private void LoadAvailableWebParts()
{
ArrayList descriptions = new ArrayList();
if (this.WebPartsTemplate != null)
{
Control container = new NonParentingControl();
this.WebPartsTemplate.InstantiateIn(container);
if (container.HasControls())
{
Control[] array = new Control[container.Controls.Count];
container.Controls.CopyTo(array, 0);
foreach (Control control2 in array)
{
this.AddControlToDescriptions(control2, descriptions);
}
}
}
string webPartsListUserControlPath = this.WebPartsListUserControlPath;
if (!string.IsNullOrEmpty(webPartsListUserControlPath) && !base.DesignMode)
{
Control control3 = this.Page.LoadControl(webPartsListUserControlPath);
if ((control3 != null) && control3.HasControls())
{
Control[] controlArray2 = new Control[control3.Controls.Count];
control3.Controls.CopyTo(controlArray2, 0);
foreach (Control control4 in controlArray2)
{
this.AddControlToDescriptions(control4, descriptions);
}
}
}
this._descriptions = new WebPartDescriptionCollection(descriptions);
}
protected override void RenderVerbs(HtmlTextWriter writer)
{
int count = 0;
bool originalAddVerbEnabled = false;
CatalogPart selectedCatalogPart = SelectedCatalogPart;
if (selectedCatalogPart != null)
{
WebPartDescriptionCollection availableWebParts = selectedCatalogPart.GetAvailableWebPartDescriptions();
count = ((availableWebParts != null) ? availableWebParts.Count : 0);
}
// If the current CatalogPart has no WebPartDescriptions, disable the AddVerb
if (count == 0)
{
originalAddVerbEnabled = AddVerb.Enabled;
AddVerb.Enabled = false;
}
try {
RenderVerbsInternal(writer, new WebPartVerb[] { AddVerb, CloseVerb });
}
finally {
if (count == 0)
{
AddVerb.Enabled = originalAddVerbEnabled;
}
}
}
public override WebPart GetWebPart(WebPartDescription description)
{
if (description == null)
{
throw new ArgumentNullException("description");
}
WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions();
if (!webPartDescriptions.Contains(description))
{
throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description");
}
if (_availableWebPart != null)
{
return(_availableWebPart);
}
// Import the WebPart from its saved XML description.
using (XmlReader reader = XmlUtils.CreateXmlReader(new StringReader(_importedPartDescription))) {
if (reader != null && WebPartManager != null)
{
_availableWebPart = WebPartManager.ImportWebPart(reader, out _importErrorMessage);
}
}
// If import failed, clear the cached description
if (_availableWebPart == null)
{
_importedPartDescription = null;
_availableWebPartDescriptions = null;
}
return(_availableWebPart);
}
internal void OnUpload(object sender, EventArgs e)
{
string fileName = _upload.FileName;
Stream contents = _upload.FileContent;
if (!String.IsNullOrEmpty(fileName) && contents != null)
{
using (StreamReader sr = new StreamReader(contents, true)) {
_importedPartDescription = sr.ReadToEnd();
// Clear cache
_availableWebPart = null;
_availableWebPartDescriptions = null;
_importErrorMessage = null;
if (String.IsNullOrEmpty(_importedPartDescription))
{
_importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName);
}
else
{
GetAvailableWebPartDescriptions();
}
}
}
else
{
_importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName);
}
}
protected override void RenderVerbs(HtmlTextWriter writer)
{
int num = 0;
bool enabled = false;
CatalogPart selectedCatalogPart = this.SelectedCatalogPart;
if (selectedCatalogPart != null)
{
WebPartDescriptionCollection availableWebPartDescriptions = selectedCatalogPart.GetAvailableWebPartDescriptions();
num = (availableWebPartDescriptions != null) ? availableWebPartDescriptions.Count : 0;
}
if (num == 0)
{
enabled = this.AddVerb.Enabled;
this.AddVerb.Enabled = false;
}
try
{
base.RenderVerbsInternal(writer, new WebPartVerb[] { this.AddVerb, this.CloseVerb });
}
finally
{
if (num == 0)
{
this.AddVerb.Enabled = enabled;
}
}
}
private void AddSelectedWebParts()
{
WebPartZoneBase zone = null;
if (base.WebPartManager != null)
{
zone = base.WebPartManager.Zones[this._selectedZoneID];
}
CatalogPart selectedCatalogPart = this.SelectedCatalogPart;
WebPartDescriptionCollection availableWebPartDescriptions = null;
if (selectedCatalogPart != null)
{
availableWebPartDescriptions = selectedCatalogPart.GetAvailableWebPartDescriptions();
}
