Vulnerability in EPiServer.Forms
I'm working with a website upgraded from EPiServer 7/7.1 to 7.5 and there's one thing that's getting quite annoying.
In the text, I will mention properties quite alot. I mean the .net properties with get and possible set. Not EPiServer Properties.
While saving and publishing some content, the ValidationService use some IValidate instances to check that everything is fine.
Here there is an implementation called ContentDataAnnotationsValidator that iterates through all properties on the ContentType model class to validate them.If there is some logic in the GET of a property, it is excecuted and can cause some errors that prevents the content from being saved or published.
I can't find any way to bypass this validation. Have I missed something or is this not possible?
I know having too much logic in a GET is not a good practise, but it would be nice if it was possible to tell EPiServer to not try and validate the properties instead of ensuring and adding guards to all properties or changing the properties into methods.
In the upcoming CMS8 version validation will skip properties decorated with Ignore attribute.