From 547f526bf46c5f7eb99069e7720ecf7ca0602899 Mon Sep 17 00:00:00 2001
From: Claudia Murialdo <cmurialdo@genexus.com>
Date: Thu, 11 Aug 2022 16:52:01 -0300
Subject: [PATCH] Avoid External Control of File Name or Path.

---
 dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs b/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs
index ccaf7d06f..f5a154df7 100644
--- a/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs
+++ b/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs
@@ -410,9 +410,9 @@ public GxRestWrapper GetController(HttpContext context, ControllerInfo controlle
 			else
 			{
 				string controllerLower = controller.ToLower();
-				string svcFile = Path.Combine(ContentRootPath, $"{controller}.svc");
+				string svcFile = Path.GetFullPath(Path.Combine(ContentRootPath, $"{controller}.svc"));
 				if (!File.Exists(svcFile))
-					svcFile = Path.Combine(ContentRootPath, $"{controllerLower}.svc");
+					svcFile = Path.GetFullPath(Path.Combine(ContentRootPath, $"{controllerLower}.svc"));
 				if (File.Exists(svcFile))
 				{
 					string[] controllerAssemblyQualifiedName = new string(File.ReadLines(svcFile).First().SkipWhile(c => c != '"')