if (((zone != null) && zone.AllowLayoutChange) && ((this._selectedCheckBoxValues != null) && (availableWebPartDescriptions != null)))
{
ArrayList webParts = new ArrayList();
for (int i = 0; i < this._selectedCheckBoxValues.Length; i++)
{
string str = this._selectedCheckBoxValues[i];
WebPartDescription description = availableWebPartDescriptions[str];
if (description != null)
{
WebPart webPart = selectedCatalogPart.GetWebPart(description);
if (webPart != null)
{
webParts.Add(webPart);
}
}
}
this.AddWebParts(webParts, zone);
}
}
internal void OnUpload(object sender, EventArgs e)
{
string fileName = this._upload.FileName;
Stream fileContent = this._upload.FileContent;
if (!string.IsNullOrEmpty(fileName) && (fileContent != null))
{
using (StreamReader reader = new StreamReader(fileContent, true))
{
this._importedPartDescription = reader.ReadToEnd();
this._availableWebPart = null;
this._availableWebPartDescriptions = null;
this._importErrorMessage = null;
if (string.IsNullOrEmpty(this._importedPartDescription))
{
this._importErrorMessage = System.Web.SR.GetString("ImportCatalogPart_NoFileName");
}
else
{
this.GetAvailableWebPartDescriptions();
}
return;
}
}
this._importErrorMessage = System.Web.SR.GetString("ImportCatalogPart_NoFileName");
}
public override WebPart GetWebPart(WebPartDescription description)
{
if (description == null)
{
throw new ArgumentNullException("description");
}
if (!this.GetAvailableWebPartDescriptions().Contains(description))
{
throw new ArgumentException(System.Web.SR.GetString("CatalogPart_UnknownDescription"), "description");
}
if (this._availableWebPart == null)
{
using (XmlTextReader reader = new XmlTextReader(new StringReader(this._importedPartDescription)))
{
if ((reader != null) && (base.WebPartManager != null))
{
this._availableWebPart = base.WebPartManager.ImportWebPart(reader, out this._importErrorMessage);
}
}
if (this._availableWebPart == null)
{
this._importedPartDescription = null;
this._availableWebPartDescriptions = null;
}
}
return(this._availableWebPart);
}
protected internal override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
// Invalidate cache, since the DisplayTitles may not have been available the first time
// we created the WebPartDescriptions (VSWhidbey 355573)
_availableWebPartDescriptions = null;
}
private void RenderItems(HtmlTextWriter writer, CatalogPart catalogPart)
{
WebPartDescriptionCollection availableWebParts = catalogPart.GetAvailableWebPartDescriptions();
if (availableWebParts != null)
{
foreach (WebPartDescription webPartDescription in availableWebParts)
{
RenderItem(writer, webPartDescription);
}
}
}
public override WebPart GetWebPart(WebPartDescription description)
{
if (description == null)
{
throw new ArgumentNullException("description");
}
WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions();
if (!webPartDescriptions.Contains(description))
{
throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description");
}
return(description.WebPart);
}
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions()
{
if (DesignMode)
{
return(DesignModeAvailableWebParts);
}
if (_availableWebPartDescriptions == null)
{
WebPartCollection availableWebParts;
if (WebPartManager != null)
{
WebPartCollection closedWebParts = GetClosedWebParts();
if (closedWebParts != null)
{
availableWebParts = closedWebParts;
}
else
{
availableWebParts = new WebPartCollection();
}
}
else
{
availableWebParts = new WebPartCollection();
}
ArrayList descriptions = new ArrayList();
foreach (WebPart part in availableWebParts)
{
// Do not show UnauthorizedWebParts (VSWhidbey 429514)
if (part is UnauthorizedWebPart)
{
continue;
}
WebPartDescription description = new WebPartDescription(part);
descriptions.Add(description);
}
_availableWebPartDescriptions = new WebPartDescriptionCollection(descriptions);
}
return(_availableWebPartDescriptions);
}
private void LoadAvailableWebParts()
{
ArrayList descriptions = new ArrayList();
if (WebPartsTemplate != null)
{
Control container = new NonParentingControl();
WebPartsTemplate.InstantiateIn(container);
if (container.HasControls())
{
// Copy container.Controls to a temporary array, since adding the control to the
// descriptions may cause it to be reparented to a GenericWebPart, which would
// modify the container.Controls collection.
