private static bool IsPathWithinAppRoot(HttpContext context, string path)
{
Uri uri;
if (!Uri.TryCreate(path, UriKind.Absolute, out uri))
{
return(HttpRuntime.IsPathWithinAppRoot(path));
}
if (!uri.IsLoopback && !string.Equals(context.Request.Url.Host, uri.Host, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
return(HttpRuntime.IsPathWithinAppRoot(uri.AbsolutePath));
}
public override void Initialize(string name, NameValueCollection config)
{
Debug.Trace("TemplatedMailWebEventProvider", "Initializing: name=" + name);
ProviderUtil.GetAndRemoveStringAttribute(config, "template", name, ref _templateUrl);
if (_templateUrl == null)
{
throw new ConfigurationErrorsException(SR.GetString(SR.Provider_missing_attribute, "template", name));
}
_templateUrl = _templateUrl.Trim();
if (_templateUrl.Length == 0)
{
throw new ConfigurationErrorsException(SR.GetString(SR.Invalid_provider_attribute, "template", name, _templateUrl));
}
if (!UrlPath.IsRelativeUrl(_templateUrl))
{
throw new ConfigurationErrorsException(SR.GetString(SR.Invalid_mail_template_provider_attribute,
"template", name, _templateUrl));
}
_templateUrl = UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, _templateUrl);
// VSWhidbey 440081: Guard against templates outside the AppDomain path
if (!HttpRuntime.IsPathWithinAppRoot(_templateUrl))
{
throw new ConfigurationErrorsException(SR.GetString(SR.Invalid_mail_template_provider_attribute,
"template", name, _templateUrl));
}
ProviderUtil.GetAndRemoveBooleanAttribute(config, "detailedTemplateErrors", name, ref _detailedTemplateErrors);
base.Initialize(name, config);
}
public override void Initialize(string name, NameValueCollection config)
{
ProviderUtil.GetAndRemoveStringAttribute(config, "template", name, ref this._templateUrl);
if (this._templateUrl == null)
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Provider_missing_attribute", new object[] { "template", name }));
}
this._templateUrl = this._templateUrl.Trim();
if (this._templateUrl.Length == 0)
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_provider_attribute", new object[] { "template", name, this._templateUrl }));
}
if (!System.Web.Util.UrlPath.IsRelativeUrl(this._templateUrl))
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_mail_template_provider_attribute", new object[] { "template", name, this._templateUrl }));
}
this._templateUrl = System.Web.Util.UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, this._templateUrl);
if (!HttpRuntime.IsPathWithinAppRoot(this._templateUrl))
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_mail_template_provider_attribute", new object[] { "template", name, this._templateUrl }));
}
ProviderUtil.GetAndRemoveBooleanAttribute(config, "detailedTemplateErrors", name, ref this._detailedTemplateErrors);
base.Initialize(name, config);
}