Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Richly Chheuy
Aug 25, 2015
  3189
(4 votes)

PayPalPayment Serialization for Sending Email Through Commerce Template Service

This may be helpful for developers who are looking to serialize the PayPalPayment class - which stores information such as the PayPal token and order number - using Mediachase.Commerce.Engine.Template.Providers.XslTemplateProvider. We received such a question in Developer Support, so I wanted to share one solution provided by our Commerce product team.

General steps

  • Create your own TemplateProvider that inherits from XslTemplateProvider
  • Add a settable property that takes a Type array
  • Override the Process method (see current source code below) and make sure that the line instantiating the XmlSerializer
  •                
     XmlSerializer serializer = new XmlSerializer(contextObject.GetType());


  • Instead uses the constructor that takes a type array as the second parameter (this will be the extended types – PayPalPayment in this case)
  • Before calling into the Process method (from the TemplateService.Process call), make sure that the new type array property has been set (the template provider can be accessed thru “new TemplateSevice().Provider…” since the backing variable is static)
  • Update configuration file to use your custom TemplateProcessor

Code Example

        

public override string Process(string template, CultureInfo culture, System.Collections.IDictionary context)

        {

            // 1. Serialize all context variables into XML           

            MemoryStream stream = new MemoryStream();

 

            // Start creating xml document

            XmlWriterSettings xmlFileSettings = new XmlWriterSettings();

            xmlFileSettings.Indent = true;

            XmlWriter exportWriter = XmlWriter.Create(stream, xmlFileSettings);

 

            // Start the Xml Document

            exportWriter.WriteStartDocument();

 

            exportWriter.WriteStartElement("ContextDoc", "");

 

           // Cycle through dictionary

 

            foreach (string key in context.Keys)

            {

                object contextObject = context[key];

                XmlSerializer serializer = new XmlSerializer(contextObject.GetType());

                serializer.Serialize(exportWriter, contextObject);

            }

 

            exportWriter.WriteEndElement(); // End of ContextDoc

            exportWriter.WriteEndDocument();

            exportWriter.Close(); // Close the XmlWriter Stream

 

            stream.Position = 0;

 

            // 2. Locate XSL Template

            XslCompiledTransform xslt = new XslCompiledTransform();

 

            string path = String.Format(TemplateSource, culture.Name, template);

            string specificPath = String.Empty;

            // Check default path if language specific one doesn't exist

            if (!File.Exists(path))

            {

                specificPath = path;

                path = String.Format(TemplateSource, "Default", template);

            }

 

            // Generate exception if path doesn't exist

            if (!File.Exists(path))

            {

                throw new ProviderException(String.Format("The template was not found at the default path \"{0}\" nor at the specific path \"{1}\". Please either modify settings in web.config for XSL Provider or create an xsl template in the path specified.", path, specificPath));

            }

 

            // Load otherwise

            xslt.Load(path);

 

            // 3. Transform Content

            stream.Position = 0;

            XPathDocument pathDoc = new XPathDocument(stream);

            MemoryStream outputStream = new MemoryStream();

            StringWriter writer = new StringWriter();

            xslt.Transform(pathDoc, null, writer);

 

            // Return contents

            return writer.ToString();

        }

Aug 25, 2015

Comments

Richly Chheuy
Richly Chheuy Aug 25, 2015 11:06 PM

Noting based on feedback from a partner developer that you may run into a potential null issue. Workaround is to call TemplateService.Process first before setting the new TemplateService().Provider.

Please login to comment.
Latest blogs
Google Read Aloud Reload Problems

Inclusive web experiences greatly benefit from accessibility features such as Google Read Aloud. This tool, which converts text into speech, enable...

Luc Gosso (MVP) | Dec 4, 2023 | Syndicated blog

Google Read Aloud Reload Problems

Inclusive web experiences greatly benefit from accessibility features such as Google Read Aloud. This tool, which converts text into speech, enable...

Luc Gosso (MVP) | Dec 4, 2023 | Syndicated blog

Import Blobs and Databases to Integration Environments

In this blog, we are going to explore some new extensions to the Deployment API in DXP Cloud Services, specifically the ability to import databases...

Elias Lundmark | Dec 4, 2023

Join the Work Smarter Webinar: Working with the Power of Configured Commerce (B2B) Customer Segmentation December 7th

Join this webinar and learn about customer segmentation – how to best utilize it, how to use personalization to differentiate segmentation and how...

Karen McDougall | Dec 1, 2023