Control[] controls = new Control[container.Controls.Count];
container.Controls.CopyTo(controls, 0);
foreach (Control control in controls)
{
AddControlToDescriptions(control, descriptions);
}
}
}
string webPartsListUserControlPath = WebPartsListUserControlPath;
if (!String.IsNullOrEmpty(webPartsListUserControlPath) && !DesignMode)
{
// Page.LoadControl() throws a null ref exception at design-time
Control userControl = Page.LoadControl(webPartsListUserControlPath);
if (userControl != null && userControl.HasControls())
{
// Copy userControl.Controls to a temporary array, since adding the control to the
// descriptions may cause it to be reparented to a GenericWebPart, which would
// modify the userControl.Controls collection.
Control[] controls = new Control[userControl.Controls.Count];
userControl.Controls.CopyTo(controls, 0);
foreach (Control control in controls)
{
AddControlToDescriptions(control, descriptions);
}
}
}
_descriptions = new WebPartDescriptionCollection(descriptions);
}
private void AddSelectedWebParts()
{
WebPartZoneBase selectedZone = null;
if (WebPartManager != null)
{
selectedZone = WebPartManager.Zones[_selectedZoneID];
}
CatalogPart selectedCatalogPart = SelectedCatalogPart;
WebPartDescriptionCollection availableWebParts = null;
if (selectedCatalogPart != null)
{
availableWebParts = selectedCatalogPart.GetAvailableWebPartDescriptions();
}
if (selectedZone != null && selectedZone.AllowLayoutChange &&
_selectedCheckBoxValues != null && availableWebParts != null)
{
ArrayList selectedWebParts = new ArrayList();
// Fetch all of the WebParts before calling AddWebPart() on any of them.
// This is necessary if the CatalogPart would refresh its list of
// AvailableWebPartDescriptions in response to adding a WebPart.
// PageCatalogPart is an example of this. (VSWhidbey 337539)
for (int i = 0; i < _selectedCheckBoxValues.Length; i++)
{
string value = _selectedCheckBoxValues[i];
WebPartDescription webPartDescription = availableWebParts[value];
if (webPartDescription != null)
{
WebPart part = selectedCatalogPart.GetWebPart(webPartDescription);
if (part != null)
{
selectedWebParts.Add(part);
}
}
}
AddWebParts(selectedWebParts, selectedZone);
}
}
protected virtual void RenderCatalogPartLinks(HtmlTextWriter writer)
{
RenderInstructionText(writer);
CatalogPart selectedCatalogPart = SelectedCatalogPart;
foreach (CatalogPart catalogPart in CatalogParts)
{
WebPartDescriptionCollection availableWebParts = catalogPart.GetAvailableWebPartDescriptions();
int count = ((availableWebParts != null) ? availableWebParts.Count : 0);
string displayTitle = catalogPart.DisplayTitle;
//
string text = displayTitle + " (" + count.ToString(CultureInfo.CurrentCulture) + ")";
if (catalogPart == selectedCatalogPart)
{
Label label = new Label();
label.Text = text;
label.Page = Page;
label.ApplyStyle(SelectedPartLinkStyle);
label.RenderControl(writer);
}
else
{
Debug.Assert(!String.IsNullOrEmpty(catalogPart.ID));
string eventArgument = selectEventArgument + ID_SEPARATOR + catalogPart.ID;
ZoneLinkButton linkButton = new ZoneLinkButton(this, eventArgument);
linkButton.Text = text;
linkButton.ToolTip = SR.GetString(SR.CatalogZoneBase_SelectCatalogPart, displayTitle);
linkButton.Page = Page;
linkButton.ApplyStyle(PartLinkStyle);
linkButton.RenderControl(writer);
}
writer.WriteBreak();
}
writer.WriteBreak();
}
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions()
{
if (base.DesignMode)
{
return(DesignModeAvailableWebParts);
}
if (this._availableWebPartDescriptions == null)
{
WebPartCollection parts;
if (base.WebPartManager != null)
{
WebPartCollection closedWebParts = this.GetClosedWebParts();
if (closedWebParts != null)
{
parts = closedWebParts;
}
else
{
parts = new WebPartCollection();
}
}
else
{
parts = new WebPartCollection();
}
ArrayList webPartDescriptions = new ArrayList();
foreach (WebPart part in parts)
{
if (!(part is UnauthorizedWebPart))
{
WebPartDescription description = new WebPartDescription(part);
webPartDescriptions.Add(description);
}
}
this._availableWebPartDescriptions = new WebPartDescriptionCollection(webPartDescriptions);
}
return(this._availableWebPartDescriptions);
}
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions() {
if (DesignMode) {
return DesignModeAvailableWebParts;
}
if (_availableWebPartDescriptions == null) {
WebPartCollection availableWebParts;
if (WebPartManager != null) {
WebPartCollection closedWebParts = GetClosedWebParts();
if (closedWebParts != null) {
availableWebParts = closedWebParts;
}
else {
availableWebParts = new WebPartCollection();
}
}
else {
availableWebParts = new WebPartCollection();
}
ArrayList descriptions = new ArrayList();
foreach(WebPart part in availableWebParts) {
// Do not show UnauthorizedWebParts (VSWhidbey 429514)
if (part is UnauthorizedWebPart) {
continue;
}
WebPartDescription description = new WebPartDescription(part);
descriptions.Add(description);
}
_availableWebPartDescriptions = new WebPartDescriptionCollection(descriptions);
}
return _availableWebPartDescriptions;
}
protected virtual void RenderCatalogPartLinks(HtmlTextWriter writer)
{
this.RenderInstructionText(writer);
CatalogPart selectedCatalogPart = this.SelectedCatalogPart;
foreach (CatalogPart part2 in this.CatalogParts)
{
WebPartDescriptionCollection availableWebPartDescriptions = part2.GetAvailableWebPartDescriptions();
int num = (availableWebPartDescriptions != null) ? availableWebPartDescriptions.Count : 0;
string displayTitle = part2.DisplayTitle;
string str2 = displayTitle + " (" + num.ToString(CultureInfo.CurrentCulture) + ")";
if (part2 == selectedCatalogPart)
{
Label label = new Label {
Text = str2,
Page = this.Page
};
label.ApplyStyle(this.SelectedPartLinkStyle);
label.RenderControl(writer);
}
else
{
string eventArgument = "select" + '$' + part2.ID;
ZoneLinkButton button = new ZoneLinkButton(this, eventArgument)
{
Text = str2,
ToolTip = System.Web.SR.GetString("CatalogZoneBase_SelectCatalogPart", new object[] { displayTitle }),
Page = this.Page
};
button.ApplyStyle(this.PartLinkStyle);
button.RenderControl(writer);
}
writer.WriteBreak();
}
writer.WriteBreak();
}
private void OnWebPartsChanged(object sender, WebPartEventArgs e) {
// Invalidate cache
_availableWebPartDescriptions = null;
}
protected internal override void OnPreRender(EventArgs e) {
base.OnPreRender(e);
// Invalidate cache, since the DisplayTitles may not have been available the first time
// we created the WebPartDescriptions (VSWhidbey 355573)
_availableWebPartDescriptions = null;
}
internal void OnUpload(object sender, EventArgs e) {
string fileName = _upload.FileName;
Stream contents = _upload.FileContent;
if (!String.IsNullOrEmpty(fileName) && contents != null) {
using (StreamReader sr = new StreamReader(contents, true)) {
_importedPartDescription = sr.ReadToEnd();
// Clear cache
_availableWebPart = null;
_availableWebPartDescriptions = null;
_importErrorMessage = null;
if (String.IsNullOrEmpty(_importedPartDescription)) {
_importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName);
}
else {
GetAvailableWebPartDescriptions();
}
}
}
else {
_importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName);
}
}
public override WebPart GetWebPart(WebPartDescription description) {
if (description == null) {
throw new ArgumentNullException("description");
}
WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions();
if (!webPartDescriptions.Contains(description)) {
throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description");
}
if (_availableWebPart != null) {
return _availableWebPart;
}
// Import the WebPart from its saved XML description.
using (XmlReader reader = XmlUtils.CreateXmlReader(new StringReader(_importedPartDescription))) {
if (reader != null && WebPartManager != null) {
_availableWebPart = WebPartManager.ImportWebPart(reader, out _importErrorMessage);
}
}
// If import failed, clear the cached description
if (_availableWebPart == null) {
_importedPartDescription = null;
_availableWebPartDescriptions = null;
}
return _availableWebPart;
}
private void CreateAvailableWebPartDescriptions() {
if (_availableWebPartDescriptions != null) {
return;
}
if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) {
_availableWebPartDescriptions = new WebPartDescriptionCollection();
return;
}
// Run in minimal trust
PermissionSet pset = new PermissionSet(PermissionState.None);
// add in whatever perms are appropriate
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
pset.PermitOnly();
bool permitOnly = true;
string title = null;
string description = null;
string icon = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
// Get the WebPart description from its saved XML description.
using (StringReader sr = new StringReader(_importedPartDescription)) {
using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) {
if (reader != null) {
reader.MoveToContent();
// Check if imported part is authorized
// Get to the metadata
reader.MoveToContent();
reader.ReadStartElement(WebPartManager.ExportRootElement);
reader.ReadStartElement(WebPartManager.ExportPartElement);
reader.ReadStartElement(WebPartManager.ExportMetaDataElement);
// Get the type name
string partTypeName = null;
string userControlTypeName = null;
while (reader.Name != WebPartManager.ExportTypeElement) {
reader.Skip();
if (reader.EOF) {
throw new EndOfStreamException();
}
}
if (reader.Name == WebPartManager.ExportTypeElement) {
partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute);
userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute);
}
// If we are in shared scope, we are importing a shared WebPart
bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared);
if (!String.IsNullOrEmpty(partTypeName)) {
// Need medium trust to call BuildManager.GetType()
PermissionSet mediumPset = new PermissionSet(PermissionState.None);
mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
mediumPset.PermitOnly();
permitOnly = true;
Type partType = WebPartUtil.DeserializeType(partTypeName, true);
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
pset.PermitOnly();
permitOnly = true;
// First check if the type is authorized
if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
// If the type is not a webpart, create a generic Web Part
if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) {
// We only allow for Controls (VSWhidbey 428511)
_importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl);
return;
}
}
else {
// Check if the path is authorized
if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
}
while (!reader.EOF) {
while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element &&
reader.Name == WebPartManager.ExportPropertyElement)) {
reader.Read();
}
if (reader.EOF) {
break;
}
string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute);
if (name == TitlePropertyName) {
title = reader.ReadElementString();
}
else if (name == DescriptionPropertyName) {
description = reader.ReadElementString();
}
else if (name == IconPropertyName) {
string url = reader.ReadElementString().Trim();
if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) {
icon = url;
}
}
else {
reader.Read();
continue;
}
if (title != null && description != null && icon != null) {
break;
}
reader.Read();
}
}
}
if (String.IsNullOrEmpty(title)) {
title = SR.GetString(SR.Part_Untitled);
}
_availableWebPartDescriptions = new WebPartDescriptionCollection(
new WebPartDescription[] {new WebPartDescription(ImportedWebPartID, title, description, icon)});
}
}
catch (XmlException) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat);
return;
}
catch {
_importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ?
_importErrorMessage :
SR.GetString(SR.WebPart_DefaultImportErrorMessage);
return;
}
finally {
if (permitOnly) {
// revert if you're not just exiting the stack frame anyway
CodeAccessPermission.RevertPermitOnly();
}
}
}
catch {
throw;
}
}
private void LoadAvailableWebParts() {
ArrayList descriptions = new ArrayList();
if (WebPartsTemplate != null) {
Control container = new NonParentingControl();
WebPartsTemplate.InstantiateIn(container);
if (container.HasControls()) {
// Copy container.Controls to a temporary array, since adding the control to the
// descriptions may cause it to be reparented to a GenericWebPart, which would
// modify the container.Controls collection.
Control[] controls = new Control[container.Controls.Count];
container.Controls.CopyTo(controls, 0);
foreach (Control control in controls) {
AddControlToDescriptions(control, descriptions);
}
}
}
string webPartsListUserControlPath = WebPartsListUserControlPath;
if (!String.IsNullOrEmpty(webPartsListUserControlPath) && !DesignMode) {
// Page.LoadControl() throws a null ref exception at design-time
Control userControl = Page.LoadControl(webPartsListUserControlPath);
if (userControl != null && userControl.HasControls()) {
// Copy userControl.Controls to a temporary array, since adding the control to the
// descriptions may cause it to be reparented to a GenericWebPart, which would
// modify the userControl.Controls collection.
Control[] controls = new Control[userControl.Controls.Count];
userControl.Controls.CopyTo(controls, 0);
foreach (Control control in controls) {
AddControlToDescriptions(control, descriptions);
}
}
}
_descriptions = new WebPartDescriptionCollection(descriptions);
}
protected internal override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
this._availableWebPartDescriptions = null;
}
private void OnWebPartsChanged(object sender, WebPartEventArgs e)
{
this._availableWebPartDescriptions = null;
}
private void CreateAvailableWebPartDescriptions()
{
if (this._availableWebPartDescriptions == null)
{
if ((base.WebPartManager == null) || string.IsNullOrEmpty(this._importedPartDescription))
{
this._availableWebPartDescriptions = new WebPartDescriptionCollection();
}
else
{
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
set.PermitOnly();
bool flag = true;
string str = null;
string description = null;
string imageUrl = null;
try
{
try
{
using (StringReader reader = new StringReader(this._importedPartDescription))
{
using (XmlTextReader reader2 = new XmlTextReader(reader))
{
if (reader2 == null)
{
goto Label_02F7;
}
reader2.MoveToContent();
reader2.MoveToContent();
reader2.ReadStartElement("webParts");
reader2.ReadStartElement("webPart");
reader2.ReadStartElement("metaData");
string str4 = null;
string path = null;
while (reader2.Name != "type")
{
reader2.Skip();
if (reader2.EOF)
{
throw new EndOfStreamException();
}
}
if (reader2.Name == "type")
{
str4 = reader2.GetAttribute("name");
path = reader2.GetAttribute("src");
}
bool isShared = base.WebPartManager.Personalization.Scope == PersonalizationScope.Shared;
if (!string.IsNullOrEmpty(str4))
{
PermissionSet set2 = new PermissionSet(PermissionState.None);
set2.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set2.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
CodeAccessPermission.RevertPermitOnly();
flag = false;
set2.PermitOnly();
flag = true;
Type type = WebPartUtil.DeserializeType(str4, true);
CodeAccessPermission.RevertPermitOnly();
flag = false;
set.PermitOnly();
flag = true;
if (!base.WebPartManager.IsAuthorized(type, null, null, isShared))
{
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType");
}
else
{
if (type.IsSubclassOf(typeof(WebPart)) || type.IsSubclassOf(typeof(Control)))
{
goto Label_02DD;
}
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_TypeMustDeriveFromControl");
}
}
else
{
if (base.WebPartManager.IsAuthorized(typeof(UserControl), path, null, isShared))
{
goto Label_02DD;
}
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType");
}
return;
Label_021E:
reader2.Read();
Label_0226:
if (!reader2.EOF && ((reader2.NodeType != XmlNodeType.Element) || !(reader2.Name == "property")))
{
goto Label_021E;
}
if (reader2.EOF)
{
goto Label_02F7;
}
string attribute = reader2.GetAttribute("name");
if (attribute == "Title")
{
str = reader2.ReadElementString();
}
else if (attribute == "Description")
{
description = reader2.ReadElementString();
}
else if (attribute == "CatalogIconImageUrl")
{
string s = reader2.ReadElementString().Trim();
if (!CrossSiteScriptingValidation.IsDangerousUrl(s))
{
imageUrl = s;
}
}
