Vulnerability in EPiServer.Forms
When I edit an image and chose not to overwrite the original, EPiServer saves the file in a page file folder. Is there anyway to get EPiServer to save the file back in the same folder as the original?
I have never thought about this before I saw your post and it seems that you are right. I am not sure if this is by design or if it is a bug but the problem is that it is not consistent. If you open a picture from the file manager and choose edit you get the option to "Save as". The default (or only) option you get is to save the to where the original picture is located. These two scenarios should be handled the same way (preferable with an option that you can set as to how the default behavior should be.
I believe this is by design. If you don't want to replace the original (which is one option), edited images are saved in a page files folder, which will be created if it doesn't already exist. If you want the copy to be placed somewhere else (to be able to use it from other pages), you ned to manually move the image to the desired location. Links will be kept when the image is moved.
As far as I know this is by design. The idea is that if you edit images from the file manager it's like a standard desktop image editor. If you edit an image from a page that exists in a global images directory and save this as a copy the file will be considered as page specific and thus saved in the page directory. It is possible to configure a different location that is preselected for saving "page images" but I think that you need to specify that the preselected directory will look up the directory where the original file existed.
The reason for this behavior is that we do not want people to open and edit an image from a page and the changing the image not having in mind that this might affect a lot of other pages as well.
For EPiServer CMS 6 we have added support for the Tiny MCE editor and we have changed the behavior so that you need to first select an image and from there you can access the image editor. Here we have also changed so that the save behavior is the same as when opening the image editor from the file manager since it's much more clear where the image actually exists.
Okay, now I better understand why it works the way it does, and I also know that it´s possible to change the default configuration. Thanks for all your answers.