Vulnerability in EPiServer.Forms
We have implementation that should use SEO URLs for Catalog content everywhere they are referenced on the site, for example on the top navigation. However, recently all those links switched to hierarchical URLs. Client claims they were seeing SEO URLs previously in all those places and a recent deployment caused this change. We reverted this deployment on local and still see hierarchical URLs only.
Please advice on what could possibly cause this change and how we can fix it.
How do you register HierarchicalCatalogPartialRouter ?
This is our code :
var commerceRootContent = contentLoader.Get<EPiServer.Commerce.Catalog.ContentTypes.CatalogContentBase>(referenceConverter.GetRootLink());var hierarchicalCatalogPartialRouter = new HierarchicalCatalogPartialRouter(() => SiteDefinition.Current.StartPage, commerceRootContent, true);RouteTable.Routes.RegisterPartialRouter(hierarchicalCatalogPartialRouter);
Any insight here?
It looks correct. However I'd suggest to use Find all references feature in Visual Studio to check you are not using it anywhere else
Checked. This is the only reference :
To add more context, the SEO URL is also working, but the catalog content, epecially categories in top nav of the site, initially showed SEO URL when you hover over the link or click on it. Now they show the heirarchical URL instead. We are trying to identify what could have caused this switch.
Also search for CatalogRouteHelper - it might call MapDefaultHierarchialRouter which uses HierarchicalCatalogPartialRouter under the hood
We are not calling CatalogRouteHelper anywhere in the solution :
Hi Quan, would you please review the above and advise on next steps forward?
So nothing obvious from the code. I haven't used it myself but I believe you can use https://github.com/episerver/DeveloperTools to see which routers have been registered. With a bit of custom code and debugging you might be able to look into the setting used for HierarchicalCatalogPartialRouter. This goes far out of scope for a forum post and you might need to contact developer support services for further assistance
I got the Developer tools and when I lookup the route related to my category page, it highlighted this :
Can you help me understand what this means? Or you think I should open a support ticket?
Hi Quan, is there any further information you can provide on Ritu's findings above? Please confirm at your earliest conveneince.
Good morning Quan, can we expect an update on this today 10/15? Please confirm.
Hi, unfortunately no, can't spot anything from the screenshot. It's not clear to me if that is all of the routers you have. As I said you might want to contact developer support service for further assistance.
@John: It might be good to know this is a "community" forum and you are not guaranteed help - it's the support service for. Even though I'm an Episerver employee and I try my best to help, posting in this forum is voluntary and it will be of lower priority if I have other works coming my way.
I reached out to Epi support and when I shared code snippets there to get feedback, they routed me back to Forums. I'm hoping you can shed some light here. This is what I shared with Support :
Since the default enableSEOOutgoingURL = true and CatalogRouteHelper.SetupSeoUriPermanentRedirect() approach does not work for me, I finally decided to take the approach that was recommended to switch from SEO to Hierarchical URL, by registering the RoutedContent event. And started putting some logic from RedirectToSeoUri here for troubleshooting. What I noticed was this :
My page hierarchical url : http://localhost/products/Curriculum
SEO URL : http://localhost/Curriculum
When I debug the highlighted code bit from RedirectToSeoUri() below :
ISearchEngineInformation engineInformation = routedObject as ISearchEngineInformation;
if (engineInformation != null)
str = engineInformation.SeoUri;
if (e.RoutingSegmentContext.ContextMode != ContextMode.Default || routedObject == null || string.IsNullOrEmpty(str))
VirtualPathData virtualPath = this._urlResolver.GetVirtualPath(routedObject.ContentLink, routingSegmentContext.ContentLanguage, routingSegmentContext.RouteData.Values, (System.Web.Routing.RequestContext) null);
string url = virtualPath.GetUrl();
if (virtualPath == null || HttpContext.Current != null && HttpContext.Current.Request.Url.AbsolutePath.Equals(VirtualPathUtility.ToAbsolute(url), StringComparison.OrdinalIgnoreCase))
I see both HttpContext.Current.Request.Url and url point to my hierarchical page url, and thus simply return after this if condition and don’t actually do this :
Which explains why the out of the box seo url approach is not working. I want to understand why this is the case? Was this a bug in this version of Episerver.Commerce? This is version 12.15.0. Or is there something wrong on our end which we are missing?
After this, I skipped the above and finally came up with this logic on the RoutedContent event that I registered :
private static void Routed_SeoUri(object sender, RoutingEventArgs e)
var context = e.RoutingSegmentContext;
//RoutedObject is supposed to not be null here
if (!(context.RoutedObject is CatalogContentBase))
var urlResolver = ServiceLocator.Current.GetInstance<UrlResolver>();
string seoUrl = "";
ISearchEngineInformation engineInformation = context.RoutedObject as ISearchEngineInformation;
if (engineInformation != null)
seoUrl = engineInformation.SeoUri;
var BasePathRoot = ContentReference.IsNullOrEmpty((ContentReference)ContentReference.StartPage) ?
(ContentReference)ContentReference.RootPage : (ContentReference)ContentReference.StartPage;
var baseURL = urlResolver.GetUrl(BasePathRoot);
var finalurl = baseURL + seoUrl;
//add qs if any
var qs = context.RequestUrl.ToString().Split('?');
finalurl = finalurl + "?" + qs;
//check for original request type and form parameters
var originalMethod = HttpContext.Current.Request.RequestType;
This works, but 1.) there seems to be a performance impact on every page load and 2.) this feels like a dirty fix for something that should work out of the box. Please review and provide feedback on the following :
I really need some expert guidance on above. Can you please review it once and let me know your thoughts?
Hey Ritu and John,
As Quan previously answered, it is best if you contact Episerver Support (email@example.com) for the issues you are facing.