Use JsonSerializer instead of insecure BinaryFormatter in TransferDataSource.
This commit is contained in:
Sevo Kukol
Родитель
7b48e86377
Коммит
327e01eb0b
|
|
@ -79,7 +79,7 @@ namespace Xwt.GtkBackend
|
|||
data.SetUris(new string[] { ((Uri)val).AbsolutePath });
|
||||
else {
|
||||
var at = Gdk.Atom.Intern (atomType, false);
|
||||
data.Set (at, 0, TransferDataSource.SerializeValue (val));
|
||||
data.Set (at, 0, TransferDataSource.SerializeValue (val, val.GetType()));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -373,7 +373,7 @@ namespace Xwt.WPFBackend
|
|||
uris.Add (((Uri)value).LocalPath);
|
||||
retval.SetFileDropList (uris);
|
||||
} else
|
||||
retval.SetData (type.Id, TransferDataSource.SerializeValue (value));
|
||||
retval.SetData (type.Id, TransferDataSource.SerializeValue (value, value.GetType()));
|
||||
}
|
||||
|
||||
return retval;
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ namespace Xwt.Mac
|
|||
var bytes = new byte [data.Length];
|
||||
using (var stream = new UnmanagedMemoryStream ((byte*)data.Bytes, bytes.Length))
|
||||
stream.Read (bytes, 0, bytes.Length);
|
||||
return TransferDataSource.DeserializeValue (bytes);
|
||||
return TransferDataSource.DeserializeValue (bytes, Type.GetType (type.Id));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -121,7 +121,7 @@ namespace Xwt.Mac
|
|||
else if (obj is string)
|
||||
data = NSData.FromString ((string)obj);
|
||||
else
|
||||
data = NSData.FromArray (TransferDataSource.SerializeValue (obj));
|
||||
data = NSData.FromArray (TransferDataSource.SerializeValue (obj, obj.GetType()));
|
||||
pboard.SetDataForType (data, type);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -968,7 +968,7 @@ namespace Xwt.Mac
|
|||
else {
|
||||
// For internal types, provided serialized data
|
||||
object value = dataSource.GetValue(transferDataType);
|
||||
NSData serializedData = NSData.FromArray(TransferDataSource.SerializeValue(value));
|
||||
NSData serializedData = NSData.FromArray(TransferDataSource.SerializeValue(value, value.GetType()));
|
||||
pasteboard.SetDataForType(serializedData, type);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ namespace Xwt.Backends
|
|||
{
|
||||
Type t = Type.GetType (type.Id);
|
||||
if (t != null)
|
||||
data [type] = TransferDataSource.DeserializeValue (value);
|
||||
data [type] = TransferDataSource.DeserializeValue (value, t);
|
||||
else
|
||||
data [type] = value;
|
||||
}
|
||||
|
|
@ -119,7 +119,7 @@ namespace Xwt.Backends
|
|||
if (ob == null || ob.GetType () == typeof(Type))
|
||||
return (T) ob;
|
||||
if (ob is byte[]) {
|
||||
T val = (T) TransferDataSource.DeserializeValue ((byte[])ob);
|
||||
T val = (T) TransferDataSource.DeserializeValue ((byte[])ob, typeof(T));
|
||||
data[TransferDataType.FromType (typeof(T))] = val;
|
||||
return val;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,6 +34,9 @@ The framework consists of the frontend (Xwt core) and platform specific backends
|
|||
<None Include="..\LICENSE.txt" Pack="true" PackagePath="" />
|
||||
<None Include="..\README.markdown" Pack="true" PackagePath="" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="System.Text.Json" Version="7.0.2" />
|
||||
</ItemGroup>
|
||||
<ProjectExtensions>
|
||||
<MonoDevelop>
|
||||
<Properties>
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ using System.IO;
|
|||
using System.Runtime.Serialization.Formatters.Binary;
|
||||
using Xwt.Drawing;
|
||||
using Xwt.Backends;
|
||||
|
||||
using System.Text.Json;
|
||||
|
||||
namespace Xwt
|
||||
{
|
||||
|
|
@ -138,32 +138,25 @@ namespace Xwt
|
|||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Serializes a value to a byte array using <see cref="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"/> .
|
||||
/// Serializes a value to a byte array using <see cref="System.Text.Json.JsonSerializer"/> .
|
||||
/// </summary>
|
||||
/// <returns>The serialized value.</returns>
|
||||
/// <param name="val">The value to serialize.</param>
|
||||
public static byte[] SerializeValue (object val)
|
||||
public static byte[] SerializeValue (object val, Type type)
|
||||
{
|
||||
using (MemoryStream ms = new MemoryStream ()) {
|
||||
BinaryFormatter bf = new BinaryFormatter ();
|
||||
bf.Serialize (ms, val);
|
||||
return ms.ToArray ();
|
||||
}
|
||||
return JsonSerializer.SerializeToUtf8Bytes (val, type);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Deserializes a value from a byte array.
|
||||
/// </summary>
|
||||
/// <returns>The deserialized value.</returns>
|
||||
/// <param name="data">The byte array containing the serialized value.</param>
|
||||
public static object DeserializeValue (byte[] data)
|
||||
/// <param name="data">The byte array containing the Utf8 Json serialized value.</param>
|
||||
public static object DeserializeValue (byte[] data, Type type)
|
||||
{
|
||||
using (MemoryStream ms = new MemoryStream (data)) {
|
||||
BinaryFormatter bf = new BinaryFormatter ();
|
||||
return bf.Deserialize (ms);
|
||||
}
|
||||
return JsonSerializer.Deserialize (data, type);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче