Vulnerability in EPiServer.Forms
Is it a bug or feature that when I select a Page that is a "Shortcut to page in EPiServer", the shortcut target and not the shortcut page is stored?
For example, I have a Page A and Page B. Page B is a shortcut to Page A.
For some debugging I check what the stored value for this property is and this is what I see:
<links><a href="~/link/c929c3974b4f4022b54beffd88e45a75.aspx">Page A</a><a href="~/link/c929c3974b4f4022b54beffd88e45a75.aspx">Page B</a></links>
This feels a bit weird that the link to the shortcut target is stored. Imagine that I change the shortcut target of Page B.This does not affect the link selected in the LinkCollection.
I agree, I've had customers complain about this in the past. IMHO this is a bug that should be fixed.
Thanks for the feedback. Unfortunately, this does not only affect link collections but rather all links in the system (html string, link properties). The reason for this is a nearly ancient design decition that it was better to resolve shortcuts early (when revolving URL:s on outgoing traffic) rather than on the fly for an incoming request. We have been talking for a long time about rewriting this and link handling in general to only have internal ("permanent") links, and public facing "friendly" links (today we actually have three diffrent link formats and do two layers of link conversions since we still support the pre-FURL format ("/templates/page.aspx?id=5).
To make a long explanation short: I hope that we can adress this and the duplicate URL-rewriting after we get the 7.5 release out of the building.
RegardsLinus EkströmEPiServer Development Team
Thank you Linus for the short version but I think I get it. Looking forward to 7.5