Vulnerability in EPiServer.Forms
Does anyone know if it's possible in the XForm processing to add a new field in to be handled via any actions. E.g. we have the method
public virtual ActionResult XFormSuccess(XFormPostedData xFormPostedData)
Which is used to do some custom process. But I want to add a value that needs to be saved coming from a property set on the block that the form is housed in. The property looks up some other data for Marketo that needs to be handled by the form actions.
It's fine I managed to reverse engineer it all in ILSpy and overrode the ProcessXFormAction in our custom version of the XFormPageUnknownActionHandler. I was able to directly modify the XML data and this is pushed through to the marketo connetor as I wanted :-)