Hi, when I change a product's category uCommerce/umbraco runs into an exception.
The setup: uCommerce > stores > myStore > - Catelog 1 > category a, category b, category c - Catelog 2 > category a, category b - Catelog 3 > category a, category b, category c
To reproduce: Open one of the products, go to the tab categories, add the product to another category by checking the appropiate checkbox.
The exception:
Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client (ctl00$ctl12$Long Description="
In het Dynamisch ...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874. ;
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl12$Long Description="
In het Dynamisch ...").
Source Error:
[No relevant source lines]
Source File: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\85ab859a\18f62108\App_Web_editproduct.aspx.2a84e035.h_8rsd6e.0.cs Line: 0
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ctl12$Long Description="
The html value is:test. It doens't really matter what kind of value I enter, as long as it contains any html it will crash. If there is no value in the field it will work just fine.
A potentially dangerous Request.Form value was detected from the client (ctl00$ctl11$Long Description="test").
I've fixed it for now by setting the option <httpRuntime requestValidationMode="2.0" in my web.config.Still, this should be fixed by encoding the data from the field before posting it to the server. On the cleint side by using string = escape(string) and on the server side decode it with var stringVal = Server.UrlDecode(Request["string"]); This way the ValidateRequest="true" can also be removed from /Dialogs/EditVariantDescription.aspx.
Error when changing product category
Hi, when I change a product's category uCommerce/umbraco runs into an exception.
The setup:
uCommerce > stores > myStore >
- Catelog 1 > category a, category b, category c
- Catelog 2 > category a, category b
- Catelog 3 > category a, category b, category c
To reproduce:
Open one of the products, go to the tab categories, add the product to another category by checking the appropiate checkbox.
The exception:
Server Error in '/' Application.
By the way, this happens when the long description field is used. The content is not encoded before posting resulting in the request exception.
Edit:
I just remembered, I also added a custom field to the product definition (numeric). This seems to be related.
This looks like it is data related. Can you please provide the value of the long description ? I've tried to reproduce but without any luck.
Does this by any chance work if there's no value in the field ?
Cheers
Morten
(edit: typo's)
The html value is: test. It doens't really matter what kind of value I enter, as long as it contains any html it will crash. If there is no value in the field it will work just fine.
A potentially dangerous Request.Form value was detected from the client (ctl00$ctl11$Long Description="test").
I've fixed it for now by setting the option <httpRuntime requestValidationMode="2.0" in my web.config.Still, this should be fixed by encoding the data from the field before posting it to the server. On the cleint side by using string = escape(string) and on the server side decode it with var stringVal = Server.UrlDecode(Request["string"]); This way the ValidateRequest="true" can also be removed from /Dialogs/EditVariantDescription.aspx.
is working on a reply...