protected ProxyWebPart(WebPart webPart) { if (webPart == null) { throw new ArgumentNullException("webPart"); } GenericWebPart genericWebPart = webPart as GenericWebPart; if (genericWebPart != null) { Control childControl = genericWebPart.ChildControl; if (childControl == null) { throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNull, "ChildControl"), "webPart"); } _originalID = childControl.ID; if (String.IsNullOrEmpty(_originalID)) { throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNullOrEmptyString, "ChildControl.ID"), "webPart"); } Type originalType; UserControl childUserControl = childControl as UserControl; if (childUserControl != null) { originalType = typeof(UserControl); _originalPath = childUserControl.AppRelativeVirtualPath; } else { originalType = childControl.GetType(); } _originalTypeName = WebPartUtil.SerializeType(originalType); _genericWebPartID = genericWebPart.ID; if (String.IsNullOrEmpty(_genericWebPartID)) { throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNullOrEmptyString, "ID"), "webPart"); } ID = _genericWebPartID; } else { _originalID = webPart.ID; if (String.IsNullOrEmpty(_originalID)) { throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNullOrEmptyString, "ID"), "webPart"); } _originalTypeName = WebPartUtil.SerializeType(webPart.GetType()); ID = _originalID; } }
protected ProxyWebPart(WebPart webPart) { if (webPart == null) { throw new ArgumentNullException("webPart"); } GenericWebPart part = webPart as GenericWebPart; if (part != null) { Type type; Control childControl = part.ChildControl; if (childControl == null) { throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNull", new object[] { "ChildControl" }), "webPart"); } this._originalID = childControl.ID; if (string.IsNullOrEmpty(this._originalID)) { throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNullOrEmptyString", new object[] { "ChildControl.ID" }), "webPart"); } UserControl control2 = childControl as UserControl; if (control2 != null) { type = typeof(UserControl); this._originalPath = control2.AppRelativeVirtualPath; } else { type = childControl.GetType(); } this._originalTypeName = WebPartUtil.SerializeType(type); this._genericWebPartID = part.ID; if (string.IsNullOrEmpty(this._genericWebPartID)) { throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNullOrEmptyString", new object[] { "ID" }), "webPart"); } this.ID = this._genericWebPartID; } else { this._originalID = webPart.ID; if (string.IsNullOrEmpty(this._originalID)) { throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNullOrEmptyString", new object[] { "ID" }), "webPart"); } this._originalTypeName = WebPartUtil.SerializeType(webPart.GetType()); this.ID = this._originalID; } }
static ProviderConnectionPoint() { ConstructorInfo constructor = typeof(ProviderConnectionPoint).GetConstructors()[0]; ConstructorTypes = WebPartUtil.GetTypesForConstructor(constructor); }
public object CreateObjectFromType(Type type) { return(WebPartUtil.CreateObjectFromType(type)); }
private void CreateAvailableWebPartDescriptions() { if (_availableWebPartDescriptions != null) { return; } if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) { _availableWebPartDescriptions = new WebPartDescriptionCollection(); return; } // Run in minimal trust PermissionSet pset = new PermissionSet(PermissionState.None); // add in whatever perms are appropriate pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); pset.PermitOnly(); bool permitOnly = true; string title = null; string description = null; string icon = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { // Get the WebPart description from its saved XML description. using (StringReader sr = new StringReader(_importedPartDescription)) { using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) { if (reader != null) { reader.MoveToContent(); // Check if imported part is authorized // Get to the metadata reader.MoveToContent(); reader.ReadStartElement(WebPartManager.ExportRootElement); reader.ReadStartElement(WebPartManager.ExportPartElement); reader.ReadStartElement(WebPartManager.ExportMetaDataElement); // Get the type name string partTypeName = null; string userControlTypeName = null; while (reader.Name != WebPartManager.ExportTypeElement) { reader.Skip(); if (reader.EOF) { throw new EndOfStreamException(); } } if (reader.Name == WebPartManager.ExportTypeElement) { partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute); userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute); } // If we are in shared scope, we are importing a shared WebPart bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared); if (!String.IsNullOrEmpty(partTypeName)) { // Need medium trust to call BuildManager.GetType() PermissionSet mediumPset = new PermissionSet(PermissionState.None); mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; mediumPset.PermitOnly(); permitOnly = true; Type partType = WebPartUtil.DeserializeType(partTypeName, true); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; pset.PermitOnly(); permitOnly = true; // First check if the type is authorized if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } // If the type is not a webpart, create a generic Web Part if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) { // We only allow for Controls (VSWhidbey 428511) _importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl); return; } } else { // Check if the path is authorized if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } } while (!reader.EOF) { while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element && reader.Name == WebPartManager.ExportPropertyElement)) { reader.Read(); } if (reader.EOF) { break; } string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute); if (name == TitlePropertyName) { title = reader.ReadElementString(); } else if (name == DescriptionPropertyName) { description = reader.ReadElementString(); } else if (name == IconPropertyName) { string url = reader.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) { icon = url; } } else { reader.Read(); continue; } if (title != null && description != null && icon != null) { break; } reader.Read(); } } } if (String.IsNullOrEmpty(title)) { title = SR.GetString(SR.Part_Untitled); } _availableWebPartDescriptions = new WebPartDescriptionCollection( new WebPartDescription[] { new WebPartDescription(ImportedWebPartID, title, description, icon) }); } } catch (XmlException) { _importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat); return; } catch { _importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ? _importErrorMessage : SR.GetString(SR.WebPart_DefaultImportErrorMessage); return; } finally { if (permitOnly) { // revert if you're not just exiting the stack frame anyway CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } }
private void CreateAvailableWebPartDescriptions() { if (this._availableWebPartDescriptions == null) { if ((base.WebPartManager == null) || string.IsNullOrEmpty(this._importedPartDescription)) { this._availableWebPartDescriptions = new WebPartDescriptionCollection(); } else { PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); set.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); set.PermitOnly(); bool flag = true; string str = null; string description = null; string imageUrl = null; try { try { using (StringReader reader = new StringReader(this._importedPartDescription)) { using (XmlTextReader reader2 = new XmlTextReader(reader)) { if (reader2 == null) { goto Label_02F7; } reader2.MoveToContent(); reader2.MoveToContent(); reader2.ReadStartElement("webParts"); reader2.ReadStartElement("webPart"); reader2.ReadStartElement("metaData"); string str4 = null; string path = null; while (reader2.Name != "type") { reader2.Skip(); if (reader2.EOF) { throw new EndOfStreamException(); } } if (reader2.Name == "type") { str4 = reader2.GetAttribute("name"); path = reader2.GetAttribute("src"); } bool isShared = base.WebPartManager.Personalization.Scope == PersonalizationScope.Shared; if (!string.IsNullOrEmpty(str4)) { PermissionSet set2 = new PermissionSet(PermissionState.None); set2.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); set2.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); flag = false; set2.PermitOnly(); flag = true; Type type = WebPartUtil.DeserializeType(str4, true); CodeAccessPermission.RevertPermitOnly(); flag = false; set.PermitOnly(); flag = true; if (!base.WebPartManager.IsAuthorized(type, null, null, isShared)) { this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType"); } else { if (type.IsSubclassOf(typeof(WebPart)) || type.IsSubclassOf(typeof(Control))) { goto Label_02DD; } this._importErrorMessage = System.Web.SR.GetString("WebPartManager_TypeMustDeriveFromControl"); } } else { if (base.WebPartManager.IsAuthorized(typeof(UserControl), path, null, isShared)) { goto Label_02DD; } this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType"); } return; Label_021E: reader2.Read(); Label_0226: if (!reader2.EOF && ((reader2.NodeType != XmlNodeType.Element) || !(reader2.Name == "property"))) { goto Label_021E; } if (reader2.EOF) { goto Label_02F7; } string attribute = reader2.GetAttribute("name"); if (attribute == "Title") { str = reader2.ReadElementString(); } else if (attribute == "Description") { description = reader2.ReadElementString(); } else if (attribute == "CatalogIconImageUrl") { string s = reader2.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(s)) { imageUrl = s; } } else { reader2.Read(); goto Label_02DD; } if (((str != null) && (description != null)) && (imageUrl != null)) { goto Label_02F7; } reader2.Read(); Label_02DD: if (!reader2.EOF) { goto Label_0226; } } Label_02F7: if (string.IsNullOrEmpty(str)) { str = System.Web.SR.GetString("Part_Untitled"); } this._availableWebPartDescriptions = new WebPartDescriptionCollection(new WebPartDescription[] { new WebPartDescription("ImportedWebPart", str, description, imageUrl) }); } } catch (XmlException) { this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ImportInvalidFormat"); } catch { this._importErrorMessage = !string.IsNullOrEmpty(this._importErrorMessage) ? this._importErrorMessage : System.Web.SR.GetString("WebPart_DefaultImportErrorMessage"); } finally { if (flag) { CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } } } }