/// <summary> /// Returns DavLocationFolder folder if path corresponds to [DavLocation]. /// </summary> /// <param name="context">Instance of <see cref="DavContext"/></param> /// <param name="path">Encoded path relative to WebDAV root.</param> /// <returns>DavLocationFolder instance or null if physical folder not found in file system.</returns> public static DavLocationFolder GetDavLocationFolder(DavContext context, string path) { string davPath = DavLocationFolderPath; if (!path.Equals(davPath.Trim(new[] { '/' }), StringComparison.OrdinalIgnoreCase)) { return(null); } string folderPath = context.MapPath(davPath).TrimEnd(System.IO.Path.DirectorySeparatorChar); DirectoryInfo folder = new DirectoryInfo(folderPath); if (!folder.Exists) { throw new Exception(string.Format("Can not find folder that corresponds to '{0}' ([DavLocation] folder) in file system.", davPath)); } return(new DavLocationFolder(folder, context, davPath)); }
/// <summary> /// Returns file that corresponds to path. /// </summary> /// <param name="context">WebDAV Context.</param> /// <param name="path">Encoded path relative to WebDAV root folder.</param> /// <returns>File instance or null if physical file is not found in file system.</returns> public static async Task <DavFile> GetFileAsync(DavContext context, string path) { string filePath = context.MapPath(path); FileInfo file = new FileInfo(filePath); // This code blocks vulnerability when "%20" folder can be injected into path and file.Exists returns 'true'. if (!file.Exists || string.Compare(file.FullName.TrimEnd(System.IO.Path.DirectorySeparatorChar), filePath, StringComparison.OrdinalIgnoreCase) != 0) { return(null); } DavFile davFile = new DavFile(file, context, path); if (await file.HasExtendedAttributeAsync("SerialNumber")) { davFile.serialNumber = await file.GetExtendedAttributeAsync <int?>("SerialNumber") ?? 0; } return(davFile); }