#4133 Backfit of : Prevent use of .. or : in file path #3552 for v6.x (#4145)

MaceySoftware · web-flow · commit 8fbdd8c773bf · 2024-08-06T12:02:36.000-07:00
diff --git a/Source/Csla/Reflection/MethodCaller.cs b/Source/Csla/Reflection/MethodCaller.cs
@@ -252,8 +252,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
 
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
 
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else

Original file line number	Diff line number	Diff line change
`@@ -252,8 +252,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)`
`252`	`252`
`253`	`253`	`if (splitName.Length > 2)`
`254`	`254`	`{`
`255`		`- var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");`
	`255`	`+ var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";`
	`256`	`+ if (path.Contains("..") \|\| path.Contains(':'))`
	`257`	`+ throw new TypeLoadException(path);`
`256`	`258`
	`259`	`+ var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);`
`257`	`260`	`return asm.GetType(splitName[0].Trim());`
`258`	`261`	`}`
`259`	`262`	`else`