Vulnerability in EPiServer.Forms
We found that it is mediaflow's image plugin/add-on for CMS 11 that clashes with Episerver.UI.Core 11.37.0 and causes this.
I have created a vanilla CMS 11 project and can reproduce the problem there with a model containing a property of type ContentReference decorated with UIHint.Image, in combination with the Mediaflow image plugin package for CMS 11 that is available on the link above.
I have contacted Mediaflow Support and made them aware.
After updating an Episerver CMS project from 11.20.x to the latest CMS 11 minor version (11.37.1), all pages and blocks where the content type has a property (ContentReference) that is decorated with the UiHint.Image attribute no longer loads in All Properties view.
I'm getting this error in the epi.js:
After setting <clientResources debug="true" /> in the <episerver.framework> section in web.config (and closing the Versions gadget that gives a lot of noise in the debugger), I get this:
On-page edit kind of works, the content and the UI fields are displayed and I can drag an image into properties decorated with UiHint.Image in on-page edit mode, however when clicking in the field for the image I get this error:
lang.hitch: scope["_onButtonClick"] is null (scope="[Widget uniqName_178, uniqName_178_0]")
and I don't get any interaction, should there be a dialogue appearing there?
The updates to packages (done using nuget update):
The project is also using Geta.404Handler, and the update was applied there as well:
Has anyone else had this problem?