diff options
author | Marek Habersack <grendel@twistedcode.net> | 2009-01-09 17:38:26 +0300 |
---|---|---|
committer | Marek Habersack <grendel@twistedcode.net> | 2009-01-09 17:38:26 +0300 |
commit | 3887d81f8eb799d9858050154232e6a6af91a8f6 (patch) | |
tree | 839f63d86e46db4df8806099e1c057e65fc06707 | |
parent | 11072be5edf103e2c7dc7bea506e76efed2c6f53 (diff) |
Backport of r122891.
svn path=/branches/mono-2-2/mcs/; revision=122892
-rw-r--r-- | mcs/class/System.Web/System.Web/ChangeLog | 11 | ||||
-rw-r--r-- | mcs/class/System.Web/System.Web/HttpContext.cs | 22 |
2 files changed, 28 insertions, 5 deletions
diff --git a/mcs/class/System.Web/System.Web/ChangeLog b/mcs/class/System.Web/System.Web/ChangeLog index 7878c4ebf13..54c59c3f5b8 100644 --- a/mcs/class/System.Web/System.Web/ChangeLog +++ b/mcs/class/System.Web/System.Web/ChangeLog @@ -1,3 +1,14 @@ +2009-01-09 Marek Habersack <mhabersack@novell.com> + + * HttpContext.cs: RewritePath now treats relative and absolute + file paths with more care. If a path is of the ~/file.aspx form, + then the ~/ part is removed and the rest is combined with the base + virtual path. If the file path is of the ~ or /file.aspx forms, + then it is combined verbatim with the base virtual path. Fixes bug + #463964 + Make sure the path returned from HttpRequest.BaseVirtualPath + contains the trailing slash before combining. Fixes bug #463964 + 2008-12-16 Marek Habersack <mhabersack@novell.com> * StaticFileHandler.cs: use HttpRuntime.RunningOnWindows instead diff --git a/mcs/class/System.Web/System.Web/HttpContext.cs b/mcs/class/System.Web/System.Web/HttpContext.cs index fffd779b321..d8b2755ba4a 100644 --- a/mcs/class/System.Web/System.Web/HttpContext.cs +++ b/mcs/class/System.Web/System.Web/HttpContext.cs @@ -657,14 +657,26 @@ namespace System.Web { if (!VirtualPathUtility.IsValidVirtualPath (filePath)) throw new HttpException ("'" + HttpUtility.HtmlEncode (filePath) + "' is not a valid virtual path."); - if (VirtualPathUtility.IsRooted (filePath)) - filePath = VirtualPathUtility.Combine (Request.BaseVirtualDir, VirtualPathUtility.Canonize (filePath).Substring (1)); - else - filePath = VirtualPathUtility.Combine (VirtualPathUtility.GetDirectory (Request.FilePath), filePath); + bool pathRelative = VirtualPathUtility.IsAppRelative (filePath); + bool pathAbsolute = pathRelative ? false : VirtualPathUtility.IsAbsolute (filePath); + if (pathRelative || pathAbsolute) { + bool needSubstring = false; + + if (pathRelative && filePath.Length > 1) + needSubstring = true; + string bvd = Request.BaseVirtualDir; + if (bvd.Length > 1) + bvd += "/"; + + string canonizedFilePath = VirtualPathUtility.Canonize (filePath); + filePath = VirtualPathUtility.Combine (bvd, needSubstring ? canonizedFilePath.Substring (2) : canonizedFilePath); + } else + filePath = VirtualPathUtility.Combine (VirtualPathUtility.GetDirectory (Request.FilePath), filePath); + if (!StrUtils.StartsWith (filePath, HttpRuntime.AppDomainAppVirtualPath)) throw new HttpException (404, "The virtual path '" + HttpUtility.HtmlEncode (filePath) + "' maps to another application.", filePath); - + Request.SetCurrentExePath (filePath); if (setClientFilePath) Request.SetFilePath (filePath); |