Vulnerability in EPiServer.Forms
We have a multilanguage environment (english 'en' and dutch 'nl') where dutch is our default language and english our fallback language (yes i know that sounds a bit strange but we have our reasons).
We do the following steps:
We can now browse to '/en/SomePage' and '/nl/SomePage' and get the page in the correct language, no problems here yet.
Now we do the following:
We can now browse to '/en/SomePage' and '/en/SomeOtherPage' for english language. We can also browse to '/nl/SomePage' and '/nl/SomeOtherPage'. All the pages load correctly with the correct language, however we did not expect that the pageUrl's marked with an underline would be loaded. We don't know if this is expected behaviour, but it seems a bit strange you can browse to a page that is not visible in the CMS.
It's not an issue for us, but we just wanted to share this in case it might be something unwanted/unexpected. Greetings.
This behavior has been the same since the first implementation of friendly URLs that was released quite many years ago. We have gotten some feedback about this lately though, so we decided to report a bug for this to see if it's possible to be more restrictive regarding what URL:s we allow to route to a page. This does not necessary mean that we will do the change but as least that we will investigate it and do the change if possible.
RegardsLinus EkströmEPiServer Development Team