically switches to Negotiate authentication when the specified username (connectionUsername attribute within the membership provider element) represents an userPrincipalName (username@domain).

This way, search operations are not limited to the root (=searchBase) specified but will also search for the specified user on any level within the domain hierarchy.

Also, the logon handler SixSecurity.LDAP have been changed and will now also use the userPrincipalName to validate the user's credentials.

The Active Directory membership provider had a built-in default for searchUserQuery: "cn=Users".

When the membership provider must query for an user, this searchUserQuery is used to create a new DirectoryEntry, which is then used to execute the search request. So, by default, the membership provider would only find users which are member of "cn=Users".

And although the default searchUserQuery can be overridden (on the membership provider element) with an alternative "OU", the provider should be able to search for an user on the "root" object (and any level within the domain hierarchy).

The Active Directory membership provider has been changed and doesn't specify a built-in default for searchUserQuery anymore.

Therefore, if you don't specify a searchUserQuery within the membership provider element, search operations for an user are executed on the "root" object.

When you do specify a searchUserQuery, then this searchUserQuery is used to create an DirectoryEntry object and that object is used to execute the search request. This means, if you specify a searchUserQuery, all the domain users which must have access to Smartsite must be a (nested) member of the specified "OU".

When your site is configured to use an Oracle database and when adding or editing an user or visitor within the cms manager, you got an type mismatch error when saving the changes.

Although the changes were persisted to the database, the type mismatch error is of course annoying and has been fixed.

With the recently added feature of caching the AD/LDAP user objects after a successful logon, a bug was introduced which resulted in user information (such as group membership and primarygroup) not being updated anymore once the user has been added to the database. This has been fixed.

Some dataeditor meta xml files have been adjusted to hide these superfluous relations.

The IISRestart tool which comes with iXperion 1.2 has been enhanced to support IIS 7.0.

However, this has introduced a dependency towards the Microsoft.Web.Administration assembly, which isn't available on Windows 2003.

This was causing the error messages for certain commands, and this has been fixed (by refactoring the code, so .NET doesn't try to load the IIS 7 specific assemblies).

Earlier installs used "simulation" and "ogone". Existing installations will nog be modified by the publication update.

Error message: Bytes to be written to the stream exceed the Content-Length bytes size specified.

Not due to the fact that the userroles configuration is faulty, but because when using an Oracle database the "select count(*)" queries do return an decimal (which can not be cast to an Int), whereas for an SQL database it would have been an Int.

This problem also occurred within the friendly names validator and has been fixed using an explicit Convert.ToInt32().

When the cms manager has been configured to use Windows integrated security (logonhandler set to SixSecurity.LDAP), content validation and previewing an item did fail, which resulted in being unable to save item(s). This has been fixed.

Files that are used within content items will have a corresponding entry (using the file's relative url) within external references.

When you try to delete a file using the File Explorer within the cms manager, the external references are checked against the relative url of the file.

If the external references contains an entry with the same url, than it means the file is in use and you will not be able to delete the file (the cms manager will display an error message that the file is in use).

However, sometimes it was possible to delete a file without warning, because under certain circumstances the relative url is/was stored with a leading forward slash within the external references, and the url being checked is without the leading forward slash.

The url check have been adjusted, and now checks the relative url with and without the leading forward slash.

When copying field data the repository components would apply only the write textfilters to a field, resulting in extra encoding. For example: & would become &amp; etc.

The task pane will check every 30 seconds if any task for the user has been updated. If so, the task pane will refresh.

If the search results contained items with <, > or & in the title, they would be displayed as &lt;, &gt; and &amp;.

When a switch macro was executed during AIM requests, all logic would be skipped, since 1.2. This is incorrect and has the previous code has been restored.

Due to a bug (unfortunately introduced within release 1.2), the Outscaling Synchronizer always reported "Illegal Url" when trying to synchronize a file to another server.

As a result, when a browsestartpage was configured for a specific hostheader, this configuration setting was lost when saving other changes.

When a content item was attached to a repository item, updating the item from the updated repository item could cause data loss in fields shown with the webEditor, when on secondary (not initially displayed) tabs.

Under circumstances, loading a previous version while using webEditor controls in secondary tabs in Edit Item, could cause data loss.