.NET 4.0 Web.Config Changes

Applies to: AbleCommerce version 7.0.7

Date:  05/23/2011

7/07/11 - Service Release 1 is available.  You can skip this patch and apply AbleCommerce 7.0.7 SR1a instead.  

Description of Issue:

We released a web.config for support of asp.net 4.0 with the 7.0.7 release. There is an attribute missing in the web.config, without it errors will occur when certain forms are submitted on the admin side - such as editing an email template:

Symptom:

Error may look similar to the one below:

Server Error in '/' Application.

A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$HtmlMessage="<html>
<head>
<sty...").
Description:Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack.

Fix:

To correct the issue:

Set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0".

Example: <httpRuntime requestValidationMode="2.0" />.

After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section.