protected ProxyWebPart(WebPart webPart)
{
if (webPart == null)
{
throw new ArgumentNullException("webPart");
}
GenericWebPart genericWebPart = webPart as GenericWebPart;
if (genericWebPart != null)
{
Control childControl = genericWebPart.ChildControl;
if (childControl == null)
{
throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNull, "ChildControl"), "webPart");
}
_originalID = childControl.ID;
if (String.IsNullOrEmpty(_originalID))
{
throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNullOrEmptyString, "ChildControl.ID"), "webPart");
}
Type originalType;
UserControl childUserControl = childControl as UserControl;
if (childUserControl != null)
{
originalType = typeof(UserControl);
_originalPath = childUserControl.AppRelativeVirtualPath;
}
else
{
originalType = childControl.GetType();
}
_originalTypeName = WebPartUtil.SerializeType(originalType);
_genericWebPartID = genericWebPart.ID;
if (String.IsNullOrEmpty(_genericWebPartID))
{
throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNullOrEmptyString, "ID"), "webPart");
}
ID = _genericWebPartID;
}
else
{
_originalID = webPart.ID;
if (String.IsNullOrEmpty(_originalID))
{
throw new ArgumentException(SR.GetString(SR.PropertyCannotBeNullOrEmptyString, "ID"), "webPart");
}
_originalTypeName = WebPartUtil.SerializeType(webPart.GetType());
ID = _originalID;
}
}
protected ProxyWebPart(WebPart webPart)
{
if (webPart == null)
{
throw new ArgumentNullException("webPart");
}
GenericWebPart part = webPart as GenericWebPart;
if (part != null)
{
Type type;
Control childControl = part.ChildControl;
if (childControl == null)
{
throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNull", new object[] { "ChildControl" }), "webPart");
}
this._originalID = childControl.ID;
if (string.IsNullOrEmpty(this._originalID))
{
throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNullOrEmptyString", new object[] { "ChildControl.ID" }), "webPart");
}
UserControl control2 = childControl as UserControl;
if (control2 != null)
{
type = typeof(UserControl);
this._originalPath = control2.AppRelativeVirtualPath;
}
else
{
type = childControl.GetType();
}
this._originalTypeName = WebPartUtil.SerializeType(type);
this._genericWebPartID = part.ID;
if (string.IsNullOrEmpty(this._genericWebPartID))
{
throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNullOrEmptyString", new object[] { "ID" }), "webPart");
}
this.ID = this._genericWebPartID;
}
else
{
this._originalID = webPart.ID;
if (string.IsNullOrEmpty(this._originalID))
{
throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNullOrEmptyString", new object[] { "ID" }), "webPart");
}
this._originalTypeName = WebPartUtil.SerializeType(webPart.GetType());
this.ID = this._originalID;
}
}
static ProviderConnectionPoint()
{
ConstructorInfo constructor = typeof(ProviderConnectionPoint).GetConstructors()[0];
ConstructorTypes = WebPartUtil.GetTypesForConstructor(constructor);
}
public object CreateObjectFromType(Type type)
{
return(WebPartUtil.CreateObjectFromType(type));
}
private void CreateAvailableWebPartDescriptions()
{
if (_availableWebPartDescriptions != null)
{
return;
}
if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription))
{
_availableWebPartDescriptions = new WebPartDescriptionCollection();
return;
}
// Run in minimal trust
PermissionSet pset = new PermissionSet(PermissionState.None);
// add in whatever perms are appropriate
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
pset.PermitOnly();
bool permitOnly = true;
string title = null;
string description = null;
string icon = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
// Get the WebPart description from its saved XML description.
using (StringReader sr = new StringReader(_importedPartDescription)) {
using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) {
if (reader != null)
{
reader.MoveToContent();
// Check if imported part is authorized
// Get to the metadata
reader.MoveToContent();
reader.ReadStartElement(WebPartManager.ExportRootElement);
reader.ReadStartElement(WebPartManager.ExportPartElement);
reader.ReadStartElement(WebPartManager.ExportMetaDataElement);
// Get the type name
string partTypeName = null;
string userControlTypeName = null;
while (reader.Name != WebPartManager.ExportTypeElement)
{
reader.Skip();
if (reader.EOF)
{
throw new EndOfStreamException();
}
}
if (reader.Name == WebPartManager.ExportTypeElement)
{
partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute);
userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute);
}
// If we are in shared scope, we are importing a shared WebPart
bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared);
if (!String.IsNullOrEmpty(partTypeName))
{
// Need medium trust to call BuildManager.GetType()
PermissionSet mediumPset = new PermissionSet(PermissionState.None);
mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
mediumPset.PermitOnly();
permitOnly = true;
Type partType = WebPartUtil.DeserializeType(partTypeName, true);
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
pset.PermitOnly();
permitOnly = true;
// First check if the type is authorized
if (!WebPartManager.IsAuthorized(partType, null, null, isShared))
{
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
// If the type is not a webpart, create a generic Web Part
if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control)))
{
// We only allow for Controls (VSWhidbey 428511)
_importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl);
return;
}
}
else
{
// Check if the path is authorized
if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared))
{
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
}
while (!reader.EOF)
{
while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element &&
reader.Name == WebPartManager.ExportPropertyElement))
{
reader.Read();
}
if (reader.EOF)
{
break;
}
string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute);
if (name == TitlePropertyName)
{
title = reader.ReadElementString();
}
else if (name == DescriptionPropertyName)
{
description = reader.ReadElementString();
}
else if (name == IconPropertyName)
{
string url = reader.ReadElementString().Trim();
if (!CrossSiteScriptingValidation.IsDangerousUrl(url))
{
icon = url;
}
}
else
{
reader.Read();
continue;
}
if (title != null && description != null && icon != null)
{
break;
}
reader.Read();
}
}
}
if (String.IsNullOrEmpty(title))
{
title = SR.GetString(SR.Part_Untitled);
}
_availableWebPartDescriptions = new WebPartDescriptionCollection(
new WebPartDescription[] { new WebPartDescription(ImportedWebPartID, title, description, icon) });
}
}
catch (XmlException) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat);
return;
}
catch {
_importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ?
