diff options
| author | Sebastien Pouliot <sebastien@ximian.com> | 2005-09-10 18:12:33 +0400 |
|---|---|---|
| committer | Sebastien Pouliot <sebastien@ximian.com> | 2005-09-10 18:12:33 +0400 |
| commit | fce04f20db7023228c30da6dbd8be9911d5f896b (patch) | |
| tree | 83adf9fcdeae0a41096ef06a86d723a3f0f3c168 /mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs | |
| parent | 3840f98020db8501d7f76fce40572e65271588e4 (diff) | |
2005-09-10 Sebastien Pouliot <sebastien@ximian.com>
* AppDomainFactory.cs: Added LinkDemand for Minimal. Added Demand for
UnmanagedCode on ctor. Added TODO on unimplemented method.
* ApplicationHost.cs: Added LinkDemand for Minimal. Added Demand for
UnmanagedCode on ctor. Removed duplicate null checks.
* ISAPIRuntime.cs: Fixed inheritance (added MarshalByRefObject and
IRegisteredObject) for 2.0. Added LinkDemand for Minimal. Added Demand
for UnmanagedCode on ctor.
* SimpleWorkerRequest.cs: Added LinkDemand and InheritanceDemand (not
sealed) for Minimal. Added Demands for UnmanagedCode on ctors. Added
FileIOPermission for PathDiscovery before returning processed paths.
svn path=/trunk/mcs/; revision=49864
Diffstat (limited to 'mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs')
| -rw-r--r-- | mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs b/mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs index 1042b11e836..f73ff7f1ba8 100644 --- a/mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs +++ b/mcs/class/System.Web/System.Web.Hosting/SimpleWorkerRequest.cs @@ -28,16 +28,20 @@ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // -using System; using System.Collections; using System.IO; using System.Runtime.InteropServices; -using System.Web; +using System.Security; +using System.Security.Permissions; using System.Web.UI; using System.Web.Util; namespace System.Web.Hosting { + // CAS + [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)] + [AspNetHostingPermission (SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)] + // attributes [ComVisible (false)] public class SimpleWorkerRequest : HttpWorkerRequest { string page; @@ -55,6 +59,7 @@ namespace System.Web.Hosting { // Constructor used when the target application domain // was created with ApplicationHost.CreateApplicationHost // + [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)] public SimpleWorkerRequest (string page, string query, TextWriter output) { this.page = page; @@ -71,6 +76,7 @@ namespace System.Web.Hosting { // // This is used for user instantiates HttpContext (my_SimpleWorkerRequest) // + [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)] public SimpleWorkerRequest (string appVirtualDir, string appPhysicalDir, string page, string query, TextWriter output) { this.page = page; @@ -83,16 +89,26 @@ namespace System.Web.Hosting { public override string MachineConfigPath { get { - if (hosted) - return ICalls.GetMachineConfigPath (); + if (hosted) { + string path = ICalls.GetMachineConfigPath (); + if (SecurityManager.SecurityEnabled && (path != null) && (path.Length > 0)) { + new FileIOPermission (FileIOPermissionAccess.PathDiscovery, path).Demand (); + } + return path; + } return null; } } public override string MachineInstallDirectory { get { - if (hosted) - return ICalls.GetMachineInstallDirectory (); + if (hosted) { + string path = ICalls.GetMachineInstallDirectory (); + if (SecurityManager.SecurityEnabled && (path != null) && (path.Length > 0)) { + new FileIOPermission (FileIOPermissionAccess.PathDiscovery, path).Demand (); + } + return path; + } return null; } } @@ -112,6 +128,9 @@ namespace System.Web.Hosting { public override string GetAppPathTranslated () { + if (SecurityManager.SecurityEnabled && (app_physical_dir != null) && (app_physical_dir.Length > 0)) { + new FileIOPermission (FileIOPermissionAccess.PathDiscovery, app_physical_dir).Demand (); + } return app_physical_dir; } @@ -129,7 +148,11 @@ namespace System.Web.Hosting { else local_page = page; - return Path.Combine (app_physical_dir, local_page); + string path = Path.Combine (app_physical_dir, local_page); + if (SecurityManager.SecurityEnabled && (path != null) && (path.Length > 0)) { + new FileIOPermission (FileIOPermissionAccess.PathDiscovery, path).Demand (); + } + return path; } public override string GetHttpVerbName () |