Vulnerability in EPiServer.Forms
I’m having a strange problem with community and document archive and image gallery. I’m running a site with cms 184.108.40.206 and community 7.5.446.4.
In production environment everything works. In stage, test and dev I get 404 not found on files in the community document archive.
I have checked that the path is correct DocumentArchiveModule.Instance.PhysicalPath and that is correct. “C:\[VPPPATH]\EPiServerCommunity\Modules\DocumentArchive\Files”
If I try VirtualPathUtility.GetFileName("/EPiServerCommunity/Modules/DocumentArchive/Files/28/1028/XXX.docx"); I get 404 on “C:\[WebRoot]\EPiServerCommunity\Modules\DocumentArchive\Files\28\1028\xxx.docx”.
It feels like the VPP does not register for some reason.
If I register the VPP “like old times” in episeverframwork.config everything works but I get a warning in the logs
ERROR  ?.? - VirtualPathProvider of type 'EPiServer.Web.Hosting.VirtualPathNativeProvider' is registered for virtualPath '~/EPiServerCommunity/Modules/DocumentArchive/Files/'. VirtualPathProviders should be converted to IContent based files.
Has anyone encountered this before?
Any help would be most appreciated!
I just found out why this is working in production. Someone has set up the virtual paths to the document archive and the image gallery in the IIS. While this is a valid solution it means that the virtual paths in the community config does not work at all anywhere.