92 results found
-
Potential security risk in <Import Data> feature
The file upload used in the [Import Data] feature in the Settings interface does not limit the file extensions to .episerverdata only. Other file extensions can be uploaded (including files in a zipped file, which may pose security threat to the platform. Specially, when uploading a zipped antivirus test file, the system will display <Import successful>.
Allowing an undesirable or malicious file to reside on a system—even if it is not immediately executed or processed—constitutes a security vulnerability in itself. "Unrestricted upload of file with dangerous type" is formally documented as a common weakness under CWE-434, highlighting that simply permitting…1 vote -
Enable selection of datetime format on DateTime block in EPiServer.Forms
The current implementation of the DateTime element (found in the EpiServer.Forms.Samples package appears to be insufficient.
In the DateTimeElementBlock.js file, the logic used to determine the language format relies on the browser's language settings. However, this approach fails, as many Danish users have their browsers set to English (US by default, resulting in the language code en-US. This causes the jQuery date picker to display the wrong date format.
var _utilsSvc = epi.EPiServer.Forms.Utils,
language = navigator.language || navigator.userLanguage, // on iOS naviagtor.language is in lower case (ex: en-us
dateFormatSettings = epi.EPiServer.Forms.Samples.DateFormats[language.toLowerCase(] || epi.EPiServer.Forms.Samples.DateFormats["en-us"],
dateFormat = dateFormatSettings.pickerFormat;
A better solution would…2 votes -
Provide Excel download on Reports
In the section "Reports", it would be very helpful if I am able to download the created report as Excel file. That way, I can sort the information, do better filtration, get a better overview on certain topics and I am able to forward this information also to stakeholders with no access to the Optimizely CMS. Currently, also with the less intuitive overview due to the pagination, I can not get much information out of a report.
2 votes -
Trademark & superscript text in content
At the moment, there's no way to superscript trademark or registered symbols in the copy within the email. The only way to edit this is within an element.
2 votes -
Do not require a license for local.domainname.ext
As a developer I want to use local.domainname.com without a license, so we don't have to keep creating licenses for every developer.
The documentation (https://docs.developers.optimizely.com/content-management-system/docs/set-up-a-development-environment#licenses states:
A license is not required when running on localhost or domainname.local.
However, we had to switch from domainname.local to local.domainname.com (due to a third-party integration.1 vote -
Translating Inline Blocks
Some of our clients use Inline blocks only and it would be nice if the Language translation gadget would be capable of also providing translation files for these blocks.
1 vote -
Change the red asterisk on required fields
No other site or system I have seen have a red asterisk when property is filled correctly. I think you should find another icon to show required, not one that is used for errors.
1 vote -
No error display when form submit not successful
We want to use Marketing automative Salesforce connector for Optimizely CMS(Customer Management System form to connect with our Salesforce platform.
But we find out there are no submission failure show up on CMS interface, only recording the submit data in "form submission" dropdown.
This is unhelpful and not user-friendly for CMS user, developers, and infrastructure people. We cannot track/ debug/ get notice when form is submitting unsuccessful when Salesforce end shows data field mapping error.
There's no way every-time we have to login application insights, and search for request unsuccessful/ view live log stream. Please add the error notice, error…1 vote -
Overview of Audience groups and where they're used
Requirement:
* We are currently implementing the personalization on basis of combination of different Audiences using the Azure groups with their respective roles in Optimizely.
* It is required that certain pages/blocks need to show for some groups and hide for others.
* This could be different based on the requirements.
Challenges:
* The challenge is that we cannot see the direct overview of different personalization under the Audiences (except the list of groups under the Audiences.
* In addition and more importantly, there is no overview of where these Audience groups are used within the website.
* These groups…1 vote -
Adjust due time for an entire workflow/task instead of each step
The due date time automatically populates as 12:00 p.m., or to your current time when adding steps to a workflow. I want the ability to bulk adjust the time for every step in a task. For example, on our team, most of us quit working around 5 p.m. CST - so I want to be able to make the time 5 p.m. for all steps within a task. Having to change each one is tedious, and often steps will show up as "overdue" in my queue when I really have until the end of the day to complete them.
