lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-12-03 12:03:51 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Adding one more test for root directory validation and improving algorithm.

Browse Source 
--HG--
branch : 1.x
This commit is contained in:
Andre Rodrigues
2011-03-30 18:07:48 -07:00
parent cc4c7a4f50
commit 78bd74479b
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Orchard.Tests/FileSystems/VirtualPath/DefaultVirtualPathProviderTests.cs
View File

@@ -15,6 +15,7 @@ namespace Orchard.Tests.FileSystems.VirtualPath {
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\a.txt"), Is.True); Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\a.txt"), Is.True);
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\..\\a.txt"), Is.True); Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\..\\a.txt"), Is.True);
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\..\\..\\a.txt"), Is.False); Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\b\\..\\..\\..\\a.txt"), Is.False);
Assert.That(defaultVirtualPathProvider.TryFileExists("~\\a\\..\\..\\b\\c.txt"), Is.False);
} }
} }

21
src/Orchard/FileSystems/VirtualPath/DefaultVirtualPathProvider.cs
View File

@@ -65,8 +65,21 @@ namespace Orchard.FileSystems.VirtualPath {
try { try {
// Check if the path falls outside the root directory of the app // Check if the path falls outside the root directory of the app
string directoryName = Path.GetDirectoryName(virtualPath); string directoryName = Path.GetDirectoryName(virtualPath);
if (CountOccurences(@"\", directoryName.Replace(@"\..", "")) < CountOccurences(@"..", directoryName)) {
return false; int level = 0;
int stringLength = directoryName.Count();
for(int i = 0 ; i < stringLength ; i++) {
if (directoryName[i] == '\\') {
if (i < (stringLength - 2) && directoryName[i + 1] == '.' && directoryName[i + 2] == '.') {
level--;
i += 2;
} else level++;
}
if (level < 0) {
return false;
}
} }
return FileExists(virtualPath); return FileExists(virtualPath);
@@ -83,9 +96,5 @@ namespace Orchard.FileSystems.VirtualPath {
public virtual void CreateDirectory(string virtualPath) { public virtual void CreateDirectory(string virtualPath) {
Directory.CreateDirectory(MapPath(virtualPath)); Directory.CreateDirectory(MapPath(virtualPath));
} }
private static int CountOccurences(string needle, string haystack) {
return (haystack.Length - haystack.Replace(needle, "").Length) / needle.Length;
}
} }
} }