else
{
reader2.Read();
goto Label_02DD;
}
if (((str != null) && (description != null)) && (imageUrl != null))
{
goto Label_02F7;
}
reader2.Read();
Label_02DD:
if (!reader2.EOF)
{
goto Label_0226;
}
}
Label_02F7:
if (string.IsNullOrEmpty(str))
{
str = System.Web.SR.GetString("Part_Untitled");
}
this._availableWebPartDescriptions = new WebPartDescriptionCollection(new WebPartDescription[] { new WebPartDescription("ImportedWebPart", str, description, imageUrl) });
}
}
catch (XmlException)
{
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ImportInvalidFormat");
}
catch
{
this._importErrorMessage = !string.IsNullOrEmpty(this._importErrorMessage) ? this._importErrorMessage : System.Web.SR.GetString("WebPart_DefaultImportErrorMessage");
}
finally
{
if (flag)
{
CodeAccessPermission.RevertPermitOnly();
}
}
}
catch
{
throw;
}
}
}
}
private void CreateAvailableWebPartDescriptions()
{
if (_availableWebPartDescriptions != null)
{
return;
}
if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription))
{
_availableWebPartDescriptions = new WebPartDescriptionCollection();
return;
}
// Run in minimal trust
PermissionSet pset = new PermissionSet(PermissionState.None);
// add in whatever perms are appropriate
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
pset.PermitOnly();
bool permitOnly = true;
string title = null;
string description = null;
string icon = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
// Get the WebPart description from its saved XML description.
using (StringReader sr = new StringReader(_importedPartDescription)) {
using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) {
if (reader != null)
{
reader.MoveToContent();
// Check if imported part is authorized
// Get to the metadata
reader.MoveToContent();
reader.ReadStartElement(WebPartManager.ExportRootElement);
reader.ReadStartElement(WebPartManager.ExportPartElement);
reader.ReadStartElement(WebPartManager.ExportMetaDataElement);
// Get the type name
string partTypeName = null;
string userControlTypeName = null;
while (reader.Name != WebPartManager.ExportTypeElement)
{
reader.Skip();
if (reader.EOF)
{
throw new EndOfStreamException();
}
}
if (reader.Name == WebPartManager.ExportTypeElement)
{
partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute);
userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute);
}
// If we are in shared scope, we are importing a shared WebPart
bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared);
if (!String.IsNullOrEmpty(partTypeName))
{
// Need medium trust to call BuildManager.GetType()
PermissionSet mediumPset = new PermissionSet(PermissionState.None);
mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
mediumPset.PermitOnly();
permitOnly = true;
Type partType = WebPartUtil.DeserializeType(partTypeName, true);
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
pset.PermitOnly();
permitOnly = true;
// First check if the type is authorized
if (!WebPartManager.IsAuthorized(partType, null, null, isShared))
{
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
// If the type is not a webpart, create a generic Web Part
if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control)))
{
// We only allow for Controls (VSWhidbey 428511)
_importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl);
return;
}
}
else
{
// Check if the path is authorized
if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared))
{
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
}
while (!reader.EOF)
{
while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element &&
reader.Name == WebPartManager.ExportPropertyElement))
{
reader.Read();
}
if (reader.EOF)
{
break;
}
string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute);
if (name == TitlePropertyName)
{
title = reader.ReadElementString();
}
else if (name == DescriptionPropertyName)
{
description = reader.ReadElementString();
}
else if (name == IconPropertyName)
{
string url = reader.ReadElementString().Trim();
if (!CrossSiteScriptingValidation.IsDangerousUrl(url))
{
icon = url;
}
}
else
{
reader.Read();
continue;
}
if (title != null && description != null && icon != null)
{
break;
}
reader.Read();
}
}
}
if (String.IsNullOrEmpty(title))
{
title = SR.GetString(SR.Part_Untitled);
}
_availableWebPartDescriptions = new WebPartDescriptionCollection(
new WebPartDescription[] { new WebPartDescription(ImportedWebPartID, title, description, icon) });
}
}
catch (XmlException) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat);
return;
}
catch {
_importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ?
