private void LoadAvailableWebParts() { ArrayList descriptions = new ArrayList(); if (this.WebPartsTemplate != null) { Control container = new NonParentingControl(); this.WebPartsTemplate.InstantiateIn(container); if (container.HasControls()) { Control[] array = new Control[container.Controls.Count]; container.Controls.CopyTo(array, 0); foreach (Control control2 in array) { this.AddControlToDescriptions(control2, descriptions); } } } string webPartsListUserControlPath = this.WebPartsListUserControlPath; if (!string.IsNullOrEmpty(webPartsListUserControlPath) && !base.DesignMode) { Control control3 = this.Page.LoadControl(webPartsListUserControlPath); if ((control3 != null) && control3.HasControls()) { Control[] controlArray2 = new Control[control3.Controls.Count]; control3.Controls.CopyTo(controlArray2, 0); foreach (Control control4 in controlArray2) { this.AddControlToDescriptions(control4, descriptions); } } } this._descriptions = new WebPartDescriptionCollection(descriptions); }
protected override void RenderVerbs(HtmlTextWriter writer) { int count = 0; bool originalAddVerbEnabled = false; CatalogPart selectedCatalogPart = SelectedCatalogPart; if (selectedCatalogPart != null) { WebPartDescriptionCollection availableWebParts = selectedCatalogPart.GetAvailableWebPartDescriptions(); count = ((availableWebParts != null) ? availableWebParts.Count : 0); } // If the current CatalogPart has no WebPartDescriptions, disable the AddVerb if (count == 0) { originalAddVerbEnabled = AddVerb.Enabled; AddVerb.Enabled = false; } try { RenderVerbsInternal(writer, new WebPartVerb[] { AddVerb, CloseVerb }); } finally { if (count == 0) { AddVerb.Enabled = originalAddVerbEnabled; } } }
public override WebPart GetWebPart(WebPartDescription description) { if (description == null) { throw new ArgumentNullException("description"); } WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions(); if (!webPartDescriptions.Contains(description)) { throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description"); } if (_availableWebPart != null) { return(_availableWebPart); } // Import the WebPart from its saved XML description. using (XmlReader reader = XmlUtils.CreateXmlReader(new StringReader(_importedPartDescription))) { if (reader != null && WebPartManager != null) { _availableWebPart = WebPartManager.ImportWebPart(reader, out _importErrorMessage); } } // If import failed, clear the cached description if (_availableWebPart == null) { _importedPartDescription = null; _availableWebPartDescriptions = null; } return(_availableWebPart); }
internal void OnUpload(object sender, EventArgs e) { string fileName = _upload.FileName; Stream contents = _upload.FileContent; if (!String.IsNullOrEmpty(fileName) && contents != null) { using (StreamReader sr = new StreamReader(contents, true)) { _importedPartDescription = sr.ReadToEnd(); // Clear cache _availableWebPart = null; _availableWebPartDescriptions = null; _importErrorMessage = null; if (String.IsNullOrEmpty(_importedPartDescription)) { _importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName); } else { GetAvailableWebPartDescriptions(); } } } else { _importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName); } }
protected override void RenderVerbs(HtmlTextWriter writer) { int num = 0; bool enabled = false; CatalogPart selectedCatalogPart = this.SelectedCatalogPart; if (selectedCatalogPart != null) { WebPartDescriptionCollection availableWebPartDescriptions = selectedCatalogPart.GetAvailableWebPartDescriptions(); num = (availableWebPartDescriptions != null) ? availableWebPartDescriptions.Count : 0; } if (num == 0) { enabled = this.AddVerb.Enabled; this.AddVerb.Enabled = false; } try { base.RenderVerbsInternal(writer, new WebPartVerb[] { this.AddVerb, this.CloseVerb }); } finally { if (num == 0) { this.AddVerb.Enabled = enabled; } } }
private void AddSelectedWebParts() { WebPartZoneBase zone = null; if (base.WebPartManager != null) { zone = base.WebPartManager.Zones[this._selectedZoneID]; } CatalogPart selectedCatalogPart = this.SelectedCatalogPart; WebPartDescriptionCollection availableWebPartDescriptions = null; if (selectedCatalogPart != null) { availableWebPartDescriptions = selectedCatalogPart.GetAvailableWebPartDescriptions(); } if (((zone != null) && zone.AllowLayoutChange) && ((this._selectedCheckBoxValues != null) && (availableWebPartDescriptions != null))) { ArrayList webParts = new ArrayList(); for (int i = 0; i < this._selectedCheckBoxValues.Length; i++) { string str = this._selectedCheckBoxValues[i]; WebPartDescription description = availableWebPartDescriptions[str]; if (description != null) { WebPart webPart = selectedCatalogPart.GetWebPart(description); if (webPart != null) { webParts.Add(webPart); } } } this.AddWebParts(webParts, zone); } }
