Vulnerability in EPiServer.Forms
We are using Solr as the search index, so we are using a modified version of the SolrSearchProvider. This seems to work just fine. However, I have a problem with the data that EPiServer sends to the SolrSearchProvider for indexing.
The Index method of the SolrSearchProvider is called with an ISearchDocument instance containing all data that should be indexed. As far as I can see, all values from the metafields are included in this ISearchDocument with lowercase values. Thats not going to work for us, since we need to store some of the values cases sensitive in the index. The indexed values should be lowercase but the stored values should be case sensitive. Solr can handle this for us, if I can just send data in the same case as it is stored in the Commerce database.
How do I change how the contents of the ISearchDocument?
We have the exact same problem.
Have you found a solution to this?
Yes, I have fixed this problem.
You have to implement your own custom IndexBuilder and update the Mediachase.Search.Config file to use your own IndexBuilder when indexing data. I think this is documented somewhere, but this is the easy part.
You can derive your class from Mediachase.Search.Extensions.BaseCatalogIndexBuilder, which will give you a good starting point.
The hard part is, that the documentation for the IndexBuilder is non-existent, or at least i was unable to find any docunmentation. Besides the "ToLower()" call is burried deep inside the method: AddMetaField(SearchDocument doc, MetaField metaField, Hashtable metaObject). I ended up using ReSharper to get some inspiration from the EPiServer implementation, and then write my own implementation of this and other methods.