public static string Absolute(this UrlHelper url, string path)
{
UriBuilder builder = GetCanonicalUrl(url);
if (path.StartsWith("~/", StringComparison.OrdinalIgnoreCase))
{
path = UrlExtensions.MakeSecure(VirtualPathUtility.ToAbsolute(path, url.RequestContext.HttpContext.Request.ApplicationPath));
}
builder.Path = path;
return(UrlExtensions.MakeSecure(builder.Uri.AbsoluteUri));
}
internal async Task <ActionResult> CreateDownloadFileActionResult(
HttpContextBase httpContext,
string folderName,
string fileName)
{
var container = await GetContainerAsync(folderName);
var blob = container.GetBlobReference(fileName);
var redirectUri = UrlExtensions.MakeSecure(GetRedirectUri(httpContext.Request.Url, blob.Uri));
return(new RedirectResult(redirectUri.AbsoluteUri, false));
}
public virtual Task <ActionResult> GetNuGetExe()
{
return(NugetExeDownloaderService.CreateNuGetExeDownloadActionResultAsync(UrlExtensions.MakeSecure(HttpContext.Request.Url)));
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? string.Empty))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
// if version is non-null, check if it's semantically correct and normalize it.
if (!String.IsNullOrEmpty(version))
{
NuGetVersion dummy;
if (!NuGetVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
// Normalize the version
version = NuGetVersionFormatter.Normalize(version);
}
else
{
// If version is null, get the latest version from the database.
// This ensures that on package restore scenario where version will be non null, we don't hit the database.
try
{
var package = PackageService.FindPackageByIdAndVersion(
id,
version,
SemVerLevelKey.SemVer2,
allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
version = package.NormalizedVersion;
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
}
if (ConfigurationService.Features.TrackPackageDownloadCountInLocalDatabase)
{
await PackageService.IncrementDownloadCountAsync(id, version);
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
UrlExtensions.MakeSecure(HttpContext.Request.Url),
id, version));
}
public static string PackageDefaultIcon(this UrlHelper url)
{
return(UrlExtensions.MakeSecure(url.Home(relativeUrl: false).TrimEnd('/')
+ VirtualPathUtility.ToAbsolute("~/Content/Images/packageDefaultIcon-50x50.png", url.RequestContext.HttpContext.Request.ApplicationPath)));
}
public static string Package(this UrlHelper url, string id, bool relativeUrl = true)
{
return(UrlExtensions.MakeSecure(url.Package(id, version: null, relativeUrl: relativeUrl)));
}