internal void OnUpload(object sender, EventArgs e) { string fileName = this._upload.FileName; Stream fileContent = this._upload.FileContent; if (!string.IsNullOrEmpty(fileName) && (fileContent != null)) { using (StreamReader reader = new StreamReader(fileContent, true)) { this._importedPartDescription = reader.ReadToEnd(); this._availableWebPart = null; this._availableWebPartDescriptions = null; this._importErrorMessage = null; if (string.IsNullOrEmpty(this._importedPartDescription)) { this._importErrorMessage = System.Web.SR.GetString("ImportCatalogPart_NoFileName"); } else { this.GetAvailableWebPartDescriptions(); } return; } } this._importErrorMessage = System.Web.SR.GetString("ImportCatalogPart_NoFileName"); }
public override WebPart GetWebPart(WebPartDescription description) { if (description == null) { throw new ArgumentNullException("description"); } if (!this.GetAvailableWebPartDescriptions().Contains(description)) { throw new ArgumentException(System.Web.SR.GetString("CatalogPart_UnknownDescription"), "description"); } if (this._availableWebPart == null) { using (XmlTextReader reader = new XmlTextReader(new StringReader(this._importedPartDescription))) { if ((reader != null) && (base.WebPartManager != null)) { this._availableWebPart = base.WebPartManager.ImportWebPart(reader, out this._importErrorMessage); } } if (this._availableWebPart == null) { this._importedPartDescription = null; this._availableWebPartDescriptions = null; } } return(this._availableWebPart); }
protected internal override void OnPreRender(EventArgs e) { base.OnPreRender(e); // Invalidate cache, since the DisplayTitles may not have been available the first time // we created the WebPartDescriptions (VSWhidbey 355573) _availableWebPartDescriptions = null; }
private void RenderItems(HtmlTextWriter writer, CatalogPart catalogPart) { WebPartDescriptionCollection availableWebParts = catalogPart.GetAvailableWebPartDescriptions(); if (availableWebParts != null) { foreach (WebPartDescription webPartDescription in availableWebParts) { RenderItem(writer, webPartDescription); } } }
public override WebPart GetWebPart(WebPartDescription description) { if (description == null) { throw new ArgumentNullException("description"); } WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions(); if (!webPartDescriptions.Contains(description)) { throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description"); } return(description.WebPart); }
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions() { if (DesignMode) { return(DesignModeAvailableWebParts); } if (_availableWebPartDescriptions == null) { WebPartCollection availableWebParts; if (WebPartManager != null) { WebPartCollection closedWebParts = GetClosedWebParts(); if (closedWebParts != null) { availableWebParts = closedWebParts; } else { availableWebParts = new WebPartCollection(); } } else { availableWebParts = new WebPartCollection(); } ArrayList descriptions = new ArrayList(); foreach (WebPart part in availableWebParts) { // Do not show UnauthorizedWebParts (VSWhidbey 429514) if (part is UnauthorizedWebPart) { continue; } WebPartDescription description = new WebPartDescription(part); descriptions.Add(description); } _availableWebPartDescriptions = new WebPartDescriptionCollection(descriptions); } return(_availableWebPartDescriptions); }
private void LoadAvailableWebParts() { ArrayList descriptions = new ArrayList(); if (WebPartsTemplate != null) { Control container = new NonParentingControl(); WebPartsTemplate.InstantiateIn(container); if (container.HasControls()) { // Copy container.Controls to a temporary array, since adding the control to the // descriptions may cause it to be reparented to a GenericWebPart, which would // modify the container.Controls collection. Control[] controls = new Control[container.Controls.Count]; container.Controls.CopyTo(controls, 0); foreach (Control control in controls) { AddControlToDescriptions(control, descriptions); } } } string webPartsListUserControlPath = WebPartsListUserControlPath; if (!String.IsNullOrEmpty(webPartsListUserControlPath) && !DesignMode) { // Page.LoadControl() throws a null ref exception at design-time Control userControl = Page.LoadControl(webPartsListUserControlPath); if (userControl != null && userControl.HasControls()) { // Copy userControl.Controls to a temporary array, since adding the control to the // descriptions may cause it to be reparented to a GenericWebPart, which would // modify the userControl.Controls collection. Control[] controls = new Control[userControl.Controls.Count]; userControl.Controls.CopyTo(controls, 0); foreach (Control control in controls) { AddControlToDescriptions(control, descriptions); } } } _descriptions = new WebPartDescriptionCollection(descriptions); }
