From cdb171237f9acbc982b5e0bfbeffb4d6ca7b8e9d Mon Sep 17 00:00:00 2001 From: James South Date: Wed, 19 Nov 2014 07:55:53 +0000 Subject: [PATCH] v4.1.2 IImageService now correctly checks if request is valid Former-commit-id: 071b8699c0cbeb17710364fc237eba790522649f Former-commit-id: 6f7a05e3bc703eb4ebb0dcc9195bb0e87c02a592 --- build/NuSpecs/ImageProcessor.Web.nuspec | 2 +- build/build.xml | 2 +- .../HttpModules/ImageProcessingModule.cs | 28 +++++++++---------- .../Properties/AssemblyInfo.cs | 4 +-- src/TestWebsites/MVC/TestImageService.cs | 3 +- 5 files changed, 20 insertions(+), 19 deletions(-) diff --git a/build/NuSpecs/ImageProcessor.Web.nuspec b/build/NuSpecs/ImageProcessor.Web.nuspec index f447c834a..37fd059be 100644 --- a/build/NuSpecs/ImageProcessor.Web.nuspec +++ b/build/NuSpecs/ImageProcessor.Web.nuspec @@ -2,7 +2,7 @@ ImageProcessor.Web - 4.1.1.0 + 4.1.2.0 ImageProcessor.Web James South James South diff --git a/build/build.xml b/build/build.xml index 93173c744..dbd6bebd9 100644 --- a/build/build.xml +++ b/build/build.xml @@ -13,7 +13,7 @@ ImageProcessor Web - 4.1.1.0 + 4.1.2.0 ..\src\ImageProcessor.Web ImageProcessor.Web.csproj diff --git a/src/ImageProcessor.Web/HttpModules/ImageProcessingModule.cs b/src/ImageProcessor.Web/HttpModules/ImageProcessingModule.cs index 2f1c83291..d9fea45c0 100644 --- a/src/ImageProcessor.Web/HttpModules/ImageProcessingModule.cs +++ b/src/ImageProcessor.Web/HttpModules/ImageProcessingModule.cs @@ -328,9 +328,21 @@ namespace ImageProcessor.Web.HttpModules string parts = !string.IsNullOrWhiteSpace(urlParameters) ? "?" + urlParameters : string.Empty; string fullPath = string.Format("{0}{1}?{2}", requestPath, parts, queryString); + object resourcePath; + + if (hasMultiParams) + { + resourcePath = string.IsNullOrWhiteSpace(urlParameters) + ? new Uri(requestPath, UriKind.RelativeOrAbsolute) + : new Uri(requestPath + "?" + urlParameters, UriKind.RelativeOrAbsolute); + } + else + { + resourcePath = requestPath; + } // Check whether the path is valid for other requests. - if (!isFileLocal && !currentService.IsValidRequest(requestPath + "?" + urlParameters)) + if (resourcePath == null || !currentService.IsValidRequest(resourcePath.ToString())) { return; } @@ -375,19 +387,7 @@ namespace ImageProcessor.Web.HttpModules { using (await this.locker.LockAsync(cachedPath)) { - byte[] imageBuffer; - - if (hasMultiParams) - { - Uri uri = string.IsNullOrWhiteSpace(urlParameters) - ? new Uri(requestPath, UriKind.RelativeOrAbsolute) - : new Uri(requestPath + "?" + urlParameters, UriKind.RelativeOrAbsolute); - imageBuffer = await currentService.GetImage(uri); - } - else - { - imageBuffer = await currentService.GetImage(requestPath); - } + byte[] imageBuffer = await currentService.GetImage(resourcePath); using (MemoryStream memoryStream = new MemoryStream(imageBuffer)) { diff --git a/src/ImageProcessor.Web/Properties/AssemblyInfo.cs b/src/ImageProcessor.Web/Properties/AssemblyInfo.cs index ea365f0cf..16abf13af 100644 --- a/src/ImageProcessor.Web/Properties/AssemblyInfo.cs +++ b/src/ImageProcessor.Web/Properties/AssemblyInfo.cs @@ -40,5 +40,5 @@ using System.Runtime.InteropServices; // // You can specify all the values or you can default the Build and Revision Numbers // by using the '*' as shown below: -[assembly: AssemblyVersion("4.1.1.0")] -[assembly: AssemblyFileVersion("4.1.1.0")] +[assembly: AssemblyVersion("4.1.2.0")] +[assembly: AssemblyFileVersion("4.1.2.0")] diff --git a/src/TestWebsites/MVC/TestImageService.cs b/src/TestWebsites/MVC/TestImageService.cs index de632dfff..531a02490 100644 --- a/src/TestWebsites/MVC/TestImageService.cs +++ b/src/TestWebsites/MVC/TestImageService.cs @@ -17,6 +17,7 @@ namespace Test_Website_NET45 using System.Web; using System.Web.Hosting; + using ImageProcessor.Web.Helpers; using ImageProcessor.Web.Services; /// @@ -81,7 +82,7 @@ namespace Test_Website_NET45 /// public bool IsValidRequest(string path) { - return true; + return ImageHelpers.IsValidImageExtension(path.Split(new[] { '&', '?' })[0]); } ///