_importErrorMessage :
SR.GetString(SR.WebPart_DefaultImportErrorMessage);
return;
}
finally {
if (permitOnly)
{
// revert if you're not just exiting the stack frame anyway
CodeAccessPermission.RevertPermitOnly();
}
}
}
catch {
throw;
}
}
private void CreateAvailableWebPartDescriptions()
{
if (this._availableWebPartDescriptions == null)
{
if ((base.WebPartManager == null) || string.IsNullOrEmpty(this._importedPartDescription))
{
this._availableWebPartDescriptions = new WebPartDescriptionCollection();
}
else
{
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
set.PermitOnly();
bool flag = true;
string str = null;
string description = null;
string imageUrl = null;
try
{
try
{
using (StringReader reader = new StringReader(this._importedPartDescription))
{
using (XmlTextReader reader2 = new XmlTextReader(reader))
{
if (reader2 == null)
{
goto Label_02F7;
}
reader2.MoveToContent();
reader2.MoveToContent();
reader2.ReadStartElement("webParts");
reader2.ReadStartElement("webPart");
reader2.ReadStartElement("metaData");
string str4 = null;
string path = null;
while (reader2.Name != "type")
{
reader2.Skip();
if (reader2.EOF)
{
throw new EndOfStreamException();
}
}
if (reader2.Name == "type")
{
str4 = reader2.GetAttribute("name");
path = reader2.GetAttribute("src");
}
bool isShared = base.WebPartManager.Personalization.Scope == PersonalizationScope.Shared;
if (!string.IsNullOrEmpty(str4))
{
PermissionSet set2 = new PermissionSet(PermissionState.None);
set2.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set2.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
CodeAccessPermission.RevertPermitOnly();
flag = false;
set2.PermitOnly();
flag = true;
Type type = WebPartUtil.DeserializeType(str4, true);
CodeAccessPermission.RevertPermitOnly();
flag = false;
set.PermitOnly();
flag = true;
if (!base.WebPartManager.IsAuthorized(type, null, null, isShared))
{
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType");
}
else
{
if (type.IsSubclassOf(typeof(WebPart)) || type.IsSubclassOf(typeof(Control)))
{
goto Label_02DD;
}
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_TypeMustDeriveFromControl");
}
}
else
{
if (base.WebPartManager.IsAuthorized(typeof(UserControl), path, null, isShared))
{
goto Label_02DD;
}
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ForbiddenType");
}
return;
Label_021E:
reader2.Read();
Label_0226:
if (!reader2.EOF && ((reader2.NodeType != XmlNodeType.Element) || !(reader2.Name == "property")))
{
goto Label_021E;
}
if (reader2.EOF)
{
goto Label_02F7;
}
string attribute = reader2.GetAttribute("name");
if (attribute == "Title")
{
str = reader2.ReadElementString();
}
else if (attribute == "Description")
{
description = reader2.ReadElementString();
}
else if (attribute == "CatalogIconImageUrl")
{
string s = reader2.ReadElementString().Trim();
if (!CrossSiteScriptingValidation.IsDangerousUrl(s))
{
imageUrl = s;
}
}
else
{
reader2.Read();
goto Label_02DD;
}
if (((str != null) && (description != null)) && (imageUrl != null))
{
goto Label_02F7;
}
reader2.Read();
Label_02DD:
if (!reader2.EOF)
{
goto Label_0226;
}
}
Label_02F7:
if (string.IsNullOrEmpty(str))
{
str = System.Web.SR.GetString("Part_Untitled");
}
this._availableWebPartDescriptions = new WebPartDescriptionCollection(new WebPartDescription[] { new WebPartDescription("ImportedWebPart", str, description, imageUrl) });
}
}
catch (XmlException)
{
this._importErrorMessage = System.Web.SR.GetString("WebPartManager_ImportInvalidFormat");
}
catch
{
this._importErrorMessage = !string.IsNullOrEmpty(this._importErrorMessage) ? this._importErrorMessage : System.Web.SR.GetString("WebPart_DefaultImportErrorMessage");
}
finally
{
if (flag)
{
CodeAccessPermission.RevertPermitOnly();
}
}
}
catch
{
throw;
}
}
}
}
