1
Vote

RequestVerificationToken and other form artefacts show up in ActionRecord.Parameters

description

Minor issue; I was just looking at the Orchard_Rules_ActionRecord table in SQL SMS and the Parameters column looks like this:
<Form><AuditCode>Create</AuditCode><__RequestVerificationToken>oZ1e/+5HYZeaCnmCJvE8OmWOtQbI7d4dz+ROqElK8KeQ+N8BJQPX3IHP9yzgFVcpU+cHGqyLOY3/gQXtZCG/yoMCfP3o+y7osDig5NvhIb0wUz/11h9k2w7q0MN7DoaEjBtaaLjgPCt6qqlzpsG/c4g6RFQJkynys0Bgj84SznoBLiRaw50PCZKWED40pkPxpqTXcd+vTdc/vbVniYBrNyVe+CE/xNgyVubrB2PiqMQ=</__RequestVerificationToken><op>Save</op></Form> I guess both __RequestVerificationToken and op are just being automatically included from the POST data and shouldn't really be in there.

comments

sebastienros wrote Jan 26, 2012 at 1:20 AM

At some point there was some code to prevent those properties from being serialized by using a prefix when generating the form. I should definitely get rid of them.