private void AddSelectedWebParts() { WebPartZoneBase selectedZone = null; if (WebPartManager != null) { selectedZone = WebPartManager.Zones[_selectedZoneID]; } CatalogPart selectedCatalogPart = SelectedCatalogPart; WebPartDescriptionCollection availableWebParts = null; if (selectedCatalogPart != null) { availableWebParts = selectedCatalogPart.GetAvailableWebPartDescriptions(); } if (selectedZone != null && selectedZone.AllowLayoutChange && _selectedCheckBoxValues != null && availableWebParts != null) { ArrayList selectedWebParts = new ArrayList(); // Fetch all of the WebParts before calling AddWebPart() on any of them. // This is necessary if the CatalogPart would refresh its list of // AvailableWebPartDescriptions in response to adding a WebPart. // PageCatalogPart is an example of this. (VSWhidbey 337539) for (int i = 0; i < _selectedCheckBoxValues.Length; i++) { string value = _selectedCheckBoxValues[i]; WebPartDescription webPartDescription = availableWebParts[value]; if (webPartDescription != null) { WebPart part = selectedCatalogPart.GetWebPart(webPartDescription); if (part != null) { selectedWebParts.Add(part); } } } AddWebParts(selectedWebParts, selectedZone); } }
protected virtual void RenderCatalogPartLinks(HtmlTextWriter writer) { RenderInstructionText(writer); CatalogPart selectedCatalogPart = SelectedCatalogPart; foreach (CatalogPart catalogPart in CatalogParts) { WebPartDescriptionCollection availableWebParts = catalogPart.GetAvailableWebPartDescriptions(); int count = ((availableWebParts != null) ? availableWebParts.Count : 0); string displayTitle = catalogPart.DisplayTitle; // string text = displayTitle + " (" + count.ToString(CultureInfo.CurrentCulture) + ")"; if (catalogPart == selectedCatalogPart) { Label label = new Label(); label.Text = text; label.Page = Page; label.ApplyStyle(SelectedPartLinkStyle); label.RenderControl(writer); } else { Debug.Assert(!String.IsNullOrEmpty(catalogPart.ID)); string eventArgument = selectEventArgument + ID_SEPARATOR + catalogPart.ID; ZoneLinkButton linkButton = new ZoneLinkButton(this, eventArgument); linkButton.Text = text; linkButton.ToolTip = SR.GetString(SR.CatalogZoneBase_SelectCatalogPart, displayTitle); linkButton.Page = Page; linkButton.ApplyStyle(PartLinkStyle); linkButton.RenderControl(writer); } writer.WriteBreak(); } writer.WriteBreak(); }
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions() { if (base.DesignMode) { return(DesignModeAvailableWebParts); } if (this._availableWebPartDescriptions == null) { WebPartCollection parts; if (base.WebPartManager != null) { WebPartCollection closedWebParts = this.GetClosedWebParts(); if (closedWebParts != null) { parts = closedWebParts; } else { parts = new WebPartCollection(); } } else { parts = new WebPartCollection(); } ArrayList webPartDescriptions = new ArrayList(); foreach (WebPart part in parts) { if (!(part is UnauthorizedWebPart)) { WebPartDescription description = new WebPartDescription(part); webPartDescriptions.Add(description); } } this._availableWebPartDescriptions = new WebPartDescriptionCollection(webPartDescriptions); } return(this._availableWebPartDescriptions); }
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions() { if (DesignMode) { return DesignModeAvailableWebParts; } if (_availableWebPartDescriptions == null) { WebPartCollection availableWebParts; if (WebPartManager != null) { WebPartCollection closedWebParts = GetClosedWebParts(); if (closedWebParts != null) { availableWebParts = closedWebParts; } else { availableWebParts = new WebPartCollection(); } } else { availableWebParts = new WebPartCollection(); } ArrayList descriptions = new ArrayList(); foreach(WebPart part in availableWebParts) { // Do not show UnauthorizedWebParts (VSWhidbey 429514) if (part is UnauthorizedWebPart) { continue; } WebPartDescription description = new WebPartDescription(part); descriptions.Add(description); } _availableWebPartDescriptions = new WebPartDescriptionCollection(descriptions); } return _availableWebPartDescriptions; }
protected virtual void RenderCatalogPartLinks(HtmlTextWriter writer) { this.RenderInstructionText(writer); CatalogPart selectedCatalogPart = this.SelectedCatalogPart; foreach (CatalogPart part2 in this.CatalogParts) { WebPartDescriptionCollection availableWebPartDescriptions = part2.GetAvailableWebPartDescriptions(); int num = (availableWebPartDescriptions != null) ? availableWebPartDescriptions.Count : 0; string displayTitle = part2.DisplayTitle; string str2 = displayTitle + " (" + num.ToString(CultureInfo.CurrentCulture) + ")"; if (part2 == selectedCatalogPart) { Label label = new Label { Text = str2, Page = this.Page }; label.ApplyStyle(this.SelectedPartLinkStyle); label.RenderControl(writer); } else { string eventArgument = "select" + '$' + part2.ID; ZoneLinkButton button = new ZoneLinkButton(this, eventArgument) { Text = str2, ToolTip = System.Web.SR.GetString("CatalogZoneBase_SelectCatalogPart", new object[] { displayTitle }), Page = this.Page }; button.ApplyStyle(this.PartLinkStyle); button.RenderControl(writer); } writer.WriteBreak(); } writer.WriteBreak(); }
