mirror of
https://github.com/OrchardCMS/Orchard.git
synced 2025-12-03 12:03:51 +08:00
Adding one more test for root directory validation and improving algorithm.
--HG-- branch : 1.x
This commit is contained in:
Andre Rodrigues
@@ -15,6 +15,7 @@ namespace Orchard.Tests.FileSystems.VirtualPath {
|
||||
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\a.txt"), Is.True);
|
||||
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\..\\a.txt"), Is.True);
|
||||
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\..\\..\\a.txt"), Is.False);
|
||||
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\..\\..\\b\\c.txt"), Is.False);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -65,8 +65,21 @@ namespace Orchard.FileSystems.VirtualPath {
|
||||
try {
|
||||
// Check if the path falls outside the root directory of the app
|
||||
string directoryName = Path.GetDirectoryName(virtualPath);
|
||||
if (CountOccurences(@"\", directoryName.Replace(@"\..", "")) < CountOccurences(@"..", directoryName)) {
|
||||
return false;
|
||||
|
||||
int level = 0;
|
||||
int stringLength = directoryName.Count();
|
||||
|
||||
for(int i = 0 ; i < stringLength ; i++) {
|
||||
if (directoryName[i] == '\\') {
|
||||
if (i < (stringLength - 2) && directoryName[i + 1] == '.' && directoryName[i + 2] == '.') {
|
||||
level--;
|
||||
i += 2;
|
||||
} else level++;
|
||||
}
|
||||
|
||||
if (level < 0) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return FileExists(virtualPath);
|
||||
@@ -83,9 +96,5 @@ namespace Orchard.FileSystems.VirtualPath {
|
||||
public virtual void CreateDirectory(string virtualPath) {
|
||||
Directory.CreateDirectory(MapPath(virtualPath));
|
||||
}
|
||||
|
||||
private static int CountOccurences(string needle, string haystack) {
|
||||
return (haystack.Length - haystack.Replace(needle, "").Length) / needle.Length;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user