Vulnerability in EPiServer.Forms
We have a page where we load content dynamically from an external source loaded depending on the parameters in the query string (not search results). We need to deal with additional logic in some cases that can't be managed using just an alternative view, they are dependent on the actual parameters, so we need to be able to preserve them in edit mode. How would we be able to do that? I'm currently trying to use the LinKURL with additional queryparameter which, while taking me to the correctly parameterised page, does not provide me access to edit mode.
Package EPiServer.CMS.UI 10.6.0 includes a fix so custom url parts (like action, querystring, fragment) can be set and seen through the link dialog. http://world.episerver.com/documentation/Release-Notes/?versionFilter=10.6.0&packageFilter=EPiServer.CMS.UI&typeFilter=All
I'm on 10.7, and I have a feeling that whatever the fix was in 10.6, doesn't apply in my situation - it's not that I need to create a page, or link to a page through the CMS system - I need to conditionally be able to add elements to a page that is composed largely through query parameters. For the sake of simplicity, lets imagine there's a bunch of products that may or may not have a customized page. When you browse to that product's page, if you're in CMS mode, we want to add a button that claims the product. This will then create an actual content page. However, when I use standard links to go to the product page, the PageEditing.IsInEditMode is false. When I use special edit mode links, I can't get the query parameter to pass along in the link I generate for accessing the product page.
Effectively, what I'm doing when generating links is this:
// Model.ProductPage is the template page for all products. Individual product items have a ContentReference to a CustomizedProductPage.
var editUri = PageEditing.GetEditUrl(Model.ProductPage.ContentLink);
var url = UriSupport.AddQueryString(editUri, "productCode", item.Code);
While this gives me the URL in EPI style such as http://localhost:50246/episerver/CMS/#context=epi.cms.contentdata:///15?productCode=PKASDAS87123 and allows me to edit the content on the resulting page, there are no parameters passed to the action. So When I use the following kind of generation instead:
var editUrl = UriSupport.AddQueryString(Model.ProductPage.LinkURL, "productCode", item.Code);
I get URL's in style of http://localhost:50246/link/5292535d9baf4e5ba4985b20b4b1d8b7.aspx?epslanguage=en&productCode=PKASDAS87123
I will probably have to use a different method for creating links - what should I use to ensure that I can get to the page that allows access to edit mode AND query parameters at the same time?
I'm not sure if I'm explaining right, maybe there's a better way of doing what I want to do (have products, but be able to customize specific product's display pages using CMS, may have multiple pages apply to one product, and not be required to create the page first before picking).