Vulnerability in EPiServer.Forms
Tested in v10.9.1 - v220.127.116.11
When using an IUrlResolver interface abstraction, making a call to GetUrl(IContentReference) or GetUrl(IContent) results in a NullReferenceException.
Having inspected the stack trace and the EPiServer dll's in Reflector, these calls invoke the extension methods within UrlResolverExtensions, ultimately executing the explicit interface implementation on UrlResolver with a null value for the parameter urlResolverArguments:
IUrlResolver.GetUrl(ContentReference contentLink, string language, UrlResolverArguments urlResolverArguments)
Which in turn calls the overload:
GetUrl(ContentReference contentLink, string language, VirtualPathArguments virtualPathArguments)
However when IUrlResolver.GetUrl implementation constructs a VirtualPathArguments object, passing a null value to the constructor, results in a NullReferenceException.
Steps to replicate:
Thanks for reporting and for the detailed explination. I have reported a bug with id CMS-9578 for it
Mr Myers, cannot reproduce in EPiServer.CMS 11.5.0 not sure if the issue has been resolved. Starting to wonder if it's something to do with your base build, maybe in the area where absolute url's are forced.If you can still reproduce with latest EPiServer I think the problem could live elswhere.
Edit: Never mind - it was marked resolved in EPiServer.CMS.Core 11.3.3 in https://world.episerver.com/support/Bug-list/bug/CMS-9578