Vulnerability in EPiServer.Forms
We are using custom promotions and we get promotion data by using the code below,
var promotions = promotionEngine.Evaluate(contentLink, currentMarket.GetCurrentMarket(), Currency.USD, RequestFulfillmentStatus.PartiallyFulfilled);
In evaluate method, we have customized as follows,
protected override RewardDescription Evaluate(EntryPromotion promotionData, PromotionProcessorContext context)
var lineItems = GetLineItems(context.OrderForm);
var condition = promotionData.Condition;
var applicableCodes = targetEvaluator.GetApplicableCodes(lineItems, condition.Targets, condition.MatchRecursive);
//// filter the lineitems based on the required quantity(line item qty should be equal or greater than required quantity).
var filteredLineItems = GetFilteredLineItems(lineItems, condition.RequiredQuantity);
//// filter the applicable codes based on the filtered lineitems.
var filteredApplicableCodes = GetFilteredApplicableCodes(applicableCodes, filteredLineItems);
//// this condition is especially to evaluate variation(to get applicable promotions for variation).
if (applicableCodes.NotNullOrEmpty() && filteredApplicableCodes.IsNullOrEmpty())
var fulfillmentStatus = fulfillmentEvaluator.GetStatusForBuyQuantityPromotion(
GetRedemptions(filteredApplicableCodes, promotionData, context, lineItems),
Its working fine. But, we need promotion based on usergroup.Is there any way to inject metafield into virtually created cart.Kindly help.
I may be misunderstanding your requirements but, if you're looking to target a promotion to a specific set of users, you can set up a campaign for the targetted promotions and target that campaign using a visitor group. That way you can do the targetting without any need for code changes/deployments.
Agree with Paul, that would be the recommended way to go. Create a visitor group that maps to an user group and then target that VG in your campaign.
The drawback of using VG is it will not work with non Http context scenarios
Thanks for the Reply.
Is there any API to add the custom field to the virtually creating Cart while retrieving promotions. We used the below code to retrieve promotions.