Vulnerability in EPiServer.Forms
Just wanted to verify that zip archives only are supported for protected modules. I tested with both protected and public modules (only difference is root folder placement and the tag value in module.config), and the Zip VPP only kicked in for the protected one. Is this the correct behavior or am I missing something?
This is correct. Zip provider by default is registered for protected modules. Actually for modules that take care of this by themselves. What you would need to do is to registed your module within VirtualPathProviders. Place this somewhere inside your module:
public class ModuleZipProviderInitializer : IVirtualPathProviderModule
public IEnumerable<VirtualPathProvider> CreateProviders(InitializationEngine context)
if (context.HostType != HostType.WebApplication)
return new List<VirtualPathProvider>
new ZipFileVirtualPathProvider(VirtualPathUtility.ToAppRelative(VirtualPathUtility.Combine(Paths.PublicRootPath, "YourModule")),
Thanks for confirming Valdis. I guess they did that for performance reasons.