Vulnerability in EPiServer.Forms
I have a route that looks like this:
name: "Product - Regular",
action = "index",
controller = "Product"
contentRootResolver: (s) => s.StartPage
As you can see I want it to route all pages localhost/category/productnumber/ to ProductController. This works, if I were to visit a product that exists. However, if I were to type in localhost/test/test (where test does not exist as a category) it automatically routes to the StartController instead. I obviously don't want this behaviour, instead I would like it to show a 404 page since that would most likely be the case.
I've solved this in a hacky manner for now, by in the StartController adding a parameter string category, and if category is not null or empty I will return a 404 page (this means that the route is triggered, but it routed to the StartController instead of ProductController):
public ActionResult Index(StartPage currentPage, string category = "")
What ProductController looks like?
Oh, obviously. I mixed it up with StartController and thought I already had it.
public class ProductController : PageControllerBase<ProductPage>
public ActionResult Index(ProductPage currentPage, string category, string productnumber)
Where PageControllerBase derives from PageController<T> where T : SitePageData