Features.UI: Fixed issue with the BetterImageGallery image handler

Author: ElijahFowler

Web/Components/LinkBuilder.cs

@@ -44,6 +44,11 @@ public LinkBuilder(string url, bool includeSiteRoot = true)
 			(_, siteRootPaths) = ParsePath(siteRootUri.AbsolutePath);
 		}
 
+		if (!includeSiteRoot)
+		{
+			urlAuthority = string.Empty;
+		}
+
 		var cleanUrl = CombinePaths(urlAuthority, [.. siteRootPaths, .. urlPaths]);
 
 		_uri = new(cleanUrl, UriKind.RelativeOrAbsolute);
@@ -304,6 +309,10 @@ private static (string, string[]) ParsePath(string path)
 	{
 		var urlBase = string.Empty;
 
+		path = path
+			.Replace("../", string.Empty)
+			.Replace("..\\", string.Empty);
+
 		// double leading slashes causes Uri to create a file URI e.g.: "file://something", so trim leading slashes
 		if (Uri.TryCreate(path.TrimStart('/'), UriKind.Absolute, out var uri))
 		{

mojoPortal.Features.UI/BetterImageGallery/BetterImageGalleryController.cs

@@ -22,7 +22,7 @@ public IHttpActionResult GetItems([FromUri] string path, int moduleId = -1)
 	[Route("api/BetterImageGallery/imagehandler")]
 	public IHttpActionResult ImageHandler([FromUri] string path)
 	{
-		var imgPath = HttpContext.Current.Server.MapPath("~/Data/systemfiles/BetterImageGalleryCache/" + path);
+		var imgPath = HttpContext.Current.Server.MapPath($"~/Data/systemfiles/BetterImageGalleryCache/{path.ToLinkBuilder(false)}");
 		var fileInfo = new FileInfo(imgPath);
 
 		return !fileInfo.Exists

mojoPortal.Features.UI/BetterImageGallery/LayoutSelector.ascx.cs

@@ -48,7 +48,7 @@ private void EnsureItems()
 			}
 
 			if (ddlLayouts.Items.Count > 0) return;
-			string skinThemesPath = SiteUtils.DetermineSkinBaseUrl(true, Page) + themesPath;
+			string skinThemesPath = new Uri(SiteUtils.DetermineSkinBaseUrl(true, Page) + themesPath,UriKind.Absolute).AbsolutePath;
 
 			List<FileInfo> themeFiles = GetLayouts(skinThemesPath);
 			List<ListItem> items = new List<ListItem>();