Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #247 from 0xLanks/fix-security-issues
Fixed security issues
  • Loading branch information
rxtur committed May 6, 2022
2 parents 11b9f17 + 035bc37 commit 7f92756
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 6 deletions.
Expand Up @@ -53,13 +53,15 @@ public string XmlData
/// <summary>
/// Gets an XmlReader that converts BlogML data saved as string into XML stream
/// </summary>
private XmlTextReader XmlReader
private XmlReader XmlReader
{
get
{
var byteArray = Encoding.UTF8.GetBytes(this.xmlData);
var stream = new MemoryStream(byteArray);
return new XmlTextReader(stream);
XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = null;
return XmlReader.Create(stream, settings);
}
}

Expand Down
18 changes: 14 additions & 4 deletions BlogEngine/BlogEngine.NET/AppCode/Api/FileManagerController.cs
@@ -1,4 +1,5 @@
using BlogEngine.Core.Data.Contracts;
using BlogEngine.Core;
using BlogEngine.Core.Data.Contracts;
using BlogEngine.Core.FileSystem;
using BlogEngine.Core.Providers;
using System;
Expand All @@ -24,6 +25,11 @@ public IEnumerable<FileInstance> Get(int take = 10, int skip = 0, string path =
[HttpPut]
public HttpResponseMessage ProcessChecked([FromBody]List<FileInstance> items)
{
if (!Security.IsAdministrator)
{
throw new UnauthorizedAccessException();
}

if (items == null || items.Count == 0)
throw new HttpResponseException(HttpStatusCode.ExpectationFailed);

Expand All @@ -36,10 +42,10 @@ public HttpResponseMessage ProcessChecked([FromBody]List<FileInstance> items)
if (item.IsChecked)
{
if(item.FileType == FileType.File || item.FileType == FileType.Image)
BlogService.DeleteFile(item.FullPath);
BlogService.DeleteFile(Extensions.SanitizePath(item.FullPath));

if (item.FileType == FileType.Directory)
BlogService.DeleteDirectory(item.FullPath);
BlogService.DeleteDirectory(Extensions.SanitizePath(item.FullPath));
}
}
}
Expand All @@ -49,7 +55,11 @@ public HttpResponseMessage ProcessChecked([FromBody]List<FileInstance> items)
[HttpPut]
public HttpResponseMessage AddFolder(FileInstance folder)
{
BlogService.CreateDirectory(folder.FullPath + "/" + folder.Name);
if (!Security.IsAdministrator)
{
throw new UnauthorizedAccessException();
}
BlogService.CreateDirectory(Extensions.SanitizePath(folder.FullPath) + "/" + Extensions.SanitizePath(folder.Name));
return Request.CreateResponse(HttpStatusCode.OK);
}

Expand Down
13 changes: 13 additions & 0 deletions BlogEngine/BlogEngine.NET/Global.asax
Expand Up @@ -12,4 +12,17 @@
{
BlogEngineConfig.SetCulture(sender, e);
}
protected void Application_PreSendRequestHeaders ()
{
var httpContext = HttpContext.Current;
if (httpContext != null) {
var cookieValueSuffix = "; SameSite=Strict";
var cookies = httpContext.Response.Cookies;
for (var i = 0; i < cookies.Count; i++)
{
var cookie = cookies[i]; cookie.Value += cookieValueSuffix;
}
}
}
</script>

0 comments on commit 7f92756

Please sign in to comment.