PageObjectManager.Save()

Vote:
 

I'm just experimenting with PageObjects in CMS 6 R2 (Beta) and come across an issue. I get an exception when I try to save:

 

Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName

Stack Trace:

[ArgumentException: Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName]
EPiServer.Framework.Validator.ThrowIfContainsSqlInjectionChars(String name, String value) +191
EPiServer.Data.Dynamic.EPiServerDynamicDataStoreFactory.CreateStore(String storeName, IDictionary`2 typeBag, StoreDefinitionParameters parameters) +115
EPiServer.DataAccess.<>c__DisplayClassc.<Save>b__a() +1158
EPiServer.Data.Dynamic.Providers.<>c__DisplayClass7.<ExecuteTransaction>b__6() +428
EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.InternalExecute(Func`1 method) +69
EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.ExecuteTransaction(Action action) +117
EPiServer.DataAccess.DdsPageObjectRepository.Save(PageObject[] pageObjects) +2798
EPiServer.Core.PageObjectManager.InternalSave(PageObject[] pageObjects) +477
EPiServer.Core.PageObjectManager.InternalSave(String name, Object value, Nullable`1 ownerOption) +425
EPiServer.Core.PageObjectManager.Save(String name, Object value) +32
LiVIntra.Templates.Knowit.Units.Comments.btnComment_Click(Object sender, EventArgs e) in C:\EPiServer\Sites\LiVIntra\Templates\Knowit\Units\Comments.ascx.cs:85
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981


Using Reflector I se that ThrowIfContainsSqlInjectionChars is implemented as:

public static void ThrowIfContainsSqlInjectionChars(string name, string value){

if (!string.IsNullOrEmpty(value) && (_regexSqlCommentChars.IsMatch(value) || !_regexAllowedChars.IsMatch(value))){

throw new ArgumentException("Contains potentially dangerous (SQL Injection) characters", name);

}

}


The "_regexSqlCommentChars" and "_regexAllowedChars" are empty? Anyone got an idea how to get past this (other then waiting for the official release of R2)?
#49411
Mar 16, 2011 12:43
Vote:
 

Hi,

I have very vague memories of seing something similiar when trying to add primitives or (generic) collections as page objects. You must always use a class. You could of course create a class which only has one property to carry the value you want to save.

Another vague memory has something to do with autogenerated classes, like the anonymous types generated by lambdas or classes created by the JIT compiler for the aspx/ascx.

Can you post the code where you try to add the page object causing the exception?

#49414
Mar 16, 2011 13:08
Vote:
 

Damn... my first post was ugly formatted...

 

Your first vague memory was correct :-)

 

I was trying to save a class like this one:

    public class Comment
    {
        public Guid CommentGuid { get; set; }
        public DateTime DatePosted { get; set; }
        public String UserName { get; set; }
        public String CommentText { get; set; }
    }

I added another class that contains a list of "Comment":

 

    public class CommentsList
    {
        public IList<Comment> Comments { get; set; }

        public CommentsList()
        {
            Comments = new List<Comment>();
        }
    }

... and saving this "CommentList" as a PageObject works like a charm. Thanks for the help Magnus!

#49427
Mar 16, 2011 19:17
Vote:
 

I'm facing the same problem when I'm trying to save the following class

        public class PomData : IDynamicData
        {
            public bool IsSecure { get; set; }

            public Identity Id { get; set; }
        }

#64231
Dec 13, 2012 16:16
Vote:
 

What happens if you try to save a similar object that does not implement IDynamicData? IDynamicData is good for saving things in your own store, but could it be that it upsets the PageObject PropertyBag handling?

#64243
Dec 14, 2012 8:51
Vote:
 

The same exception occurs. All i'm trying to do is save a boolean value as PageObject data

PomData data = new PomData();
data.Id = Identity.NewIdentity(Guid.NewGuid());
data.IsSecure = true;

pom.Save(this._propertyName, data);

#64244
Dec 14, 2012 9:00
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.