Vulnerability in EPiServer.Forms
(I have tried to capture relevant keywords in the subject field of this "Problem and bug" post).
Today I found out something funny in EPiServer 4.62. I create EPi-pages automatically based on input from another system.
The datetime properties on the pages was created like this:
DateTime? date = new DateTime(2099,1,1);//the date is actually passed in from another system EPiServer.Core.Property prop = new EPiServer.Core.PropertyDate(date.Value);
dates above 06.06.2076 created an OutOfRangePropertyValueExcpetion exception when the date wasa passed into the constructor of PropertyDate.But changing the code to
DateTime? date = new DateTime(2099,1,1);//the date is actually passed in from another system EPiServer.Core.Property prop = new EPiServer.Core.PropertyDate(); prop.Value = date.Value;
Everything worked fine!
EPiServer.Core.PropertyDate.MaxValue==new DateTime(2076,6,6). But why is there an upper limit if it is ok to give the PropertyDate an value greater then this, but only if it is assigned through the Value property and not through the constructor.
So my question is: What is the idea behind the MaxValue on PropertyDate in EPiServer?
Since we used SMALLDATETIME in the database we had a limit of storing values ranging from January 1, 1900, through June 6, 2079. Those types has been changed to DATETIME in the database so the values should change to January 1, 1753, through December 31, 9999. I have reported a bug to change Max/Min in R2, at the same time we will look into why the value is not validated when passed into .Value because it should.