Skip to content

Commit

Permalink
Merge pull request #33 from sivakumars3442/master
Browse files Browse the repository at this point in the history 
Resolved the Download issue in physical provider
  • Loading branch information
@keerthanaRajendran
keerthanaRajendran authored Mar 4, 2024
2 parents 7d62fd3 + 6bb771c commit 4eda60c
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions Models/PhysicalFileProvider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1559,7 +1559,7 @@ public virtual FileStreamResult Download(string path, string[] names, params Fil
throw new UnauthorizedAccessException("'" + this.rootName + path + names[i] + "' is not accessible. Access is denied.");
}
fullPath = Path.Combine(contentRootPath + path, names[i]);
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[i])
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand All @@ -1579,7 +1579,7 @@ public virtual FileStreamResult Download(string path, string[] names, params Fil
}
catch (Exception)
{
return null;
throw;
}
}

Expand All @@ -1594,7 +1594,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
if (names == null || names.Length == 0)
{
fullPath = (contentRootPath + path);
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[0])
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand All @@ -1605,7 +1605,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
else if (names.Length == 1)
{
fullPath = Path.Combine(contentRootPath + path, names[0]);
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[0])
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand All @@ -1628,7 +1628,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
for (int i = 0; i < names.Count(); i++)
{
fullPath = Path.Combine((contentRootPath + path), names[i]);
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[i])
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand All @@ -1639,7 +1639,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
using (archive = ZipFile.Open(tempPath, ZipArchiveMode.Update))
{
currentDirectory = Path.Combine((contentRootPath + path), names[i]);
if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + names[i])
if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + Path.GetFileName(currentDirectory))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand All @@ -1653,7 +1653,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
}
catch (Exception)
{
return null;
throw;
}
}
else
Expand All @@ -1669,7 +1669,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
}
catch (Exception)
{
return null;
throw;
}
}
if (File.Exists(tempPath))
Expand All @@ -1680,7 +1680,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu
}
catch (Exception)
{
return null;
throw;
}
}
protected FileStreamResult DownloadFolder(string path, string[] names, int count)
Expand All @@ -1702,7 +1702,7 @@ protected FileStreamResult DownloadFolder(string path, string[] names, int count
if (names.Length == 1)
{
fullPath = Path.Combine(contentRootPath + path, names[0]);
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[0])
if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand All @@ -1727,7 +1727,7 @@ protected FileStreamResult DownloadFolder(string path, string[] names, int count
for (int i = 0; i < names.Length; i++)
{
currentDirectory = Path.Combine((contentRootPath + path), names[i]);
if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + names[i])
if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + Path.GetFileName(currentDirectory))
{
throw new UnauthorizedAccessException("Access denied for Directory-traversal");
}
Expand Down Expand Up @@ -1785,7 +1785,7 @@ protected FileStreamResult DownloadFolder(string path, string[] names, int count
}
catch (Exception)
{
return null;
throw;
}
}

Expand Down

0 comments on commit 4eda60c

Please sign in to comment.