/// <summary> /// Returns business card file that corresponds to path. /// </summary> /// <param name="context">Instance of <see cref="DavContext"/></param> /// <param name="path">Encoded path relative to WebDAV root.</param> /// <returns>CardFile instance or null if not found.</returns> public static CardFile GetCardFile(DavContext context, string path) { string pattern = string.Format(@"^/?{0}/(?<user_name>[^/]+)/(?<addressbook_name>[^/]+)/(?<file_name>[^/]+\.vcf)$", AddressbooksRootFolder.AddressbooksRootFolderPath.Trim(new char[] { '/' }).Replace("/", "/?")); if (!Regex.IsMatch(path, pattern)) { return(null); } FileInfo file = new FileInfo(context.MapPath(path)); if (!file.Exists) { return(null); } return(new CardFile(file, context, path)); }
/// <summary> /// Returns calendar folder that corresponds to path. /// </summary> /// <param name="context">Instance of <see cref="DavContext"/></param> /// <param name="path">Encoded path relative to WebDAV root.</param> /// <returns>CalendarFolder instance or null if not found.</returns> public static CalendarFolder GetCalendarFolder(DavContext context, string path) { string pattern = string.Format("^/?{0}/(?<user_name>[^/]+)/(?<calendar_name>[^/]+)/?", CalendarsRootFolder.CalendarsRootFolderPath.Trim(new char[] { '/' }).Replace("/", "/?")); if (!Regex.IsMatch(path, pattern)) { return(null); } string folderPath = context.MapPath(path).TrimEnd(System.IO.Path.DirectorySeparatorChar); DirectoryInfo folder = new DirectoryInfo(folderPath); // to block vulnerability when "%20" folder can be injected into path and folder.Exists returns 'true' if (!folder.Exists || String.Compare(folder.FullName.TrimEnd(System.IO.Path.DirectorySeparatorChar), folderPath, StringComparison.OrdinalIgnoreCase) != 0) { return(null); } return(new CalendarFolder(folder, context, path)); }