From aa1ce28a67fa41c75c189c4f9212fd0524a00d66 Mon Sep 17 00:00:00 2001 From: Marek Habersack Date: Fri, 26 Feb 2010 18:27:37 +0000 Subject: [PATCH] 2010-02-26 Marek Habersack * tools/asp_state/asp-state4.exe.config: modifed to load types from System.Web 4.0.0 * src/Mono.WebServer/InitialWorkerRequest.cs: do not decode paths before passing them to GetSafePath. Fixes bug #581594 svn path=/trunk/xsp/; revision=152564 --- ChangeLog | 8 ++++++++ src/Mono.WebServer/InitialWorkerRequest.cs | 3 +-- tools/asp_state/asp-state4.exe.config | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 297bb55..6c1fbd0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2010-02-26 Marek Habersack + + * tools/asp_state/asp-state4.exe.config: modifed to load types + from System.Web 4.0.0 + + * src/Mono.WebServer/InitialWorkerRequest.cs: do not decode paths + before passing them to GetSafePath. Fixes bug #581594 + 2010-02-16 Marek Habersack * src/Mono.WebServer.Apache/ModMonoRequest.cs: FillBuffer makes diff --git a/src/Mono.WebServer/InitialWorkerRequest.cs b/src/Mono.WebServer/InitialWorkerRequest.cs index c231f83..adc91f9 100644 --- a/src/Mono.WebServer/InitialWorkerRequest.cs +++ b/src/Mono.WebServer/InitialWorkerRequest.cs @@ -241,8 +241,7 @@ namespace Mono.WebServer queryString = path.Substring (qmark + 1); path = path.Substring (0, qmark); } - - path = HttpUtility.UrlDecode (path); + path = GetSafePath (path); if (path.StartsWith ("/~/")) { // Not sure about this. It makes request such us /~/dir/file work diff --git a/tools/asp_state/asp-state4.exe.config b/tools/asp_state/asp-state4.exe.config index e374033..275a016 100644 --- a/tools/asp_state/asp-state4.exe.config +++ b/tools/asp_state/asp-state4.exe.config @@ -4,7 +4,7 @@