Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix #3984 - error when file path not specified

Browse Source
This commit is contained in:
sbwalker
2024-03-13 17:54:25 -04:00
parent bcad5eda81
commit 5a2b9b60e6
2 changed files with 75 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
Oqtane.Server/Pages/Files.cshtml.cs
View File

@ -42,97 +42,105 @@ namespace Oqtane.Pages
public IActionResult OnGet(string path) public IActionResult OnGet(string path)
{ {
path = path.Replace("\\", "/"); if (!string.IsNullOrEmpty(path))
var folderpath = "";
var filename = "";
bool download = false;
if (Request.Query.ContainsKey("download"))
{ {
download = true; path = path.Replace("\\", "/");
} var folderpath = "";
var filename = "";
var segments = path.Split('/'); bool download = false;
if (segments.Length > 0) if (Request.Query.ContainsKey("download"))
{
filename = segments[segments.Length - 1].ToLower();
if (segments.Length > 1)
{ {
folderpath = string.Join("/", segments, 0, segments.Length - 1).ToLower() + "/"; download = true;
} }
}
Models.File file; var segments = path.Split('/');
if (folderpath == "id/" && int.TryParse(filename, out int fileid)) if (segments.Length > 0)
{
file = _files.GetFile(fileid, false);
}
else
{
file = _files.GetFile(_alias.SiteId, folderpath, filename);
}
if (file != null)
{
if (file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList))
{ {
// calculate ETag using last modified date and file size filename = segments[segments.Length - 1].ToLower();
var etag = Convert.ToString(file.ModifiedOn.Ticks ^ file.Size, 16); if (segments.Length > 1)
var header = "";
if (HttpContext.Request.Headers.ContainsKey(HeaderNames.IfNoneMatch))
{ {
header = HttpContext.Request.Headers[HeaderNames.IfNoneMatch].ToString(); folderpath = string.Join("/", segments, 0, segments.Length - 1).ToLower() + "/";
} }
}
if (!header.Equals(etag)) Models.File file;
if (folderpath == "id/" && int.TryParse(filename, out int fileid))
{
file = _files.GetFile(fileid, false);
}
else
{
file = _files.GetFile(_alias.SiteId, folderpath, filename);
}
if (file != null)
{
if (file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList))
{ {
var filepath = _files.GetFilePath(file); // calculate ETag using last modified date and file size
if (System.IO.File.Exists(filepath)) var etag = Convert.ToString(file.ModifiedOn.Ticks ^ file.Size, 16);
var header = "";
if (HttpContext.Request.Headers.ContainsKey(HeaderNames.IfNoneMatch))
{ {
if (download) header = HttpContext.Request.Headers[HeaderNames.IfNoneMatch].ToString();
}
if (!header.Equals(etag))
{
var filepath = _files.GetFilePath(file);
if (System.IO.File.Exists(filepath))
{ {
_syncManager.AddSyncEvent(_alias, EntityNames.File, file.FileId, "Download"); if (download)
return PhysicalFile(filepath, file.GetMimeType(), file.Name); {
_syncManager.AddSyncEvent(_alias, EntityNames.File, file.FileId, "Download");
return PhysicalFile(filepath, file.GetMimeType(), file.Name);
}
else
{
HttpContext.Response.Headers.Append(HeaderNames.ETag, etag);
return PhysicalFile(filepath, file.GetMimeType());
}
} }
else else
{ {
HttpContext.Response.Headers.Append(HeaderNames.ETag, etag); _logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {FilePath}", filepath);
return PhysicalFile(filepath, file.GetMimeType()); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
} }
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {FilePath}", filepath); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotModified;
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; return Content(String.Empty);
} }
} }
else else
{ {
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotModified; _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt For Site {SiteId} And Path {Path}", _alias.SiteId, path);
return Content(String.Empty); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt {SiteId} {Path}", _alias.SiteId, path); // look for url mapping
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; var urlMapping = _urlMappings.GetUrlMapping(_alias.SiteId, "files/" + folderpath + filename);
if (urlMapping != null && !string.IsNullOrEmpty(urlMapping.MappedUrl))
{
var url = urlMapping.MappedUrl;
if (!url.StartsWith("http"))
{
var uri = new Uri(HttpContext.Request.GetEncodedUrl());
url = uri.Scheme + "://" + uri.Authority + ((!string.IsNullOrEmpty(_alias.Path)) ? "/" + _alias.Path : "") + "/" + url;
}
return RedirectPermanent(url);
}
} }
} }
else else
{ {
// look for url mapping _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt - Path Not Specified For Site {SiteId}", _alias.SiteId);
var urlMapping = _urlMappings.GetUrlMapping(_alias.SiteId, "files/" + folderpath + filename); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
if (urlMapping != null && !string.IsNullOrEmpty(urlMapping.MappedUrl))
{
var url = urlMapping.MappedUrl;
if (!url.StartsWith("http"))
{
var uri = new Uri(HttpContext.Request.GetEncodedUrl());
url = uri.Scheme + "://" + uri.Authority + ((!string.IsNullOrEmpty(_alias.Path)) ? "/" + _alias.Path : "") + "/" + url;
}
return RedirectPermanent(url);
}
} }
// broken link // broken link

11
Oqtane.Shared/Shared/Utilities.cs
View File

@ -28,11 +28,14 @@ namespace Oqtane.Shared
// Id=1 Id=1#5 reload#5 reload // Id=1 Id=1#5 reload#5 reload
// #5 // #5
if (!url.StartsWith("/")) // paths always start with "/" if (!url.Contains("://"))
{ {
url = ((!url.StartsWith("#")) ? "/?" : "/") + url; if (!url.StartsWith("/")) // urlparameters always start with "/"
{
url = ((!url.StartsWith("#")) ? "?" : "/") + url;
}
url = Constants.PackageRegistryUrl + url; // create absolute url
} }
url = ((!url.Contains("://")) ? Constants.PackageRegistryUrl : "") + url;
var uri = new Uri(url); var uri = new Uri(url);
var querystring = uri.Query.Replace("?", ""); var querystring = uri.Query.Replace("?", "");
@ -50,7 +53,7 @@ namespace Oqtane.Shared
public static (string Path, string Parameters) ParsePath(string url) public static (string Path, string Parameters) ParsePath(string url)
{ {
url = (!url.StartsWith("/") ? "/" : "") + url; url = ((!url.StartsWith("/") && !url.Contains("://")) ? "/" : "") + url;
(string path, string querystring, string fragment) = ParseParameters(url); (string path, string querystring, string fragment) = ParseParameters(url);