Merge pull request #3986 from sbwalker/dev

fix #3984 - error when file path not specified
2024-03-13 14:54:43 -07:00
parent bcad5eda81 5a2b9b60e6
commit 540283970a
2 changed files with 75 additions and 64 deletions
--- a/Oqtane.Server/Pages/Files.cshtml.cs
+++ b/Oqtane.Server/Pages/Files.cshtml.cs
@ -41,6 +41,8 @@ namespace Oqtane.Pages
        }

        public IActionResult OnGet(string path)
+        {
+            if (!string.IsNullOrEmpty(path))
            {
                path = path.Replace("\\", "/");
                var folderpath = "";
@ -115,7 +117,7 @@ namespace Oqtane.Pages
                    }
                    else
                    {
-                    _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt {SiteId} {Path}", _alias.SiteId, path);
+                        _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt For Site {SiteId} And Path {Path}", _alias.SiteId, path);
                        HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                    }
                }
@ -134,6 +136,12 @@ namespace Oqtane.Pages
                        return RedirectPermanent(url);
                    }
                }
+            }
+            else
+            {
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt - Path Not Specified For Site {SiteId}", _alias.SiteId);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+            }

            // broken link
            string errorPath = Path.Combine(Utilities.PathCombine(_environment.ContentRootPath, "wwwroot/images"), "error.png");
--- a/Oqtane.Shared/Shared/Utilities.cs
+++ b/Oqtane.Shared/Shared/Utilities.cs
@ -28,11 +28,14 @@ namespace Oqtane.Shared
            // Id=1 Id=1#5 reload#5 reload
            // #5

-            if (!url.StartsWith("/")) // paths always start with "/"
+            if (!url.Contains("://"))
            {
-                url = ((!url.StartsWith("#")) ? "/?" : "/") + url;
+                if (!url.StartsWith("/")) // urlparameters always start with "/"
+                {
+                    url = ((!url.StartsWith("#")) ? "?" : "/") + url;
+                }
+                url = Constants.PackageRegistryUrl + url; // create absolute url
            }
-            url = ((!url.Contains("://")) ? Constants.PackageRegistryUrl : "") + url;

            var uri = new Uri(url);
            var querystring = uri.Query.Replace("?", "");
@ -50,7 +53,7 @@ namespace Oqtane.Shared

        public static (string Path, string Parameters) ParsePath(string url)
        {
-            url = (!url.StartsWith("/") ? "/" : "") + url;
+            url = ((!url.StartsWith("/") && !url.Contains("://")) ? "/" : "") + url;

            (string path, string querystring, string fragment) = ParseParameters(url);