From 100f2c3bcd3461b7b6c41e8c654ae130d22cc6fa Mon Sep 17 00:00:00 2001 From: Mole Date: Mon, 3 Jun 2024 12:03:40 +0200 Subject: [PATCH] Add check to ensure that RenderControllers and SurfaceControllers are always routed through the UmbracoRouteValueTransforms (#16540) --- .../Routing/EagerMatcherPolicy.cs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/Umbraco.Web.Website/Routing/EagerMatcherPolicy.cs b/src/Umbraco.Web.Website/Routing/EagerMatcherPolicy.cs index 05290227b3..bb5cb52a4d 100644 --- a/src/Umbraco.Web.Website/Routing/EagerMatcherPolicy.cs +++ b/src/Umbraco.Web.Website/Routing/EagerMatcherPolicy.cs @@ -1,4 +1,5 @@ -using Microsoft.AspNetCore.Http; +using System.Reflection; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.Controllers; using Microsoft.AspNetCore.Routing; using Microsoft.AspNetCore.Routing.Matching; @@ -8,8 +9,8 @@ using Umbraco.Cms.Core.Configuration.Models; using Umbraco.Cms.Core.Routing; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Controllers; +using Umbraco.Cms.Web.Website.Controllers; using Umbraco.Extensions; -using HttpRequestExtensions = Umbraco.Extensions.HttpRequestExtensions; namespace Umbraco.Cms.Web.Website.Routing; @@ -104,6 +105,18 @@ internal class EagerMatcherPolicy : MatcherPolicy, IEndpointSelectorPolicy continue; } + // We have to ensure that none of the candidates is a render controller or surface controller + // Normally these shouldn't be statically routed, however some people do it. + // So we should probably be friendly and check for it. + // Do not add this to V14. + ControllerActionDescriptor? controllerDescriptor = routeEndpoint.Metadata.GetMetadata(); + TypeInfo? controllerTypeInfo = controllerDescriptor?.ControllerTypeInfo; + if (controllerTypeInfo is not null && + (controllerTypeInfo.IsType() || controllerTypeInfo.IsType())) + { + return; + } + if (routeEndpoint.Order < lowestOrder) { // We have to ensure that the route is valid for the current request method.