Vulnerability in EPiServer.Forms
I have tried searching for a solutions to my problem, but didn't really find anything relevant, so please forgive me if this has already been asked (and answered).
I have an XForm on a page, with a couple of fields. One of them is a dropdown menu, where the value of each item indicates where to send the generated email after submission.
In code behind I generate an email message (in an event handler attached to the XFormControl.BeforeSubmitPostedData event) containing the heading (not the name) and the value of each field, using e.FormData.GetValues().
My problem is that this works great for all fields, except for the dropdown menu. In this case it returns a comma separated list of the values of all the items in the dropdown menu, which means I have no idea which item was actually selected.
Has anyone ever had this problem before, and possibly a solution?
Have you found a solution to your problem? I tried to reproduce the problem but it works fine for me. The logic in GetValues() is pretty simple if you want to dig deeper yourself:
NameValueCollection values = new NameValueCollection();
foreach (XmlNode node in Data.DocumentElement.ChildNodes)
RegardsLinus EkströmEPiServer Development Team
Thank you for your reply!
I think I have a solution.
I've done some further testing. It seems that if two or more items in the dropdown menu have the same value, and I select either of those and then submit the form, the value of the field is all the identical values concatenated into the same string with a comma separating them.
Realizing this, I can just split on "," and take the first value, ignoring the rest.
It would be nice if I could mark my own replies as an answer :)
Thanks for the additional info and I'm glad that you found a work around. I have filed this as a bug since I don't think that this behaviour is desired.