Vulnerability in EPiServer.Forms
Does anyone know if special characters are allowed in file/folder names of EPiServer's VPP files? Will there be problems if I upload a document with for example scandinavian characters or an ampersand, or should it work fine?
I was under the assumption that it was supported, but am really not sure here.
Thanks a lot in advance!
There is a configuration setting: IllegalCharactersRegEx, that sets the rules of what file and folder names are valid. The default regex will remove sequences that might get us into trouble if the files are saved on disk as well as some characters that are not allowed as URL:s in default IIS configuration. You can change this runtime but note that by allowing some characters, you might need additional configuration, for instance in the IIS and/or asp.NET configuration. Read more about it in the sdk:
RegardsLinus EkströmEPiServer Development Team