Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


These support forums are now closed for new topics and comments.
Please head on over to http://eureka.ucommerce.net/ for support.

  • Wouter 49 posts 76 karma points
    Dec 09, 2013 @ 11:28
    Wouter
    0

    Error when changing product category

    Hi, when I change a product's category uCommerce/umbraco runs into an exception.

    The setup:
    uCommerce > stores > myStore >
     - Catelog 1 > category a, category b, category c
     - Catelog 2 > category a, category b
     - Catelog 3 > category a, category b, category c

    To reproduce:
    Open one of the products, go to the tab categories, add the product to another category by checking the appropiate checkbox.

    The exception:

    Server Error in '/' Application.

    A potentially dangerous Request.Form value was detected from the client (ctl00$ctl12$Long Description="

    In het Dynamisch ...").

    Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874. ;

    Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl12$Long Description="

    In het Dynamisch ...").

    Source Error: 

    [No relevant source lines]


    Source File: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\85ab859a\18f62108\App_Web_editproduct.aspx.2a84e035.h_8rsd6e.0.cs    Line: 

    Stack Trace: 

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ctl12$Long Description="

    In het Dynamisch ...").] System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +12606049 System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +132 System.Web.HttpRequest.get_HasForm() +12608898 System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +146 System.Web.UI.Page.DeterminePostBackMode() +129 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12575175 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12574685 System.Web.UI.Page.ProcessRequest() +119 System.Web.UI.Page.ProcessRequest(HttpContext context) +99 ASP.umbraco_ucommerce_catalog_editproduct_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\85ab859a\18f62108\App_Web_editproduct.aspx.2a84e035.h_8rsd6e.0.cs:0 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

  • Wouter 49 posts 76 karma points
    Dec 09, 2013 @ 11:34
    Wouter
    0

    By the way, this happens when the long description field is used. The content is not encoded before posting resulting in the request exception.

    Edit:
    I just remembered, I also added a custom field to the product definition (numeric). This seems to be related.

  • Morten Skjoldager 440 posts 1499 karma points
    Dec 09, 2013 @ 13:17
    Morten Skjoldager
    0

    This looks like it is data related. Can you please provide the value of the long description ? I've tried to reproduce but without any luck.

    Does this by any chance work if there's no value in the field ? 

    Cheers 

    Morten

  • Wouter 49 posts 76 karma points
    Dec 09, 2013 @ 13:34
    Wouter
    0

    (edit: typo's)

    The html value is: test. It doens't really matter what kind of value I enter, as long as it contains any html it will crash. If there is no value in the field it will work just fine.

    A potentially dangerous Request.Form value was detected from the client (ctl00$ctl11$Long Description="test").

    I've fixed it for now by setting the option <httpRuntime requestValidationMode="2.0" in my web.config.Still, this should be fixed by encoding the data from the field before posting it to the server. On the cleint side by using string = escape(string) and on the server side decode it with var stringVal = Server.UrlDecode(Request["string"]); This way the ValidateRequest="true" can also be removed from /Dialogs/EditVariantDescription.aspx.

     

     

     

     

     

     

     

Please Sign in or register to post replies

Write your reply to:

Draft