Vulnerability in EPiServer.Forms
We're working with CMS 12.22.3 currently.
I realized that when I create a block directly in the content area, this block is immediately published. The blocks we use do sometimes have other blocks as properties, which in turn contain required properties (that are not shown in the UI, probably because they're inside "nested" blocks).
So, the question is, can I disable this behaviour? Or rather, how can I disable this behaviour, because disable it I must somehow.
I hope the answer is not "this is not possible", that would be disappointing ...
Sorry to hear that but my answer is: No, in the meaning of official functionality (autoPublish always set to true without any customizable).
The reason to do that is simplify process for editor, because the block will created as local asset (under For This Page / Block folders) so many editors complains - very hard to find those ones.
But nothing is impossible please contact our support team (fire an support case) then we can help you more detail.
Hi Ha Bui,
first, thanks for the answer.
I will contact support. However, about three weeks before go-live I will most definitely not upgrade the CMS-version because it's too risky. Looks like we need to disable the validation for the time being.
Please consider in the future to make such features Opt-In/Opt-out, because "many Editors" is not "all editors", and in our case the editors explicitely do want the "old" behaviour.
Thank Frank for your understanding and your very good suggestion! Yes we have a policy here about op-in/out feature considering whenever develop a new one.
But to be fair, this one isn't new (at-least from 2016).
Could you please put your support case number here then I can prioritise it.
Thank you again!
thanks a lot. I raised a support case, don't know if I filled out all the fields correctly. The ID is #1280234.
Thanks a lot,
Thank Frank, I can see the ticket is in our first line support stage, will be hand on this soon and keep you update to date with the status as well as the solution.
Hi again Frank,
The ticket was sent back to our supports to double check / verify before give you a final answer with solution was added.
Many thanks for your patient!