So I am reading a book about asp.net security. and one of the sections there was :
how to prevent directory traversal filename ( hacked filenames).
so the line of code was :
string fullPath = Server.MapPath(System.IO.Path.Combine(#"d:\inetpub\inbound\",filename));
but then I noticed the result of the combine which will be :
d:\inetpub\inbound\myfile.txt
But I remember that the parameter type should be virtual path and not filesystem path !
d:\inetpub\inbound\myfile.txt is not a virtual path!
what am I missing ?
p.s. this is the book : (wrox)
The code sample is wrong.
The role of Server.MapPath is indeed to transform a virtual path into a physical one. If you already have a physical path, there'a no need for Server.MapPath.
The code will probably throw an Exception with the message:
'd:\inetpub\inbound\myfile.txt' is a physical path, but a virtual path was expected.
You must use Server.MapPath to convert a virtual path (i.e., a path inside your website) to a physical path (such as D:\InetPub\...).
So you can do this:
var physicalPath = Server.MapPath("~/Incoming/Receivedfile.txt");
and then you can use physicalPath to actually access the file.
BTW the tilde in the filename above represents the root of the website the code is running under.
Related
I have an MVC project and a class library just for saving and deleting images.
I have the path to those images stored in a variable as a relative path
Content\images\ that I reference inside the Save() and Delete() methods.
The save method works as I would think but the delete throws an error as it's relating the current path from the window directory.
// Works fine
File.WriteAllBytes(Path.Combine(Settings.ImagesPath, filename), binaryData);
// Error saying it cannot find the path in the C:\windows\system32\folder
File.Delete(Path.Combine(Settings.ImagesPath, filename));
I'd like to be able to switch between relative and absolute paths in my Settings.ImagesPath string but every SO article I've tried works for one scenario or the other. What's the best way to convert absolute or relative paths to some common way to deal with them?
You should use Server.MapPath method to generate the path to the location and use that in your Path.Combine method.
var fullPath = Path.Combine(Server.MapPath(Settings.ImagesPath), filename);
System.IO.File.Delete(fullPath);
Server.MapPath method returns the physical file path that corresponds to the specified virtual path. In this case, Server.MapPath(Settings.ImagesPath) will return the physical file path to your Content\images\ which is inside your app root.
You should do the same when you save the file as well.
You can also check the existence of the file before attempting to delete it
var fullPath = Path.Combine(Server.MapPath(Settings.ImagesPath), filename);
if (System.IO.File.Exists(fullPath))
{
System.IO.File.Delete(fullPath);
}
Server.MapPath expects a relative path. So if you have an absolute value in the Settings.ImagePath, You can use the Path.IsPathRooted method to determine if it is a virtual path or not
var p = Path.Combine(Path.IsPathRooted(Settings.ImagesPath)
? path : Server.MapPath(Settings.ImagesPath), name);
if (System.IO.File.Exists(p))
{
System.IO.File.Delete(p);
}
When you use the virutal path, make sure it start with ~.
Settings.ImagesPath = #"~\Contents\Pictures";
I have a Member Register aspx page.
ACCOUNT(user,pass,mail,privilege)
When a user is registerd sucessfully, if the privilege == "lecturer" --> a folder is created which folder's name= user.
Take a look at my code below:
if(privilege=="lecturer")
{
string path = this.Server.MapPath("~/Lecturer/"); // path="D:\\C#Projects\\website\\Lecturer\\"
string targetPath = path + #"\";
System.IO.Directory.CreateDirectory(Server.MapPath(targetPath+newuser));
}
It has an error: 'D:/C#Projects/website/Lecturer/david' is a physical path, but a virtual path was expected. Why???
I really want to create a david folder in Lecturer folder. Help???
You do not need to use Server.MapPath again as you have already converted the virtual path to physical path.
Change
System.IO.Directory.CreateDirectory(Server.MapPath(targetPath+newuser));
To
System.IO.Directory.CreateDirectory(targetPath+newuser);
If you already have a physical path D:\\C#Projects\\website\\Lecturer\\, it doesn't make sense to call Server.MapPath
You can try this:-
var files = Directory.GetFiles(#"D:\C#Projects\website\Lecturer");
or simply try this:-
System.IO.Directory.CreateDirectory(targetPath+newuser);
I'd like to save an uploaded file to a physical path by the method HttpPostedFileBase.SaveAs().
When I choose a physical path, an exception appears indicates that the path must be virtual.
var fileName = Path.GetFileName(fileurl.FileName);
var path = "C:/Projets" + fileName;
fileurl.SaveAs(Server.MapPath(path));
How can I change my code to be able to save the file every where I want?
The Server.MapPath works only with physical locations that are part of the website. If you want to save the file outside you could use the following:
var fileName = Path.GetFileName(fileurl.FileName);
fileurl.SaveAs(Path.Combine(#"c:\projects", fileName));
Make sure though that the account under which your application pool is executing is granted write permissions to this folder.
Server.MapPath is for virtual path. You can try to use Path.GetFullPath(path).
I am using c#, asp.net and working on a web application.
I initially had a relative path as such which I needed to be an absolute path.
The below works but need to get the absolute path:
return Chart.RenderChartHTML("../../Charts/MSLine.swf");
I tried the following which didn't work (note that it gives me the complete path on my hard drive to .swf):
string mslinepath = HttpContext.Current.Server.MapPath("Charts/MSLine.swf");
return Chart.RenderChartHTML(mslinepath);
I then tried the following which works:
string mslinepath = VirtualPathUtility.ToAbsolute("~/Charts/MSLine.swf");
return Chart.RenderChartHTML(mslinepath);
Wondering why VirtualPathUtility.ToAbsolute works while the other one doesn't.
MapPath returns the physical file path on your server which corresponds to the specified virtual path.
(Eg: "C:\inetpub\wwwroot\Charts\MSLine.swf")
ToAbsolute converts an app-relative virtual path (one starting with "~/") to an absolute virtual path.
(Eg: "/AppName/Charts/MSLine.swf")
I'm using this line of code:
var files = Directory.GetFiles(Server.MapPath("E:\\ftproot\\sales"));
to locate files in a folder however I get the error message saying that
"Physical Path given but virtual path
expected".
Am new enough to using System.IO in C# so I was wondering if it's possible to enter a physical path to do this?
if you already know your folder is: E:\ftproot\sales then you do not need to use Server.MapPath, this last one is needed if you only have a relative virtual path like ~/folder/folder1 and you want to know the real path in the disk...
var files = Directory.GetFiles(#"E:\ftproot\sales");