Vulnerability in EPiServer.Forms
This has previously been discussed in the thread: http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=54009However, the problem is on-going for us and would like to bring the issue up again to see if others have experienced it; and whether there is a known solution.We have [mostly] successfully upgraded 7 sites from CMS6 to CMS6R2. The exception is with our intranet site where some editor functions through TinyMCE are crippled. These include but may not be limited to:Insert/edit link (the full page browsing version - with the globe included with the link icon)Dynamic contentFile browser buttons from the insert image iconThe clear difference between our intranet site and the other sites is that the intranet uses windows authentication while all the others use sqlserverA comment in the previous post appears to be related to the authentication model. The suggested fix: Could try this, which partner sent in for a similar problem (windows auth) adding <authorization> <deny users="?" /> </authorization> in <location path="util"> [of web.config]Applying this fix progresses the problem a little. While the missing functionality/buttons appear when edit mode is reached, initial browsing to the front-end site presents an authentication modal to the user. I am confused as to what is happening as <deny users="?" /> is supposed to deny anonymous users - but all our users are already authenticated via windows authentication model.Any suggestions and clarification of the TinyMCE invocations would be appreciated.
I have the same problem on a CMS 6 R2 site. Insert/edit link button disappears randomly for som editors, did you solve the problem?
Does this have something to do with the compatibility mode in IE? One of the editors didn't see the button when the compatibility mode was on, when she turned off the compatibility mode the button showed up.