Vulnerability in EPiServer.Forms
The site supports multiple languages, with each language corresponding to specific roles. This setup ensures that users belonging to, for example, 'en-GB' can only create pages in that language.
The issue arises when an user copies a page, as the newly created one is generated in languages for which the user does not have access rights. It appears that the copying process does not respect the language-based security settings.
Hi Huy Le,
I am not sure of your question here, however I believe what you are telling us is that the copy functionality does not respect the current users language.
Would that be correct?
One option would be to leverage this Extended Content Copy add-on:
Doesn't look like it's been updated to CMS 12, but the code is here: https://github.com/gregwiechec/extended-content-copy
Another approach would be to customize the behavior on copy -- old code example here: https://world.optimizely.com/forum/developer-forum/CMS/Thread-Container/2016/12/copied-page-automatically-published/
Huy Le is one of our colleagues in support team. He probably wanted to write a blog post to explain the situation, than ask a question :)