private void OnWebPartsChanged(object sender, WebPartEventArgs e) { // Invalidate cache _availableWebPartDescriptions = null; }
public override WebPart GetWebPart(WebPartDescription description) { if (description == null) { throw new ArgumentNullException("description"); } WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions(); if (!webPartDescriptions.Contains(description)) { throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description"); } if (_availableWebPart != null) { return _availableWebPart; } // Import the WebPart from its saved XML description. using (XmlReader reader = XmlUtils.CreateXmlReader(new StringReader(_importedPartDescription))) { if (reader != null && WebPartManager != null) { _availableWebPart = WebPartManager.ImportWebPart(reader, out _importErrorMessage); } } // If import failed, clear the cached description if (_availableWebPart == null) { _importedPartDescription = null; _availableWebPartDescriptions = null; } return _availableWebPart; }
private void CreateAvailableWebPartDescriptions() { if (_availableWebPartDescriptions != null) { return; } if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) { _availableWebPartDescriptions = new WebPartDescriptionCollection(); return; } // Run in minimal trust PermissionSet pset = new PermissionSet(PermissionState.None); // add in whatever perms are appropriate pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); pset.PermitOnly(); bool permitOnly = true; string title = null; string description = null; string icon = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { // Get the WebPart description from its saved XML description. using (StringReader sr = new StringReader(_importedPartDescription)) { using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) { if (reader != null) { reader.MoveToContent(); // Check if imported part is authorized // Get to the metadata reader.MoveToContent(); reader.ReadStartElement(WebPartManager.ExportRootElement); reader.ReadStartElement(WebPartManager.ExportPartElement); reader.ReadStartElement(WebPartManager.ExportMetaDataElement); // Get the type name string partTypeName = null; string userControlTypeName = null; while (reader.Name != WebPartManager.ExportTypeElement) { reader.Skip(); if (reader.EOF) { throw new EndOfStreamException(); } } if (reader.Name == WebPartManager.ExportTypeElement) { partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute); userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute); } // If we are in shared scope, we are importing a shared WebPart bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared); if (!String.IsNullOrEmpty(partTypeName)) { // Need medium trust to call BuildManager.GetType() PermissionSet mediumPset = new PermissionSet(PermissionState.None); mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; mediumPset.PermitOnly(); permitOnly = true; Type partType = WebPartUtil.DeserializeType(partTypeName, true); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; pset.PermitOnly(); permitOnly = true; // First check if the type is authorized if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } // If the type is not a webpart, create a generic Web Part if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) { // We only allow for Controls (VSWhidbey 428511) _importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl); return; } } else { // Check if the path is authorized if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } } while (!reader.EOF) { while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element && reader.Name == WebPartManager.ExportPropertyElement)) { reader.Read(); } if (reader.EOF) { break; } string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute); if (name == TitlePropertyName) { title = reader.ReadElementString(); } else if (name == DescriptionPropertyName) { description = reader.ReadElementString(); } else if (name == IconPropertyName) { string url = reader.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) { icon = url; } } else { reader.Read(); continue; } if (title != null && description != null && icon != null) { break; } reader.Read(); } } } if (String.IsNullOrEmpty(title)) { title = SR.GetString(SR.Part_Untitled); } _availableWebPartDescriptions = new WebPartDescriptionCollection( new WebPartDescription[] {new WebPartDescription(ImportedWebPartID, title, description, icon)}); } } catch (XmlException) { _importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat); return; } catch { _importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ? _importErrorMessage : SR.GetString(SR.WebPart_DefaultImportErrorMessage); return; } finally { if (permitOnly) { // revert if you're not just exiting the stack frame anyway CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } }
protected internal override void OnPreRender(EventArgs e) { base.OnPreRender(e); this._availableWebPartDescriptions = null; }
private void OnWebPartsChanged(object sender, WebPartEventArgs e) { this._availableWebPartDescriptions = null; }
private void CreateAvailableWebPartDescriptions() { if (this._availableWebPartDescriptions == null) { if ((base.WebPartManager == null) || string.IsNullOrEmpty(this._importedPartDescription)) { this._availableWebPartDescriptions = new WebPartDescriptionCollection(); } else { PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); set.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); set.PermitOnly(); bool flag = true; string str = null; string description = null; string imageUrl = null; try { try { using (StringReader reader = new StringReader(this._importedPartDescription)) { using (XmlTextReader reader2 = new XmlTextReader(reader)) { if (reader2 == null) { goto Label_02F7; } reader2.MoveToContent(); reader2.MoveToContent(); reader2.ReadStartElement("webParts"); reader2.ReadStartElement("webPart"); reader2.ReadStartElement("metaData"); string str4 = null; string path = null; while (reader2.Name != "type") { reader2.Skip(); if (reader2.EOF) { throw new EndOfStreamException(); } } if (reader2.Name == "type") { str4 = reader2.GetAttribute("name"); path = reader2.GetAttribute("src"); } bool isShared = base.WebPartManager.Personalization.Scope == PersonalizationScope.Shared; if (!string.IsNullOrEmpty(str4)) { PermissionSet set2 = new PermissionSet(PermissionState.None); set2.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); set2.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); flag = false; set2.PermitOnly(); flag = true; Type type = WebPartUtil.DeserializeType(str4, true); CodeAccessPermission.RevertPermitOnly(); flag = false; set.PermitOnly(); flag = true; if (!base.WebPartManager.IsAuthorized(type, null, null, isShared)) { this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType"); } else { if (type.IsSubclassOf(typeof(WebPart)) || type.IsSubclassOf(typeof(Control))) { goto Label_02DD; } this._importErrorMessage = System.Web.SR.GetString("WebPartManager_TypeMustDeriveFromControl"); } } else { if (base.WebPartManager.IsAuthorized(typeof(UserControl), path, null, isShared)) { goto Label_02DD; } this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType"); } return; Label_021E: reader2.Read(); Label_0226: if (!reader2.EOF && ((reader2.NodeType != XmlNodeType.Element) || !(reader2.Name == "property"))) { goto Label_021E; } if (reader2.EOF) { goto Label_02F7; } string attribute = reader2.GetAttribute("name"); if (attribute == "Title") { str = reader2.ReadElementString(); } else if (attribute == "Description") { description = reader2.ReadElementString(); } else if (attribute == "CatalogIconImageUrl") { string s = reader2.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(s)) { imageUrl = s; } } else { reader2.Read(); goto Label_02DD; } if (((str != null) && (description != null)) && (imageUrl != null)) { goto Label_02F7; } reader2.Read(); Label_02DD: if (!reader2.EOF) { goto Label_0226; } } Label_02F7: if (string.IsNullOrEmpty(str)) { str = System.Web.SR.GetString("Part_Untitled"); } this._availableWebPartDescriptions = new WebPartDescriptionCollection(new WebPartDescription[] { new WebPartDescription("ImportedWebPart", str, description, imageUrl) }); } } catch (XmlException) { this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ImportInvalidFormat"); } catch { this._importErrorMessage = !string.IsNullOrEmpty(this._importErrorMessage) ? this._importErrorMessage : System.Web.SR.GetString("WebPart_DefaultImportErrorMessage"); } finally { if (flag) { CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } } } }
