Vulnerability in EPiServer.Forms
Has anyone succeeded or tried catching the "Shortcut type - Shortcut to other content item" event and modify where the redirect is going. Say that the shurtcut is set to Page A in EPi but I want to catch the redirect when its happening and redirect to page B instead. I tried "ContentRoute/RoutingContent/RoutedContent" without any success. Is this even possible to do?
Try to identify which route is doing magic in System.Web.Routing.RouteTable.Routes, use some decompiler to find it in Episerver dlls, and replace it on init with your own implementation.
Let us know how it went, even supply some code here.
Thanks for youre answer. I been looking in to this(better late then never) to see whats going on and there are some things in the EPi-Server MVC pipeline that I cant figure out.
When the request reaches the IRouteHandler and the GetRoutedData method is called the requestContext already contains the shurtcut reference and not the orginal reference ID. The requestContext.GetOriginalRoutedLink() in the GetRoutedData method is supposed to give me the "ordinary" routed reference if it is a a partial router or a page with shortcut but it is always null. The IViewContentRetriever method GetPage has logic for handling shortcut but the requestContext is ofcourse wrong since that happens after the IRouteHandler has done its magic. There must be something happening before the IRouteHandler that changes the requestContext and loads the correct IRouteHandler from the RouteTable but I cant see where this is happening and how to do a custom implementation.
Maybe someone with insight in the EPi Mvc pipeline can give me some pointers and tell me what I am missing. :)