Vulnerability in EPiServer.Forms
I'm trying to exclude som file types from beiing added in the file manager with out any success.
I have tried to add the "llegalCharactersRegex" attribute with an extension of the default regex to the
<add showInFileManager="true" virtualName="Global Files" virtualPath="~/Global/" bypassAccessCheck="false" indexingServiceCatalog="Web" physicalPath="...\Global" customFileSummary="~/FileSummary.config" name="SiteGlobalFiles" type="EPiServer.Web.Hosting.VirtualPathVersioningProvider,EPiServer" />
But this did no have any effect. But is this the right element to put the illegalCharactersRegex attribute?
The illegalCharactersRegex attribute should be placed on the <virtualpath> element, not the <add> subelement.
I.e. should look like this:
<virtualPath illegalCharactersREgex="yourRegexHere" customFileSummary="~/FileSummary.config">
<add showInFileManager="true" virtualName="Global Files" virtualPath="~/Global/" etc etc />
More information on restricting file types in file manager can be found at http://world.episerver.com/Blogs/Al-Higgs/Dates/2012/11/Restricting-the-file-types/