From 9a63888809c1802e4207065eade59c0fd9147463 Mon Sep 17 00:00:00 2001 From: Ahmet Date: Thu, 7 May 2020 23:25:03 +0300 Subject: [PATCH] Fileformat blogshort name requests are suppressed --- .../Volo/Blogging/Blogs/BlogAppService.cs | 12 ++-------- .../Pages/Blogs/Posts/Detail.cshtml.cs | 6 +++++ .../Pages/Blogs/Posts/Edit.cshtml.cs | 5 ++++ .../Pages/Blogs/Posts/Index.cshtml.cs | 6 +++++ .../Pages/Blogs/Posts/New.cshtml.cs | 5 ++++ .../Shared/Helpers/BlogNameControlHelper.cs | 23 +++++++++++++++++++ 6 files changed, 47 insertions(+), 10 deletions(-) create mode 100644 modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Shared/Helpers/BlogNameControlHelper.cs diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Blogs/BlogAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Blogs/BlogAppService.cs index b635b95d5f..88b9a75410 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Blogs/BlogAppService.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Blogs/BlogAppService.cs @@ -1,8 +1,7 @@ -using System; +using Microsoft.AspNetCore.Authorization; +using System; using System.Collections.Generic; -using System.IO; using System.Threading.Tasks; -using Microsoft.AspNetCore.Authorization; using Volo.Abp.Application.Dtos; using Volo.Abp.Domain.Entities; using Volo.Blogging.Blogs.Dtos; @@ -33,13 +32,6 @@ namespace Volo.Blogging.Blogs if (blog == null) { - FileInfo fi = new FileInfo(shortName); - - if (!string.IsNullOrEmpty(fi.Extension)) - { - return null; - } - throw new EntityNotFoundException(typeof(Blog), shortName); } diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml.cs b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml.cs index c2e9eb8ec8..9bb7062378 100644 --- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml.cs +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml.cs @@ -8,6 +8,7 @@ using Volo.Blogging.Blogs; using Volo.Blogging.Blogs.Dtos; using Volo.Blogging.Comments; using Volo.Blogging.Comments.Dtos; +using Volo.Blogging.Pages.Blogs.Shared.Helpers; using Volo.Blogging.Posts; namespace Volo.Blogging.Pages.Blog.Posts @@ -48,6 +49,11 @@ namespace Volo.Blogging.Pages.Blog.Posts public virtual async Task OnGetAsync() { + if (BlogNameControlHelper.IsFileFormat(BlogShortName)) + { + return NotFound(); + } + await GetData(); return Page(); diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Edit.cshtml.cs b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Edit.cshtml.cs index 90e9209645..c7387a7aec 100644 --- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Edit.cshtml.cs +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Edit.cshtml.cs @@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Volo.Abp.AspNetCore.Mvc.UI.RazorPages; using Volo.Blogging.Blogs; +using Volo.Blogging.Pages.Blogs.Shared.Helpers; using Volo.Blogging.Posts; namespace Volo.Blogging.Pages.Blog.Posts @@ -39,6 +40,10 @@ namespace Volo.Blogging.Pages.Blog.Posts { return Redirect("/"); } + if (BlogNameControlHelper.IsFileFormat(BlogShortName)) + { + return NotFound(); + } var postDto = await _postAppService.GetAsync(new Guid(PostId)); Post = ObjectMapper.Map(postDto); diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Index.cshtml.cs b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Index.cshtml.cs index 0b0597c60f..df7c23fc97 100644 --- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Index.cshtml.cs +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Index.cshtml.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Mvc; using Volo.Abp.AspNetCore.Mvc.UI.RazorPages; using Volo.Blogging.Blogs; using Volo.Blogging.Blogs.Dtos; +using Volo.Blogging.Pages.Blogs.Shared.Helpers; using Volo.Blogging.Posts; using Volo.Blogging.Tagging; using Volo.Blogging.Tagging.Dtos; @@ -37,6 +38,11 @@ namespace Volo.Blogging.Pages.Blog.Posts public virtual async Task OnGetAsync() { + if (BlogNameControlHelper.IsFileFormat(BlogShortName)) + { + return NotFound(); + } + Blog = await _blogAppService.GetByShortNameAsync(BlogShortName); Posts = (await _postAppService.GetListByBlogIdAndTagName(Blog.Id, TagName)).Items; PopularTags = (await _tagAppService.GetPopularTags(Blog.Id, new GetPopularTagsInput {ResultCount = 10, MinimumPostCount = 2})); diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/New.cshtml.cs b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/New.cshtml.cs index 11c853b30c..caa22424e7 100644 --- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/New.cshtml.cs +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/New.cshtml.cs @@ -8,6 +8,7 @@ using Microsoft.Extensions.Options; using Volo.Abp.AspNetCore.Mvc.UI.RazorPages; using Volo.Blogging.Blogs; using Volo.Blogging.Blogs.Dtos; +using Volo.Blogging.Pages.Blogs.Shared.Helpers; using Volo.Blogging.Posts; namespace Volo.Blogging.Pages.Blog.Posts @@ -41,6 +42,10 @@ namespace Volo.Blogging.Pages.Blog.Posts { return Redirect("/"); } + if (BlogNameControlHelper.IsFileFormat(BlogShortName)) + { + return NotFound(); + } Blog = await _blogAppService.GetByShortNameAsync(BlogShortName); Post = new CreatePostViewModel diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Shared/Helpers/BlogNameControlHelper.cs b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Shared/Helpers/BlogNameControlHelper.cs new file mode 100644 index 0000000000..4e9b8bac57 --- /dev/null +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Shared/Helpers/BlogNameControlHelper.cs @@ -0,0 +1,23 @@ +using System.IO; +using Microsoft.AspNetCore.Mvc; + +namespace Volo.Blogging.Pages.Blogs.Shared.Helpers +{ + public static class BlogNameControlHelper + { + public static bool IsFileFormat(string blogShortName) + { + if (!string.IsNullOrWhiteSpace(blogShortName)) + { + var fileInfo = new FileInfo(blogShortName); + + if (!string.IsNullOrEmpty(fileInfo.Extension)) + { + return true; + } + } + + return false; + } + } +} \ No newline at end of file