Admin TreeView Error Home » Kartris ASP.NET Ecommerce Software » Kartris technical issues https://forum.kartris.com/Topic6306.aspx

Print Topic | Close Window

By jcosmo - Fri 4 Dec 2015 In the Admin, if I go into an existing product and add a second category and hit save, the following error appears in the TreeView node of the new category: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. Is this a known error and is there a fix to it? It's true that EnableEventValidation is set to true, but for security reasons that setting should be preserved if possible, and that it how Kartris came. By Tiggywiggler - Tue 22 Dec 2015 This problem flares up a lot in the past year due to the security changes that Microsoft made in .Net. It can be worked around but requires quite a bit of work on the back end. the security risks come if someone is injectign code into the HTML response but as you are in the admin page, if you have a hacker on this page you have already lost so there isn't really a risk to you here. You should be able to disable this validation check without any adverse problems. If you get this alert on a front end page (non admin) then it would be a different story. in the end we will need to rewrite the dynamic content to work around this issue but it takes time, a lot of it. By Paul - Fri 1 Jan 2016 Couldn't figure out why I was not getting this when testing the project, turns out it is disabled in the main web config we have in our codeplex project, but not in the 'clean' web config that we use when building new zips. That is fixed now, so the next release should not have this problem. Note that we only disable it for the Admin folder, which as Tiggywiggler points out, doesn't really pose security issues as if you have access to the back end there are far bigger fish to fry in terms of messing things up.