lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-19 18:27:55 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Medium Trust: Fixing machinekey validation code to avoid securityexception on web.config getsection code.

Browse Source 
--HG--
branch : dev
This commit is contained in:
Andre Rodrigues
2010-11-04 16:12:16 -07:00
parent b53a16ca5b
commit d030742a43
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
View File

@@ -1,9 +1,11 @@
using System;
using System.Configuration;
using System.IO;
using System.Security.Cryptography;
using System.Web.Configuration;
using System.Web.Mvc;
using System.Linq;
using System.Xml;
using Orchard.FileSystems.AppData;
using Orchard.Setup.Services;
using Orchard.Setup.ViewModels;
@@ -41,11 +43,21 @@ namespace Orchard.Setup.Controllers {
private bool ValidateMachineKey() {
// Get the machineKey section.
var section = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection;
MachineKeySection machineKeySection = null;
if (section == null
|| section.DecryptionKey.Contains("AutoGenerate")
|| section.ValidationKey.Contains("AutoGenerate")) {
string webConfigFile = Path.Combine(HttpContext.Request.PhysicalApplicationPath, "web.config");
using (XmlTextReader webConfigReader = new XmlTextReader(new StreamReader(webConfigFile))) {
if (webConfigReader.ReadToFollowing("machineKey")) {
machineKeySection = new MachineKeySection {
DecryptionKey = webConfigReader.GetAttribute("decryptionKey"),
ValidationKey = webConfigReader.GetAttribute("validationKey")
};
}
}
if (machineKeySection == null
|| machineKeySection.DecryptionKey.Contains("AutoGenerate")
|| machineKeySection.ValidationKey.Contains("AutoGenerate")) {
var rng = new RNGCryptoServiceProvider();
var decryptionData = new byte[32];