/// <summary>
/// Returns DavLocationFolder folder if path corresponds to [DavLocation].
/// </summary>
/// <param name="context">Instance of <see cref="DavContext"/></param>
/// <param name="path">Encoded path relative to WebDAV root.</param>
/// <returns>DavLocationFolder instance or null if physical folder not found in file system.</returns>
public static DavLocationFolder GetDavLocationFolder(DavContext context, string path)
{
string davPath = DavLocationFolderPath;
if (!path.Equals(davPath.Trim(new[] { '/' }), StringComparison.OrdinalIgnoreCase))
{
return(null);
}
string folderPath = context.MapPath(davPath).TrimEnd(System.IO.Path.DirectorySeparatorChar);
DirectoryInfo folder = new DirectoryInfo(folderPath);
if (!folder.Exists)
{
throw new Exception(string.Format("Can not find folder that corresponds to '{0}' ([DavLocation] folder) in file system.", davPath));
}
return(new DavLocationFolder(folder, context, davPath));
}
/// <summary>
/// Returns file that corresponds to path.
/// </summary>
/// <param name="context">WebDAV Context.</param>
/// <param name="path">Encoded path relative to WebDAV root folder.</param>
/// <returns>File instance or null if physical file is not found in file system.</returns>
public static async Task <DavFile> GetFileAsync(DavContext context, string path)
{
string filePath = context.MapPath(path);
FileInfo file = new FileInfo(filePath);
// This code blocks vulnerability when "%20" folder can be injected into path and file.Exists returns 'true'.
if (!file.Exists || string.Compare(file.FullName.TrimEnd(System.IO.Path.DirectorySeparatorChar), filePath, StringComparison.OrdinalIgnoreCase) != 0)
{
return(null);
}
DavFile davFile = new DavFile(file, context, path);
if (await file.HasExtendedAttributeAsync("SerialNumber"))
{
davFile.serialNumber = await file.GetExtendedAttributeAsync <int?>("SerialNumber") ?? 0;
}
return(davFile);
}
