Changeset 1770

Show
Ignore:
Timestamp:
2008-03-22 11:59:58 (3 months ago)
Author:
fredck
Message:

[ASP.NET] Fixed #1944 : The "\" character is now blocked in the currentFolder parameter.

Location:
FCKeditor.Net/trunk
Files:
2 modified

Legend:

Unmodified
Added
Removed

  • FCKeditor.Net/trunk/FileBrowser/Connector.cs

    r1202 r1770  
    3838                        if ( !Config.Enabled ) 
    3939                        { 
    40                                 XmlResponseHandler.SendError( Response, 1, "This connector is disabled. Please check the \"editor/filemanager/connectors/aspx/config.aspx\" file." ); 
     40                                XmlResponseHandler.SendError( Response, 1, "This connector is disabled. Please check the \"editor/filemanager/connectors/aspx/config.ascx\" file." ); 
    4141                                return; 
    4242                        } 
     
    6767 
    6868                        // Check for invalid folder paths (..). 
    69                         if ( sCurrentFolder.IndexOf( ".." ) >= 0 ) 
     69                        if ( sCurrentFolder.IndexOf( ".." ) >= 0 || sCurrentFolder.IndexOf( "\\" ) >= 0 ) 
    7070                        { 
    7171                                XmlResponseHandler.SendError( Response, 102, "" ); 

  • FCKeditor.Net/trunk/_whatsnew.html

    r1701 r1770  
    4040                <li>[<a target="_blank" href="http://dev.fckeditor.net/ticket/1945">#1945</a>] New folders 
    4141                        and file names are now properly sanitized against control characters.</li> 
     42                <li>[<a target="_blank" href="http://dev.fckeditor.net/ticket/1944">#1944</a>] The "\" 
     43                        character is now properly verified for all connector requests.</li> 
    4244        </ul> 
    4345        <h3>