internal void AddWebPartsFromZone(WebPartZoneBase zone, WebPartCollection webParts) { if ((webParts != null) && (webParts.Count != 0)) { string errorMsg = base.SetCollectionReadOnly(null); try { try { string iD = zone.ID; int zoneIndex = 0; foreach (WebPart part in webParts) { this._manager.Internals.SetIsShared(part, true); WebPart webPart = part; if (!this._manager.IsAuthorized(part)) { webPart = new UnauthorizedWebPart(part); } this._manager.Internals.SetIsStatic(webPart, true); this._manager.Internals.SetIsShared(webPart, true); this._manager.Internals.SetZoneID(webPart, iD); this._manager.Internals.SetZoneIndex(webPart, zoneIndex); this.AddWebPartHelper(webPart); zoneIndex++; } } finally { base.SetCollectionReadOnly(errorMsg); } } catch { throw; } } }
internal void AddWebPartsFromZone(WebPartZoneBase zone, WebPartCollection webParts) { if ((webParts != null) && (webParts.Count != 0)) { string originalError = SetCollectionReadOnly(null); // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { string zoneID = zone.ID; int index = 0; foreach (WebPart webPart in webParts) { // Need to set IsShared before calling IsAuthorized _manager.Internals.SetIsShared(webPart, true); WebPart webPartOrProxy = webPart; if (!_manager.IsAuthorized(webPart)) { webPartOrProxy = new UnauthorizedWebPart(webPart); } _manager.Internals.SetIsStatic(webPartOrProxy, true); _manager.Internals.SetIsShared(webPartOrProxy, true); _manager.Internals.SetZoneID(webPartOrProxy, zoneID); _manager.Internals.SetZoneIndex(webPartOrProxy, index); AddWebPartHelper(webPartOrProxy); index++; } } finally { SetCollectionReadOnly(originalError); } } catch { throw; } } }
private void LoadDynamicWebPart(string id, string typeName, string path, string genericWebPartID, bool isShared) { WebPart webPart = null; Type type = WebPartUtil.DeserializeType(typeName, false); if (type == null) { string str; if ((this.Context != null) && this.Context.IsCustomErrorEnabled) { str = System.Web.SR.GetString("WebPartManager_ErrorLoadingWebPartType"); } else { str = System.Web.SR.GetString("Invalid_type", new object[] { typeName }); } webPart = this.CreateErrorWebPart(id, typeName, path, genericWebPartID, str); } else if (type.IsSubclassOf(typeof(WebPart))) { string authorizationFilter = this.Personalization.GetAuthorizationFilter(id); if (this.IsAuthorized(type, null, authorizationFilter, isShared)) { try { webPart = (WebPart) this.Internals.CreateObjectFromType(type); webPart.ID = id; } catch { string str3; if ((this.Context != null) && this.Context.IsCustomErrorEnabled) { str3 = System.Web.SR.GetString("WebPartManager_CantCreateInstance"); } else { str3 = System.Web.SR.GetString("WebPartManager_CantCreateInstanceWithType", new object[] { typeName }); } webPart = this.CreateErrorWebPart(id, typeName, path, genericWebPartID, str3); } } else { webPart = new UnauthorizedWebPart(id, typeName, path, genericWebPartID); } } else if (type.IsSubclassOf(typeof(Control))) { string str4 = this.Personalization.GetAuthorizationFilter(genericWebPartID); if (this.IsAuthorized(type, path, str4, isShared)) { Control control = null; try { if (!string.IsNullOrEmpty(path)) { control = this.Page.LoadControl(path); } else { control = (Control) this.Internals.CreateObjectFromType(type); } control.ID = id; webPart = this.CreateWebPart(control); webPart.ID = genericWebPartID; } catch { string str5; if ((control == null) && string.IsNullOrEmpty(path)) { if ((this.Context != null) && this.Context.IsCustomErrorEnabled) { str5 = System.Web.SR.GetString("WebPartManager_CantCreateInstance"); } else { str5 = System.Web.SR.GetString("WebPartManager_CantCreateInstanceWithType", new object[] { typeName }); } } else if (control == null) { if ((this.Context != null) && this.Context.IsCustomErrorEnabled) { str5 = System.Web.SR.GetString("WebPartManager_InvalidPath"); } else { str5 = System.Web.SR.GetString("WebPartManager_InvalidPathWithPath", new object[] { path }); } } else { str5 = System.Web.SR.GetString("WebPartManager_CantCreateGeneric"); } webPart = this.CreateErrorWebPart(id, typeName, path, genericWebPartID, str5); } } else { webPart = new UnauthorizedWebPart(id, typeName, path, genericWebPartID); } } else { string str6; if ((this.Context != null) && this.Context.IsCustomErrorEnabled) { str6 = System.Web.SR.GetString("WebPartManager_TypeMustDeriveFromControl"); } else { str6 = System.Web.SR.GetString("WebPartManager_TypeMustDeriveFromControlWithType", new object[] { typeName }); } webPart = this.CreateErrorWebPart(id, typeName, path, genericWebPartID, str6); } this.Internals.SetIsStatic(webPart, false); this.Internals.SetIsShared(webPart, isShared); this.Internals.AddWebPart(webPart); }
private void LoadDynamicWebPart(string id, string typeName, string path, string genericWebPartID, bool isShared) { WebPart dynamicWebPart = null; Type type = WebPartUtil.DeserializeType(typeName, false); if (type == null) { string errorMessage; if (Context != null && Context.IsCustomErrorEnabled) { errorMessage = SR.GetString(SR.WebPartManager_ErrorLoadingWebPartType); } else { errorMessage = SR.GetString(SR.Invalid_type, typeName); } dynamicWebPart = CreateErrorWebPart(id, typeName, path, genericWebPartID, errorMessage); } else if (type.IsSubclassOf(typeof(WebPart))) { string authorizationFilter = Personalization.GetAuthorizationFilter(id); if (IsAuthorized(type, null, authorizationFilter, isShared)) { try { dynamicWebPart = (WebPart)Internals.CreateObjectFromType(type); dynamicWebPart.ID = id; } catch { // If custom errors are enabled, we do not want to render the type name to the browser. // (VSWhidbey 381646) string errorMessage; if (Context != null && Context.IsCustomErrorEnabled) { errorMessage = SR.GetString(SR.WebPartManager_CantCreateInstance); } else { errorMessage = SR.GetString(SR.WebPartManager_CantCreateInstanceWithType, typeName); } dynamicWebPart = CreateErrorWebPart(id, typeName, path, genericWebPartID, errorMessage); } } else { dynamicWebPart = new UnauthorizedWebPart(id, typeName, path, genericWebPartID); } } else if (type.IsSubclassOf(typeof(Control))) { string authorizationFilter = Personalization.GetAuthorizationFilter(genericWebPartID); if (IsAuthorized(type, path, authorizationFilter, isShared)) { Control childControl = null; try { if (!String.IsNullOrEmpty(path)) { Debug.Assert(type == typeof(UserControl)); childControl = Page.LoadControl(path); } else { childControl = (Control)Internals.CreateObjectFromType(type); } childControl.ID = id; dynamicWebPart = CreateWebPart(childControl); dynamicWebPart.ID = genericWebPartID; } catch { string errorMessage; if (childControl == null && String.IsNullOrEmpty(path)) { if (Context != null && Context.IsCustomErrorEnabled) { errorMessage = SR.GetString(SR.WebPartManager_CantCreateInstance); } else { errorMessage = SR.GetString(SR.WebPartManager_CantCreateInstanceWithType, typeName); } } else if (childControl == null) { if (Context != null && Context.IsCustomErrorEnabled) { errorMessage = SR.GetString(SR.WebPartManager_InvalidPath); } else { errorMessage = SR.GetString(SR.WebPartManager_InvalidPathWithPath, path); } } else { errorMessage = SR.GetString(SR.WebPartManager_CantCreateGeneric); } dynamicWebPart = CreateErrorWebPart(id, typeName, path, genericWebPartID, errorMessage); } } else { dynamicWebPart = new UnauthorizedWebPart(id, typeName, path, genericWebPartID); } } else { // Type is not a subclass of Control. For security, do not even instantiate // the type (VSWhidbey 428511). string errorMessage; if (Context != null && Context.IsCustomErrorEnabled) { errorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl); } else { errorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControlWithType, typeName); } dynamicWebPart = CreateErrorWebPart(id, typeName, path, genericWebPartID, errorMessage); } Debug.Assert(dynamicWebPart != null); Internals.SetIsStatic(dynamicWebPart, false); Internals.SetIsShared(dynamicWebPart, isShared); Internals.AddWebPart(dynamicWebPart); }