Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Santosh Achanta
Nov 22, 2012
  6369
(1 votes)

Issue with browsing files in browser having special characters in file name and fix

After upgrading one of our very old customer’s website from EPiServer 4.62 to CMS 6 R2, it was reported that documents with special characters in file name (for e.g. ‘S&R12.pdf’) throwing ‘System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (&).’ when they are being opened up in browser.

Fix for this is issue is to just add requestPathInvalidCharacters="" if you want to allow all special characters.

The above attribute must be added to the element <httpRuntime> in your website’s web.config so that it will look as follows:

<configuration>

    .

    .

    <system.web>

        .

        .

        <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />

        .

        .

    </system.web>

    .

    .

</configuration>

If you want to restrict certain special characters then make sure you specify them as requestPathInvalidCharacters="&lt;,&gt;,*,%,:,&amp;,\"

Nov 22, 2012

Comments

Nov 22, 2012 08:15 AM

See my blogpost for how to activate validation on filenames in the EPiServer filemanager. I think you don't have this setting since you have upgraded from an EPi 4 site.

http://world.episerver.com/Blogs/Per-Nergard/Dates/2011/6/Hot-to-add-validation-of-folder-names-in-CMS5-filemanager/

Santosh Achanta
Santosh Achanta Jan 17, 2013 10:15 PM

Hi Per, the settings illegalCharactersRegex and illegalCharactersDisplayString doesn't help me with this problem unless I have the setting I have specified in this blog. Also in EPiServer 7 the settings you mentioned are no more valid.

Please login to comment.
Latest blogs
Maximize performance by uploading your external data to Optimizely Graph

Learn to integrate external data into Optimizely Graph for improved performance, covering data preparation, synchronization, and effective querying.

Surjit Bharath | Dec 6, 2023 | Syndicated blog

Google Read Aloud Reload Problems

Inclusive web experiences greatly benefit from accessibility features such as Google Read Aloud. This tool, which converts text into speech, enable...

Luc Gosso (MVP) | Dec 4, 2023 | Syndicated blog

Google Read Aloud Reload Problems

Inclusive web experiences greatly benefit from accessibility features such as Google Read Aloud. This tool, which converts text into speech, enable...

Luc Gosso (MVP) | Dec 4, 2023 | Syndicated blog

Import Blobs and Databases to Integration Environments

In this blog, we are going to explore some new extensions to the Deployment API in DXP Cloud Services, specifically the ability to import databases...

Elias Lundmark | Dec 4, 2023