Vulnerability in EPiServer.Forms
We are configuring a new shipping method and can see we need to implement a two methods which are SaveChanges and LoadObject. We are wondering where and when these two methods get called? Everything in the documentation is clear apart from this.
Which interface are you implementing? I don't recognize those methods are required
My colleague notified me about this https://world.episerver.com/documentation/developer-guides/commerce/shipping/Shipping-methods/, so I assume you are implementing ConfigureShippingMethod.ascx which needs IGatewayControl. LoadObject is called when Commerce Manager loads your shipping method, and SaveChanges is called when someone click Save (your shipping method). each will be called with an object (which is actually the ShippingMethodDto), so you can store that ShippingMethodDto as an instance field for later use.
I also though the load object method would be called when loading shipping methods in the commerce manager I also thought the savechanges method would fire when saving a shipping method or updating a shipping method. But they do not. I have attached to the IIS process and set a break point against both methods which do not get hit.
Have you had a chance to look into this one? The load method does not get hit on load. The save method does not get hit on saving a new shipping method. The only way we can see to add a new row to the shipping method table is by sending Episerver a script to insert it into the DB.
I'd imagine the ConfigureShippingMethods.ascx has been added to the wrong location in the solution maybe, and thats why its not being found and used in your example.
You've probably already done so, but I'd suggest going through the steps under the section "Adding a configuration tab", here:
These two steps are especially important:
I had the same teething issues when setting up a custom provider previously.
Hope it helps!