2 votes -
Unchecking "show all languages" in back-end (sites tab isn't saved.
When you uncheck the "show all languages" button (sites tab and then switch language/do a page reload, the choice isn't saved.
It's really annoying for our content editor, since for our multisite project, one of the sites only has very few cultures available.
The backend saves nearly all settings, even when you click the "pin" on the site tree or assets panel & you refresh, it is being saved. So I don't see why this checkbox wouldn't be saved.
I reported this as a bug but because it's been like this for so long, it was recommended to create this…1 vote -
Add the ability to retrieve IP Addresses for an environment by API
We have a client requirement that is to automatically update an IP Allowlist for a third-party system that will be consumed by Optimizely CMS. The intention is to access a third party system using an API-Key within a header, however to ensure the system is fully secure they would like to restrict access to the system by IP address.
While we can retrieve the full list of outbound IP Addresses from within PAAS Portal, this is currently a manual process. Ideally they would like to automate the update of their IP Allowlist so that the third party API remains secure…2 votes -
Please add IsRunning to IImportStatus.Status used in the IDataImporter
We are programmatically running the data importer service to merge databases. One of the page types has a list of users that is validated against our OAuth provider, OKTA. The problem is that running the import service in a scheduled job can't connect to OKTA to validate the user, so it fails. We are getting around this by wrapping the OKTA validator inside a conditional that looks at IDataImporter.Status.IsDone, and if it's false the import service is running (allegedly so it bypasses the user validation. The problem is that IsDone is initialized to its default state of 'false' since it's…
1 vote -
Download bulk assets from 'Media' tab
Ability to download any folder of assets, single asset or multiple assets from media tab.
1 vote -
Translation of List<T> and LinkCollection item in page is not supported on netframework version (CMS 11
For stringlist and linkitemcollection properties, we could see the values are just duplicated and not translated to native text during the auto translate of page.
The issue is reproducible in Alloy solution and attached the evidence for the same.
Also, please find the attached email from Optimizely team as well.3 votes -
Add horizontal scrollbar to page/asset pane and model windows.
As a CMS user, the page pane, asset pane, and page/asset selector modal should display horizontal scroll bars when trying to view deeply nested content items. This will improve navigation and prevent content item names from being cut off.
8 votes -
New cache architecture for the platform
Currently there exists a large number of different caches used in CMS and all its addons, Optimizely codebase primarily uses ISynchronizedObjectInstanceCache (implemented by RemoteCacheSynchronization but there are a lot of other caching mechanisms across the platform and its addons.
The current implementation is not a good fit for high traffic sites that scales out to multiple instances as the event system, for example using the azure service bus event provider created by Optimizely, used for cache invalidation isn't fast enough to keep up, leading to numerous issues with stale data, publishing of content that doesn't work, order exceptions when working…1 vote -
Saving content model fields with HTML tags should be possible if validateRequest is set to true
As a CMS editor I want to be able to save content model fields, if they containt HTML tags.
<system.web>
<pages validateRequest="true" />
</system.web>
Use content model containing a property where Description contains HTML tag, e.g.:
[CultureSpecific]
[Display(
Name = "Gültigkeitsabfrage Text",
Description = "<ul><li>text</li></ul>",
GroupName = SystemTabNames.Content,
Order = 150]
public virtual XhtmlString MainBody { get; set; }
The current behavior is that is throws a validation exception due to posting unescaped HTML tag.1 vote -
Viewing a scheduled job always resets the scheduled Jobs list view when returning to the list
When checking intervals or the setup of several scheduled jobs, the Scheduled Jobs list view always reloads and any column sort selection or scroll debth is lost. This makes it difficult to systematically check settings of multiple jobs.
Would be nice if there was a way to return to the list view and have the same sort order and a highlight of the last job selected.1 vote -
Improve Scheduled Jobs view for narrow screens
When using smaller screens or viewports the Scheduled Jobs view is difficult to read and prioritizes showing Last Run and Next Run columns, instead of the name of the job.
1 vote
- Don't see your idea?