Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix #3984 - error when file path not specified

Browse Source
This commit is contained in:
sbwalker
2024-03-13 17:54:25 -04:00
parent bcad5eda81
commit 5a2b9b60e6
2 changed files with 75 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Oqtane.Server/Pages/Files.cshtml.cs
View File

@ -41,6 +41,8 @@ namespace Oqtane.Pages
} }
public IActionResult OnGet(string path) public IActionResult OnGet(string path)
{
if (!string.IsNullOrEmpty(path))
{ {
path = path.Replace("\\", "/"); path = path.Replace("\\", "/");
var folderpath = ""; var folderpath = "";
@ -115,7 +117,7 @@ namespace Oqtane.Pages
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt {SiteId} {Path}", _alias.SiteId, path); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt For Site {SiteId} And Path {Path}", _alias.SiteId, path);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
} }
@ -134,6 +136,12 @@ namespace Oqtane.Pages
return RedirectPermanent(url); return RedirectPermanent(url);
} }
} }
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt - Path Not Specified For Site {SiteId}", _alias.SiteId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
// broken link // broken link
string errorPath = Path.Combine(Utilities.PathCombine(_environment.ContentRootPath, "wwwroot/images"), "error.png"); string errorPath = Path.Combine(Utilities.PathCombine(_environment.ContentRootPath, "wwwroot/images"), "error.png");

11
Oqtane.Shared/Shared/Utilities.cs
View File

@ -28,11 +28,14 @@ namespace Oqtane.Shared
// Id=1 Id=1#5 reload#5 reload // Id=1 Id=1#5 reload#5 reload
// #5 // #5
if (!url.StartsWith("/")) // paths always start with "/" if (!url.Contains("://"))
{ {
url = ((!url.StartsWith("#")) ? "/?" : "/") + url; if (!url.StartsWith("/")) // urlparameters always start with "/"
{
url = ((!url.StartsWith("#")) ? "?" : "/") + url;
}
url = Constants.PackageRegistryUrl + url; // create absolute url
} }
url = ((!url.Contains("://")) ? Constants.PackageRegistryUrl : "") + url;
var uri = new Uri(url); var uri = new Uri(url);
var querystring = uri.Query.Replace("?", ""); var querystring = uri.Query.Replace("?", "");
@ -50,7 +53,7 @@ namespace Oqtane.Shared
public static (string Path, string Parameters) ParsePath(string url) public static (string Path, string Parameters) ParsePath(string url)
{ {
url = (!url.StartsWith("/") ? "/" : "") + url; url = ((!url.StartsWith("/") && !url.Contains("://")) ? "/" : "") + url;
(string path, string querystring, string fragment) = ParseParameters(url); (string path, string querystring, string fragment) = ParseParameters(url);