private void CreateAvailableWebPartDescriptions() { if (_availableWebPartDescriptions != null) { return; } if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) { _availableWebPartDescriptions = new WebPartDescriptionCollection(); return; } // Run in minimal trust PermissionSet pset = new PermissionSet(PermissionState.None); // add in whatever perms are appropriate pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); pset.PermitOnly(); bool permitOnly = true; string title = null; string description = null; string icon = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { // Get the WebPart description from its saved XML description. using (StringReader sr = new StringReader(_importedPartDescription)) { using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) { if (reader != null) { reader.MoveToContent(); // Check if imported part is authorized // Get to the metadata reader.MoveToContent(); reader.ReadStartElement(WebPartManager.ExportRootElement); reader.ReadStartElement(WebPartManager.ExportPartElement); reader.ReadStartElement(WebPartManager.ExportMetaDataElement); // Get the type name string partTypeName = null; string userControlTypeName = null; while (reader.Name != WebPartManager.ExportTypeElement) { reader.Skip(); if (reader.EOF) { throw new EndOfStreamException(); } } if (reader.Name == WebPartManager.ExportTypeElement) { partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute); userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute); } // If we are in shared scope, we are importing a shared WebPart bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared); if (!String.IsNullOrEmpty(partTypeName)) { // Need medium trust to call BuildManager.GetType() PermissionSet mediumPset = new PermissionSet(PermissionState.None); mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; mediumPset.PermitOnly(); permitOnly = true; Type partType = WebPartUtil.DeserializeType(partTypeName, true); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; pset.PermitOnly(); permitOnly = true; // First check if the type is authorized if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } // If the type is not a webpart, create a generic Web Part if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) { // We only allow for Controls (VSWhidbey 428511) _importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl); return; } } else { // Check if the path is authorized if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } } while (!reader.EOF) { while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element && reader.Name == WebPartManager.ExportPropertyElement)) { reader.Read(); } if (reader.EOF) { break; } string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute); if (name == TitlePropertyName) { title = reader.ReadElementString(); } else if (name == DescriptionPropertyName) { description = reader.ReadElementString(); } else if (name == IconPropertyName) { string url = reader.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) { icon = url; } } else { reader.Read(); continue; } if (title != null && description != null && icon != null) { break; } reader.Read(); } } } if (String.IsNullOrEmpty(title)) { title = SR.GetString(SR.Part_Untitled); } _availableWebPartDescriptions = new WebPartDescriptionCollection( new WebPartDescription[] { new WebPartDescription(ImportedWebPartID, title, description, icon) }); } } catch (XmlException) { _importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat); return; } catch { _importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ? _importErrorMessage : SR.GetString(SR.WebPart_DefaultImportErrorMessage); return; } finally { if (permitOnly) { // revert if you're not just exiting the stack frame anyway CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } }
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions() { Collection<WebPartDescription> colDescriptions = new Collection<WebPartDescription>(); SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings(); if (siteSettings != null) { using (IDataReader reader = WebPartContent.GetMostPopular (siteSettings.SiteId, WebConfigSettings.NumberOfWebPartsToShowInMiniCatalog)) { while (reader.Read()) { bool allowMultipleInstances = Convert.ToBoolean(reader["AllowMultipleInstancesOnMyPage"]); bool isAssembly = Convert.ToBoolean(reader["IsAssembly"]); String moduleIcon = reader["ModuleIcon"].ToString(); String featureIcon = reader["FeatureIcon"].ToString(); String imageUrl = featureIcon; if (moduleIcon.Length > 0) { imageUrl = moduleIcon; } if (imageUrl.Length > 0) { imageUrl = Page.ResolveUrl("~/Data/SiteImages/FeatureIcons/" + imageUrl); } WebPartDescription wpDescription; if (isAssembly) { wpDescription = new WebPartDescription( reader["WebPartID"].ToString(), reader["ModuleTitle"].ToString(), ResourceHelper.GetResourceString(reader["ResourceFile"].ToString(), reader["FeatureName"].ToString()), imageUrl); } else { wpDescription = new WebPartDescription( reader["ModuleID"].ToString(), reader["ModuleTitle"].ToString(), ResourceHelper.GetResourceString(reader["ResourceFile"].ToString(), reader["FeatureName"].ToString()), imageUrl); } if (allowMultipleInstances) { colDescriptions.Add(wpDescription); } else { if (!PageHasPart(wpDescription.Title, wpDescription.Description)) { colDescriptions.Add(wpDescription); } } } } } WebPartDescriptionCollection wpdCollection = new WebPartDescriptionCollection(colDescriptions); return wpdCollection; }