zydronium/screwturn-4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed attachment download problem.

Browse source
This commit is contained in:
Matteo Tomasini 2010-03-26 08:59:27 +00:00
parent ebbb30608a
commit 072ee52d8f
2 changed files with 17 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
AssemblyVersion.cs
View file

@ -16,5 +16,5 @@ using System.Reflection;
// //
// You can specify all the values or you can default the Revision and Build Numbers // You can specify all the values or you can default the Revision and Build Numbers
// by using the '*' as shown below: // by using the '*' as shown below:
[assembly: AssemblyVersion("3.0.2.516")] [assembly: AssemblyVersion("3.0.2.517")]
[assembly: AssemblyFileVersion("3.0.2.516")] [assembly: AssemblyFileVersion("3.0.2.517")]

18
Core/FilesStorageProvider.cs
View file

@ -94,6 +94,18 @@ namespace ScrewTurn.Wiki {
get { return false; } get { return false; }
} }
/// <summary>
/// Checks the path.
/// </summary>
/// <param name="path">The path to be checked.</param>
/// <param name="begin">The expected beginning of the path.</param>
/// <exception cref="InvalidOperationException">If <paramref name="path"/> does not begin with <paramref name="begin"/> or contains "\.." or "..\".</exception>
private string CheckPath(string path, string begin) {
if(!path.StartsWith(begin) || path.Contains(Path.DirectorySeparatorChar + "..") || path.Contains(".." + Path.DirectorySeparatorChar))
throw new InvalidOperationException();
return path;
}
/// <summary> /// <summary>
/// Builds a full path from a provider-specific partial path. /// Builds a full path from a provider-specific partial path.
/// </summary> /// </summary>
@ -104,8 +116,8 @@ namespace ScrewTurn.Wiki {
private string BuildFullPath(string partialPath) { private string BuildFullPath(string partialPath) {
if(partialPath == null) partialPath = ""; if(partialPath == null) partialPath = "";
partialPath = partialPath.Replace("/", Path.DirectorySeparatorChar.ToString()).TrimStart(Path.DirectorySeparatorChar); partialPath = partialPath.Replace("/", Path.DirectorySeparatorChar.ToString()).TrimStart(Path.DirectorySeparatorChar);
string up = Path.Combine(host.GetSettingValue(SettingName.PublicDirectory), UploadDirectory); string up = Path.Combine(host.GetSettingValue(SettingName.PublicDirectory), UploadDirectory);
return Path.Combine(up, partialPath); // partialPath CANNOT start with "\" -> Path.Combine does not work return CheckPath(Path.Combine(up, partialPath), up); // partialPath CANNOT start with "\" -> Path.Combine does not work
} }
/// <summary> /// <summary>
@ -119,7 +131,7 @@ namespace ScrewTurn.Wiki {
if(partialPath == null) partialPath = ""; if(partialPath == null) partialPath = "";
partialPath = partialPath.Replace("/", Path.DirectorySeparatorChar.ToString()).TrimStart(Path.DirectorySeparatorChar); partialPath = partialPath.Replace("/", Path.DirectorySeparatorChar.ToString()).TrimStart(Path.DirectorySeparatorChar);
string up = Path.Combine(host.GetSettingValue(SettingName.PublicDirectory), AttachmentsDirectory); string up = Path.Combine(host.GetSettingValue(SettingName.PublicDirectory), AttachmentsDirectory);
return Path.Combine(up, partialPath); // partialPath CANNOT start with "\" -> Path.Combine does not work return CheckPath(Path.Combine(up, partialPath), up); // partialPath CANNOT start with "\" -> Path.Combine does not work
} }
/// <summary> /// <summary>