Vulnerability in EPiServer.Forms
We have the problem of in the live website, the full file path is being displayed when you hover over it and alos right click to save, instead of the file name allocated to the image in the image library. iE: Global-Hotel Images-world-blue.com-Carrington Budget Apartments-Carrington-Budget-Apartments-Sydney-Exterior
Has anyone else experienced this issie or know what is going wrong?
How do the images appear on the web page. Have they been inserted in an html editor or are you using an image property?
Here is an example:
If you hove over the images in PHOTO GALLERY, it shows the full file directory. Also if you right clikc on the images in the main part of that page (not in the tabs), the file name is the full path. In the image library, the file name is simply 'amora-hotel-jamison-exterior',for example.
They are out og the global directory, not html editor.
When looking in the page source it seems that the image name is actuallty the full path that you probably see when trying to save it:
I do not know how the image is saved internally but it seems like the full path is translated/encoded somehow. I would expect that the two "%20" parts would actually be "/"-characters though this is a bit strange since "%20" is the encoded representation for blank space. I would have a look at the template that is writing the file URL to see if something is happening there.
We are using EPiImage:EPiImageResizer tag to render images stored in VPP folder. The problem is that ImageURL property of EPiImageResizer renders image path as
Somehow "/" character is automatically converting into "-" character. So the actual image path is http://www.world-blue.com/Global/Hotel%20Images/world-blue.com/Amora%20Jamison/Amora-Jamison-Hotel-Sydney-Amora-Spa.jpg. When i tried html tag <img src=""/> instead of <EPiImage:EPiImageResizer ImageURL=""/> then it worked fine and rendering image path correctly. But we need to use EPiImageResizer in order to resize images. I can also send you the code if you need.
Issues with EPiImage should be directed to the EPiImage project. Check https://www.coderesort.com/p/epicode/wiki/EPiImage