/// <summary> /// Creates <see cref="IHierarchyItemAsync"/> instance by path. /// </summary> /// <param name="path">Item relative path including query string.</param> /// <returns>Instance of corresponding <see cref="IHierarchyItemAsync"/> or null if item is not found.</returns> public override async Task <IHierarchyItemAsync> GetHierarchyItemAsync(string path) { path = path.Trim(new[] { ' ', '/' }); //remove query string. int ind = path.IndexOf('?'); if (ind > -1) { path = path.Remove(ind); } IHierarchyItemAsync item = null; // Return items from [DAVLocation]/acl/ folder and subfolders. item = await AclFactory.GetAclItemAsync(this, path); if (item != null) { return(item); } // Return items from [DAVLocation]/addressbooks/ folder and subfolders. item = CardDavFactory.GetCardDavItem(this, path); if (item != null) { return(item); } // Return folder that corresponds to [DAVLocation] path. If no DavLocation is defined in config file this is a website root. item = DavLocationFolder.GetDavLocationFolder(this, path); if (item != null) { return(item); } item = await DavFolder.GetFolderAsync(this, path); if (item != null) { return(item); } item = await DavFile.GetFileAsync(this, path); if (item != null) { return(item); } Logger.LogDebug("Could not find item that corresponds to path: " + path); return(null); // no hierarchy item that corresponds to path parameter was found in the repository }
/// <summary> /// Returns file that corresponds to path. /// </summary> /// <param name="context">WebDAV Context.</param> /// <param name="path">Encoded path relative to WebDAV root folder.</param> /// <returns>File instance or null if physical file is not found in file system.</returns> public static async Task <DavFile> GetFileAsync(DavContext context, string path) { string filePath = context.MapPath(path); FileInfo file = new FileInfo(filePath); // This code blocks vulnerability when "%20" folder can be injected into path and file.Exists returns 'true'. if (!file.Exists || string.Compare(file.FullName.TrimEnd(System.IO.Path.DirectorySeparatorChar), filePath, StringComparison.OrdinalIgnoreCase) != 0) { return(null); } DavFile davFile = new DavFile(file, context, path); davFile.serialNumber = await file.GetExtendedAttributeAsync <int?>("SerialNumber") ?? 0; return(davFile); }