Security Archive

Security fix for the Language File Editor tool in EPiServer 7.5

I applied the security fix that I made for the EPiServer CMS 6 R2 version of the Language File Editor tool to the EPiServer 7 version that Hannu Hartikainen made earlier. Also did some code refactoring and removed the possibility for web administrators to create their own language files, as well as deleting existing ones; these were a source for potential headache. Code available at …

Security fix for the Language File Editor tool in EPiServer CMS 6 R2

In 2011 I wrote a tool allowing web administrators to edit EPiServer’s language XML files through admin mode. As the code was constructed it assumed that the environment was properly set up (i.e. securing the plugins preventing unauthorized access), thus trusting the user. Anyhow, failing to do so opened up for unauthorized users to read/modify/delete certain files on the server/shares. Here is a summary of …