November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

PageObjectManager.Save()

Henrik Buer
Henrik Buer
Vote:
 

I'm just experimenting with PageObjects in CMS 6 R2 (Beta) and come across an issue. I get an exception when I try to save:

 

Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName

Stack Trace: 

[ArgumentException: Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName]
   EPiServer.Framework.Validator.ThrowIfContainsSqlInjectionChars(String name, String value) +191
   EPiServer.Data.Dynamic.EPiServerDynamicDataStoreFactory.CreateStore(String storeName, IDictionary`2 typeBag, StoreDefinitionParameters parameters) +115
   EPiServer.DataAccess.<>c__DisplayClassc.<Save>b__a() +1158
   EPiServer.Data.Dynamic.Providers.<>c__DisplayClass7.<ExecuteTransaction>b__6() +428
   EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.InternalExecute(Func`1 method) +69
   EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.ExecuteTransaction(Action action) +117
   EPiServer.DataAccess.DdsPageObjectRepository.Save(PageObject[] pageObjects) +2798
   EPiServer.Core.PageObjectManager.InternalSave(PageObject[] pageObjects) +477
   EPiServer.Core.PageObjectManager.InternalSave(String name, Object value, Nullable`1 ownerOption) +425
   EPiServer.Core.PageObjectManager.Save(String name, Object value) +32
   LiVIntra.Templates.Knowit.Units.Comments.btnComment_Click(Object sender, EventArgs e) in C:\EPiServer\Sites\LiVIntra\Templates\Knowit\Units\Comments.ascx.cs:85
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981


Using Reflector I se that ThrowIfContainsSqlInjectionChars is implemented as:

public static void ThrowIfContainsSqlInjectionChars(string name, string value){

   if (!string.IsNullOrEmpty(value) && (_regexSqlCommentChars.IsMatch(value) || !_regexAllowedChars.IsMatch(value))){

      throw new ArgumentException("Contains potentially dangerous (SQL Injection) characters", name);
   }
}


The "_regexSqlCommentChars" and "_regexAllowedChars" are empty? Anyone got an idea how to get past this (other then waiting for the official release of R2)?
#49411
Mar 16, 2011 12:43
Magnus Rahl
Magnus Rahl
Vote:
 

Hi,

I have very vague memories of seing something similiar when trying to add primitives or (generic) collections as page objects. You must always use a class. You could of course create a class which only has one property to carry the value you want to save.

Another vague memory has something to do with autogenerated classes, like the anonymous types generated by lambdas or classes created by the JIT compiler for the aspx/ascx.

Can you post the code where you try to add the page object causing the exception?

#49414
Mar 16, 2011 13:08
Henrik Buer
Henrik Buer
Vote:
 

Damn... my first post was ugly formatted...

 

Your first vague memory was correct :-)

 

I was trying to save a class like this one:

    public class Comment
    {
        public Guid CommentGuid { get; set; }
        public DateTime DatePosted { get; set; }
        public String UserName { get; set; }
        public String CommentText { get; set; }
    }

I added another class that contains a list of "Comment":

 

    public class CommentsList
    {
        public IList<Comment> Comments { get; set; }

        public CommentsList()
        {
            Comments = new List<Comment>();
        }
    }

... and saving this "CommentList" as a PageObject works like a charm. Thanks for the help Magnus!

#49427
Mar 16, 2011 19:17
Ger Groot
Ger Groot
Vote:
 

I'm facing the same problem when I'm trying to save the following class

        public class PomData : IDynamicData
        {
            public bool IsSecure { get; set; }

            public Identity Id { get; set; }
        }

#64231
Dec 13, 2012 16:16
Magnus Rahl
Magnus Rahl
Vote:
 

What happens if you try to save a similar object that does not implement IDynamicData? IDynamicData is good for saving things in your own store, but could it be that it upsets the PageObject PropertyBag handling?

#64243
Dec 14, 2012 8:51
Ger Groot
Ger Groot
Vote:
 

The same exception occurs. All i'm trying to do is save a boolean value as PageObject data

PomData data = new PomData();
data.Id = Identity.NewIdentity(Guid.NewGuid());
data.IsSecure = true;

pom.Save(this._propertyName, data);

#64244
Dec 14, 2012 9:00
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.