mirror of
https://github.com/OrchardCMS/Orchard.git
synced 2025-10-14 10:54:50 +08:00
Medium trust: Avoiding dynamic dispatch to the view method (which is protected internal) and using static invocation by casting to object.
This commit is contained in:
andrerod
@@ -188,8 +188,8 @@ namespace Orchard.Core.Contents.Controllers {
|
||||
if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Cannot create content")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var model = _contentManager.BuildEditor(contentItem);
|
||||
return View(model);
|
||||
dynamic model = _contentManager.BuildEditor(contentItem);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Create")]
|
||||
@@ -241,9 +241,8 @@ namespace Orchard.Core.Contents.Controllers {
|
||||
if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot edit content")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var model = _contentManager.BuildEditor(contentItem);
|
||||
|
||||
return View(model);
|
||||
dynamic model = _contentManager.BuildEditor(contentItem);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Edit")]
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Web.Mvc;
|
||||
using Orchard.Blogs.Extensions;
|
||||
using Orchard.Blogs.Models;
|
||||
@@ -48,12 +49,12 @@ namespace Orchard.Blogs.Controllers {
|
||||
if (!Services.Authorizer.Authorize(Permissions.ManageBlogs, T("Not allowed to create blogs")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var blog = Services.ContentManager.New<BlogPart>("Blog");
|
||||
BlogPart blog = Services.ContentManager.New<BlogPart>("Blog");
|
||||
if (blog == null)
|
||||
return HttpNotFound();
|
||||
|
||||
var model = Services.ContentManager.BuildEditor(blog);
|
||||
return View(model);
|
||||
dynamic model = Services.ContentManager.BuildEditor(blog);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Create")]
|
||||
@@ -86,8 +87,8 @@ namespace Orchard.Blogs.Controllers {
|
||||
if (blog == null)
|
||||
return HttpNotFound();
|
||||
|
||||
var model = Services.ContentManager.BuildEditor(blog);
|
||||
return View(model);
|
||||
dynamic model = Services.ContentManager.BuildEditor(blog);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Edit")]
|
||||
|
||||
@@ -33,9 +33,8 @@ namespace Orchard.Blogs.Controllers {
|
||||
if (blogPost.BlogPart == null)
|
||||
return HttpNotFound();
|
||||
|
||||
var model = Services.ContentManager.BuildEditor(blogPost);
|
||||
|
||||
return View(model);
|
||||
dynamic model = Services.ContentManager.BuildEditor(blogPost);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Create")]
|
||||
@@ -76,9 +75,8 @@ namespace Orchard.Blogs.Controllers {
|
||||
if (post == null)
|
||||
return HttpNotFound();
|
||||
|
||||
var model = Services.ContentManager.BuildEditor(post);
|
||||
|
||||
return View(model);
|
||||
dynamic model = Services.ContentManager.BuildEditor(post);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Edit")]
|
||||
|
||||
@@ -57,10 +57,10 @@ namespace Orchard.Users.Controllers {
|
||||
var user = Services.ContentManager.New<IUser>("User");
|
||||
var editor = Shape.EditorTemplate(TemplateName: "Parts/User.Create", Model: new UserCreateViewModel(), Prefix: null);
|
||||
editor.Metadata.Position = "2";
|
||||
var model = Services.ContentManager.BuildEditor(user);
|
||||
dynamic model = Services.ContentManager.BuildEditor(user);
|
||||
model.Content.Add(editor);
|
||||
|
||||
return View(model);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Create")]
|
||||
@@ -111,10 +111,10 @@ namespace Orchard.Users.Controllers {
|
||||
var user = Services.ContentManager.Get<UserPart>(id);
|
||||
var editor = Shape.EditorTemplate(TemplateName: "Parts/User.Edit", Model: new UserEditViewModel {User = user}, Prefix: null);
|
||||
editor.Metadata.Position = "2";
|
||||
var model = Services.ContentManager.BuildEditor(user);
|
||||
dynamic model = Services.ContentManager.BuildEditor(user);
|
||||
model.Content.Add(editor);
|
||||
|
||||
return View(model);
|
||||
return View((object)model);
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Edit")]
|
||||
|
||||
@@ -112,7 +112,7 @@ namespace Orchard.Widgets.Controllers {
|
||||
|
||||
widgetPart.LayerPart = _widgetsService.GetLayer(layerId);
|
||||
dynamic model = Services.ContentManager.BuildEditor(widgetPart);
|
||||
return View(model);
|
||||
return View((object)model);
|
||||
}
|
||||
catch (Exception exception) {
|
||||
Services.Notifier.Error(T("Creating widget failed: {0}", exception.Message));
|
||||
@@ -155,7 +155,7 @@ namespace Orchard.Widgets.Controllers {
|
||||
return HttpNotFound();
|
||||
|
||||
dynamic model = Services.ContentManager.BuildEditor(layerPart);
|
||||
return View(model);
|
||||
return View((object)model);
|
||||
}
|
||||
catch (Exception exception) {
|
||||
Services.Notifier.Error(T("Creating layer failed: {0}", exception.Message));
|
||||
@@ -200,7 +200,7 @@ namespace Orchard.Widgets.Controllers {
|
||||
}
|
||||
|
||||
dynamic model = Services.ContentManager.BuildEditor(layerPart);
|
||||
return View(model);
|
||||
return View((object)model);
|
||||
}
|
||||
catch (Exception exception) {
|
||||
Services.Notifier.Error(T("Editing layer failed: {0}", exception.Message));
|
||||
@@ -265,7 +265,7 @@ namespace Orchard.Widgets.Controllers {
|
||||
}
|
||||
|
||||
dynamic model = Services.ContentManager.BuildEditor(widgetPart);
|
||||
return View(model);
|
||||
return View((object)model);
|
||||
}
|
||||
catch (Exception exception) {
|
||||
Services.Notifier.Error(T("Editing widget failed: {0}", exception.Message));
|
||||
|
||||
Reference in New Issue
Block a user