Vulnerability in EPiServer.Forms
Is there any way you can encrypt the form data when using XForms before it is submitted into the database but not encrypted as an email as I need to save to database and send the email.
Hook up to private static void XForm_BeforeSubmitPostedData(object sender, SaveFormDataEventArgs e)
Pick the values you need for sending an email, encrypt the rest, send email :)
So, if I picked Email and Save to database, it would send the email first? Then encrypt the data?
What about decrypting it when viewing it in the CMS?
I would probably take control over the email-sending myself, and let xforms take care of the database saving. I.e you, pick the data you need in your email, send it via your own code, and then decrypt the data before saving it to database.
This is (some of the information) described here: http://labs.episerver.com/en/Blogs/Linus-Ekstrom1/Dates/2009/8/Altering-the-XForm-email-body-to-make-it-look-more-like-the-actual-form/
For reading back the encryptet contents, you probably have to alter the built in functionality for reading the xforms-data, and decrypt it. You can find the bulit in functionality (depending on your installation) here: C:\Program Files\EPiServer\CMS\6.1.379.0\Application\UI\CMS\Edit\XFormPostings.ascx
To replace it you make a folder in your solution, placed under UI/edit and place the new XFormsPostings.ascx there
The top bit works a treat, but getting the XFormPosting page into the Sites root as you mention above doesnt work. Besides, how could I Decrypt the content if the backend code is wrapped in the DLL?