From 6bb771cebbe98da524c6a425fb0ea8f4a11d12ab Mon Sep 17 00:00:00 2001 From: sivakumar <93644655+sivakumars3442@users.noreply.github.com> Date: Sun, 3 Mar 2024 18:07:47 +0530 Subject: [PATCH] Resolved the Download issue in physical provider --- Models/PhysicalFileProvider.cs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Models/PhysicalFileProvider.cs b/Models/PhysicalFileProvider.cs index af317a8..8219199 100644 --- a/Models/PhysicalFileProvider.cs +++ b/Models/PhysicalFileProvider.cs @@ -1559,7 +1559,7 @@ public virtual FileStreamResult Download(string path, string[] names, params Fil throw new UnauthorizedAccessException("'" + this.rootName + path + names[i] + "' is not accessible. Access is denied."); } fullPath = Path.Combine(contentRootPath + path, names[i]); - if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[i]) + if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1579,7 +1579,7 @@ public virtual FileStreamResult Download(string path, string[] names, params Fil } catch (Exception) { - return null; + throw; } } @@ -1594,7 +1594,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu if (names == null || names.Length == 0) { fullPath = (contentRootPath + path); - if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[0]) + if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1605,7 +1605,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu else if (names.Length == 1) { fullPath = Path.Combine(contentRootPath + path, names[0]); - if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[0]) + if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1628,7 +1628,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu for (int i = 0; i < names.Count(); i++) { fullPath = Path.Combine((contentRootPath + path), names[i]); - if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[i]) + if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1639,7 +1639,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu using (archive = ZipFile.Open(tempPath, ZipArchiveMode.Update)) { currentDirectory = Path.Combine((contentRootPath + path), names[i]); - if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + names[i]) + if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + Path.GetFileName(currentDirectory)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1653,7 +1653,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu } catch (Exception) { - return null; + throw; } } else @@ -1669,7 +1669,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu } catch (Exception) { - return null; + throw; } } if (File.Exists(tempPath)) @@ -1680,7 +1680,7 @@ protected virtual FileStreamResult DownloadFile(string path, string[] names = nu } catch (Exception) { - return null; + throw; } } protected FileStreamResult DownloadFolder(string path, string[] names, int count) @@ -1702,7 +1702,7 @@ protected FileStreamResult DownloadFolder(string path, string[] names, int count if (names.Length == 1) { fullPath = Path.Combine(contentRootPath + path, names[0]); - if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + names[0]) + if (Path.GetFullPath(fullPath) != GetFilePath(fullPath) + Path.GetFileName(fullPath)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1727,7 +1727,7 @@ protected FileStreamResult DownloadFolder(string path, string[] names, int count for (int i = 0; i < names.Length; i++) { currentDirectory = Path.Combine((contentRootPath + path), names[i]); - if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + names[i]) + if (Path.GetFullPath(currentDirectory) != GetFilePath(currentDirectory) + Path.GetFileName(currentDirectory)) { throw new UnauthorizedAccessException("Access denied for Directory-traversal"); } @@ -1785,7 +1785,7 @@ protected FileStreamResult DownloadFolder(string path, string[] names, int count } catch (Exception) { - return null; + throw; } }