Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Santosh Achanta
Nov 22, 2012
  6362
(1 votes)

Issue with browsing files in browser having special characters in file name and fix

After upgrading one of our very old customer’s website from EPiServer 4.62 to CMS 6 R2, it was reported that documents with special characters in file name (for e.g. ‘S&R12.pdf’) throwing ‘System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (&).’ when they are being opened up in browser.

Fix for this is issue is to just add requestPathInvalidCharacters="" if you want to allow all special characters.

The above attribute must be added to the element <httpRuntime> in your website’s web.config so that it will look as follows:

<configuration>

    .

    .

    <system.web>

        .

        .

        <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />

        .

        .

    </system.web>

    .

    .

</configuration>

If you want to restrict certain special characters then make sure you specify them as requestPathInvalidCharacters="&lt;,&gt;,*,%,:,&amp;,\"

Nov 22, 2012

Comments

Nov 22, 2012 08:15 AM

See my blogpost for how to activate validation on filenames in the EPiServer filemanager. I think you don't have this setting since you have upgraded from an EPi 4 site.

http://world.episerver.com/Blogs/Per-Nergard/Dates/2011/6/Hot-to-add-validation-of-folder-names-in-CMS5-filemanager/

Santosh Achanta
Santosh Achanta Jan 17, 2013 10:15 PM

Hi Per, the settings illegalCharactersRegex and illegalCharactersDisplayString doesn't help me with this problem unless I have the setting I have specified in this blog. Also in EPiServer 7 the settings you mentioned are no more valid.

Please login to comment.
Latest blogs
Join the Work Smarter Webinar: Working with the Power of Configured Commerce (B2B) Customer Segmentation December 7th

Join this webinar and learn about customer segmentation – how to best utilize it, how to use personalization to differentiate segmentation and how...

Karen McDougall | Dec 1, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Creating Content Pages

The blog post discusses the creation of additional page types with Next.js and Optimizely SaaS Core. It provides a step-by-step guide on how to...

Francisco Quintanilla | Dec 1, 2023 | Syndicated blog

Stop Managing Humans in Your CMS

Too many times, a content management system becomes a people management system. Meaning, an organization uses the CMS to manage all the information...

Deane Barker | Nov 30, 2023

A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023

A day in the life of an Optimizely Developer - OptiUKNorth Meetup January 2024

It's time for another UK North Optimizely meet up! After the success of the last one, Ibrar Hussain (26) and Paul Gruffydd (Kin + Carta) will be...

Graham Carr | Nov 28, 2023

Publish content to Optimizely CMS using a custom GPT from OpenAI 🤖

Do you find the traditional editor interface complicated and cluttered? Would you like an editorial AI assistant you can chat with? You can!

Tomas Hensrud Gulla | Nov 28, 2023 | Syndicated blog