From f11599f95fae0c0f4ea2e97ff94d331b2cd35fbc Mon Sep 17 00:00:00 2001
From: hartvig <unknown@kiln.example.com>
Date: Tue, 24 Apr 2012 11:10:30 -0200
Subject: [PATCH] Validates user control directory in assembly browser

---
 .../umbraco/developer/Macros/assemblyBrowser.aspx.cs           | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/umbraco/presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs b/umbraco/presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
index 7e1fd772c6..a89d6eee49 100644
--- a/umbraco/presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
+++ b/umbraco/presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
@@ -41,6 +41,9 @@ namespace umbraco.developer
                     isUserControl = true;
                     string fileName = Request.QueryString["fileName"];
 
+                    IOHelper.ValidateEditPath(fileName, SystemDirectories.Usercontrols);
+
+
                     if (System.IO.File.Exists(IOHelper.MapPath("~/" + fileName)))
                     {
                         UserControl oControl = (UserControl)LoadControl(@"~/" + fileName);