From 91ff702cf20ed2af2f420d31b60dadf6071976b1 Mon Sep 17 00:00:00 2001 From: Stephan Date: Wed, 6 Feb 2013 13:25:27 -0100 Subject: [PATCH] Core.IO - add 'verify' methods to complement 'validate' methods --- src/Umbraco.Core/IO/IOHelper.cs | 73 ++++++++++++++++++++++----- src/Umbraco.Core/Models/Script.cs | 4 +- src/Umbraco.Core/Models/Stylesheet.cs | 4 +- src/Umbraco.Core/Models/Template.cs | 4 +- 4 files changed, 66 insertions(+), 19 deletions(-) diff --git a/src/Umbraco.Core/IO/IOHelper.cs b/src/Umbraco.Core/IO/IOHelper.cs index f3b2536cc1..adaf4280e2 100644 --- a/src/Umbraco.Core/IO/IOHelper.cs +++ b/src/Umbraco.Core/IO/IOHelper.cs @@ -136,25 +136,42 @@ namespace Umbraco.Core.IO } /// - /// Validates if the current filepath matches a directory where the user is allowed to edit a file + /// Verifies that the current filepath matches a directory where the user is allowed to edit a file. /// - /// filepath - /// - /// true if valid, throws a FileSecurityException if not - internal static bool ValidateEditPath(string filePath, string validDir) + /// The filepath to validate. + /// The valid directory. + /// A value indicating whether the filepath is valid. + internal static bool VerifyEditPath(string filePath, string validDir) { if (!filePath.StartsWith(MapPath(SystemDirectories.Root))) filePath = MapPath(filePath); if (!validDir.StartsWith(MapPath(SystemDirectories.Root))) validDir = MapPath(validDir); - if (!filePath.StartsWith(validDir)) - throw new FileSecurityException(String.Format("The filepath '{0}' is not within an allowed directory for this type of files", filePath.Replace(MapPath(SystemDirectories.Root), ""))); + return filePath.StartsWith(validDir); + } + /// + /// Validates that the current filepath matches a directory where the user is allowed to edit a file. + /// + /// The filepath to validate. + /// The valid directory. + /// True, if the filepath is valid, else an exception is thrown. + /// The filepath is invalid. + internal static bool ValidateEditPath(string filePath, string validDir) + { + if (!VerifyEditPath(filePath, validDir)) + throw new FileSecurityException(String.Format("The filepath '{0}' is not within an allowed directory for this type of files", filePath.Replace(MapPath(SystemDirectories.Root), ""))); return true; } - internal static bool ValidateEditPath(string filePath, IEnumerable validDirs) + /// + /// Verifies that the current filepath matches one of several directories where the user is allowed to edit a file. + /// + /// The filepath to validate. + /// The valid directories. + /// A value indicating whether the filepath is valid. + internal static bool VerifyEditPath(string filePath, IEnumerable validDirs) { foreach (var dir in validDirs) { @@ -168,19 +185,49 @@ namespace Umbraco.Core.IO return true; } - throw new FileSecurityException(String.Format("The filepath '{0}' is not within an allowed directory for this type of files", filePath.Replace(MapPath(SystemDirectories.Root), ""))); + return false; } - internal static bool ValidateFileExtension(string filePath, List validFileExtensions) + /// + /// Validates that the current filepath matches one of several directories where the user is allowed to edit a file. + /// + /// The filepath to validate. + /// The valid directories. + /// True, if the filepath is valid, else an exception is thrown. + /// The filepath is invalid. + internal static bool ValidateEditPath(string filePath, IEnumerable validDirs) + { + if (!VerifyEditPath(filePath, validDirs)) + throw new FileSecurityException(String.Format("The filepath '{0}' is not within an allowed directory for this type of files", filePath.Replace(MapPath(SystemDirectories.Root), ""))); + return true; + } + + /// + /// Verifies that the current filepath has one of several authorized extensions. + /// + /// The filepath to validate. + /// The valid extensions. + /// A value indicating whether the filepath is valid. + internal static bool VerifyFileExtension(string filePath, List validFileExtensions) { if (!filePath.StartsWith(MapPath(SystemDirectories.Root))) filePath = MapPath(filePath); var f = new FileInfo(filePath); + + return validFileExtensions.Contains(f.Extension.Substring(1)); + } - - if (!validFileExtensions.Contains(f.Extension.Substring(1))) + /// + /// Validates that the current filepath has one of several authorized extensions. + /// + /// The filepath to validate. + /// The valid extensions. + /// True, if the filepath is valid, else an exception is thrown. + /// The filepath is invalid. + internal static bool ValidateFileExtension(string filePath, List validFileExtensions) + { + if (!VerifyFileExtension(filePath, validFileExtensions)) throw new FileSecurityException(String.Format("The extension for the current file '{0}' is not of an allowed type for this editor. This is typically controlled from either the installed MacroEngines or based on configuration in /config/umbracoSettings.config", filePath.Replace(MapPath(SystemDirectories.Root), ""))); - return true; } diff --git a/src/Umbraco.Core/Models/Script.cs b/src/Umbraco.Core/Models/Script.cs index ddf7958fc1..56912a26ab 100644 --- a/src/Umbraco.Core/Models/Script.cs +++ b/src/Umbraco.Core/Models/Script.cs @@ -45,10 +45,10 @@ namespace Umbraco.Core.Models dirs += "," + SystemDirectories.MvcViews;*/ //Validate file - var validFile = IOHelper.ValidateEditPath(Path, dirs.Split(',')); + var validFile = IOHelper.VerifyEditPath(Path, dirs.Split(',')); //Validate extension - var validExtension = IOHelper.ValidateFileExtension(Path, exts); + var validExtension = IOHelper.VerifyFileExtension(Path, exts); return validFile && validExtension; } diff --git a/src/Umbraco.Core/Models/Stylesheet.cs b/src/Umbraco.Core/Models/Stylesheet.cs index 22cf5f405a..b4a5ad1ff8 100644 --- a/src/Umbraco.Core/Models/Stylesheet.cs +++ b/src/Umbraco.Core/Models/Stylesheet.cs @@ -119,10 +119,10 @@ namespace Umbraco.Core.Models var dirs = SystemDirectories.Css; //Validate file - var validFile = IOHelper.ValidateEditPath(Path, dirs.Split(',')); + var validFile = IOHelper.VerifyEditPath(Path, dirs.Split(',')); //Validate extension - var validExtension = IOHelper.ValidateFileExtension(Path, new List {"css"}); + var validExtension = IOHelper.VerifyFileExtension(Path, new List {"css"}); return validFile && validExtension; } diff --git a/src/Umbraco.Core/Models/Template.cs b/src/Umbraco.Core/Models/Template.cs index 9621ed5791..9d9d7f61c8 100644 --- a/src/Umbraco.Core/Models/Template.cs +++ b/src/Umbraco.Core/Models/Template.cs @@ -109,10 +109,10 @@ namespace Umbraco.Core.Models dirs += "," + SystemDirectories.MvcViews; //Validate file - var validFile = IOHelper.ValidateEditPath(Path, dirs.Split(',')); + var validFile = IOHelper.VerifyEditPath(Path, dirs.Split(',')); //Validate extension - var validExtension = IOHelper.ValidateFileExtension(Path, exts); + var validExtension = IOHelper.VerifyFileExtension(Path, exts); return validFile && validExtension; }