Customer Feedback

We love feedback from you on our products and the problems in your daily work that you would like us to solve. Please describe the challenge you're encountering and your desired outcome. Be as detailed as possible.

For technical issues or bugs please head to Support or our Developer Community. You can assign up to 20 votes in total. Thank you for your feedback.

Status explanation: 'Future Consideration' = Continuing to collect further feedback, not planned at this time. 'Investigating' = Prioritized for deeper customer and feasibility investigations ahead of planning development.

Add feedback Subscribe
Product Content Management
Categories Forms
Created by Guest
Created on Mar 7, 2024

RELATED FEEDBACK

CMS users can not access files uploaded through Episerver Forms

After upgrading Episerver Forms to fix the security vulnerability outlined in this blog post (https://world.optimizely.com/blogs/phu-nguyen/dates/2023/10/vulnerability-in-episerver-forms/') CMS users can no longer access uploaded files from the Form Submissions view. The user can access the file from the Media on the File Upload form field. The issue with accessing the files from the Media folder is they are not associated with the form submission at that point.


I'd consider this more of a bug then a feature request, as accessing uploaded files from the link provided in the UI of the Form Submission page should be expected functionality.


See attached screenshots for examples of the issue and you can also refer to support ticket #1319285

Download_File_F...
File_link_from_...
Unauthorized_wh...
Download_File_From_Media_Folder_Works.png
Open full size
File_link_from_form_submission.png
Open full size
Unauthorized_when_accessing_file_from_submission_links.png
Open full size
Download_File_From_Media_Folder_Works.png File_link_from_form_submission.png Unauthorized_when_accessing_file_from_submission_links.png
  • Post comment
  • Guest
    Reply
    |     Mar 11, 2024

    I think this is by design from Optimizely to prevent unauthorized users access to the files, since there are no knowlegde of who uploaded the file and who is accessing it.