_importErrorMessage :
SR.GetString(SR.WebPart_DefaultImportErrorMessage);
return;
}
finally {
if (permitOnly)
{
// revert if you're not just exiting the stack frame anyway
CodeAccessPermission.RevertPermitOnly();
}
}
}
catch {
throw;
}
}
private void LoadAvailableWebParts()
{
ArrayList descriptions = new ArrayList();
if (this.WebPartsTemplate != null)
{
Control container = new NonParentingControl();
this.WebPartsTemplate.InstantiateIn(container);
if (container.HasControls())
{
Control[] array = new Control[container.Controls.Count];
container.Controls.CopyTo(array, 0);
foreach (Control control2 in array)
{
this.AddControlToDescriptions(control2, descriptions);
}
}
}
string webPartsListUserControlPath = this.WebPartsListUserControlPath;
if (!string.IsNullOrEmpty(webPartsListUserControlPath) && !base.DesignMode)
{
Control control3 = this.Page.LoadControl(webPartsListUserControlPath);
if ((control3 != null) && control3.HasControls())
{
Control[] controlArray2 = new Control[control3.Controls.Count];
control3.Controls.CopyTo(controlArray2, 0);
foreach (Control control4 in controlArray2)
{
this.AddControlToDescriptions(control4, descriptions);
}
}
}
this._descriptions = new WebPartDescriptionCollection(descriptions);
}
private void OnWebPartsChanged(object sender, WebPartEventArgs e)
{
// Invalidate cache
_availableWebPartDescriptions = null;
}
public override WebPartDescriptionCollection GetAvailableWebPartDescriptions()
{
Collection<WebPartDescription> colDescriptions = new Collection<WebPartDescription>();
SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
if (siteSettings != null)
{
using (IDataReader reader = WebPartContent.GetMostPopular
(siteSettings.SiteId, WebConfigSettings.NumberOfWebPartsToShowInMiniCatalog))
{
while (reader.Read())
{
bool allowMultipleInstances = Convert.ToBoolean(reader["AllowMultipleInstancesOnMyPage"]);
bool isAssembly = Convert.ToBoolean(reader["IsAssembly"]);
String moduleIcon = reader["ModuleIcon"].ToString();
String featureIcon = reader["FeatureIcon"].ToString();
String imageUrl = featureIcon;
if (moduleIcon.Length > 0)
{
imageUrl = moduleIcon;
}
if (imageUrl.Length > 0)
{
imageUrl = Page.ResolveUrl("~/Data/SiteImages/FeatureIcons/" + imageUrl);
}
WebPartDescription wpDescription;
if (isAssembly)
{
wpDescription
= new WebPartDescription(
reader["WebPartID"].ToString(),
reader["ModuleTitle"].ToString(),
ResourceHelper.GetResourceString(reader["ResourceFile"].ToString(), reader["FeatureName"].ToString()),
imageUrl);
}
else
{
wpDescription
= new WebPartDescription(
reader["ModuleID"].ToString(),
reader["ModuleTitle"].ToString(),
ResourceHelper.GetResourceString(reader["ResourceFile"].ToString(), reader["FeatureName"].ToString()),
imageUrl);
}
if (allowMultipleInstances)
{
colDescriptions.Add(wpDescription);
}
else
{
if (!PageHasPart(wpDescription.Title, wpDescription.Description))
{
colDescriptions.Add(wpDescription);
}
}
}
}
}
WebPartDescriptionCollection wpdCollection
= new WebPartDescriptionCollection(colDescriptions);
return wpdCollection;
}
