From b76c53256965fd0bcb85a4f6672d1a89224e93ea Mon Sep 17 00:00:00 2001 From: Alexandr Fedorov Date: Fri, 5 Feb 2021 13:29:08 +0300 Subject: [PATCH] csharp-mvc: check filename from url --- .../csharp-mvc/Controllers/HomeController.cs | 3 ++- .../csharp-mvc/Helpers/DocManagerHelper.cs | 2 +- .../csharp-mvc/WebEditor.ashx.cs | 10 +++++----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/web/documentserver-example/csharp-mvc/Controllers/HomeController.cs b/web/documentserver-example/csharp-mvc/Controllers/HomeController.cs index c3d49943..4d8998a2 100644 --- a/web/documentserver-example/csharp-mvc/Controllers/HomeController.cs +++ b/web/documentserver-example/csharp-mvc/Controllers/HomeController.cs @@ -16,6 +16,7 @@ * */ +using System.IO; using System.Web.Mvc; using OnlineEditorsExampleMVC.Helpers; using OnlineEditorsExampleMVC.Models; @@ -35,7 +36,7 @@ namespace OnlineEditorsExampleMVC.Controllers { Mode = editorsMode, Type = editorsType, - FileName = fileName + FileName = Path.GetFileName(fileName) }; return View("Editor", file); diff --git a/web/documentserver-example/csharp-mvc/Helpers/DocManagerHelper.cs b/web/documentserver-example/csharp-mvc/Helpers/DocManagerHelper.cs index ad42e4a0..a4b6e0cb 100644 --- a/web/documentserver-example/csharp-mvc/Helpers/DocManagerHelper.cs +++ b/web/documentserver-example/csharp-mvc/Helpers/DocManagerHelper.cs @@ -72,7 +72,7 @@ namespace OnlineEditorsExampleMVC.Helpers { Directory.CreateDirectory(directory); } - return directory + fileName; + return directory + Path.GetFileName(fileName); } public static string HistoryDir(string storagePath) diff --git a/web/documentserver-example/csharp-mvc/WebEditor.ashx.cs b/web/documentserver-example/csharp-mvc/WebEditor.ashx.cs index e22d6b1f..e6547b82 100644 --- a/web/documentserver-example/csharp-mvc/WebEditor.ashx.cs +++ b/web/documentserver-example/csharp-mvc/WebEditor.ashx.cs @@ -111,7 +111,7 @@ namespace OnlineEditorsExampleMVC context.Response.ContentType = "text/plain"; try { - var fileName = context.Request["filename"]; + var fileName = Path.GetFileName(context.Request["filename"]); var fileUri = DocManagerHelper.GetFileUri(fileName, true); var extension = (Path.GetExtension(fileUri) ?? "").Trim('.'); @@ -175,7 +175,7 @@ namespace OnlineEditorsExampleMVC private static void Track(HttpContext context) { var userAddress = context.Request["userAddress"]; - var fileName = context.Request["fileName"]; + var fileName = Path.GetFileName(context.Request["fileName"]); string body; try @@ -275,7 +275,7 @@ namespace OnlineEditorsExampleMVC context.Response.ContentType = "text/plain"; try { - var fileName = context.Request["fileName"]; + var fileName = Path.GetFileName(context.Request["fileName"]); Remove(fileName); context.Response.Write("{ \"success\": true }"); @@ -331,7 +331,7 @@ namespace OnlineEditorsExampleMVC private static void Download(HttpContext context) { - var fileName = "sample/" + context.Request["filename"]; + var fileName = "sample/" + Path.GetFileName(context.Request["filename"]); download(fileName, context); } @@ -347,7 +347,7 @@ namespace OnlineEditorsExampleMVC var fileinf = new FileInfo(csvPath); context.Response.AddHeader("Content-Length", fileinf.Length.ToString()); context.Response.AddHeader("Content-Type", MimeMapping.GetMimeMapping(csvPath)); - var tmp = HttpUtility.UrlEncode(csvPath); + var tmp = HttpUtility.UrlEncode(Path.GetFileName(csvPath)); tmp = tmp.Replace("+", "%20"); context.Response.AddHeader("Content-Disposition", "attachment; filename*=UTF-8\'\'" + tmp); context.Response.TransmitFile(csvPath);