Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Jonas Lindau
Mar 28, 2013
  3040
(0 votes)

Hiding files with attribute hidden, system or temporary from file listing

On our sites we use pretty much the same file listing functions that comes with the example site in EPiServer. It’s simple and have worked well for many years, but recently one of our users realized that hidden files were visible in the listing. My first thought was that it should be the easiest thing ever to hide these files, surely the FileSystemDataSource would have a nice property called “ShowHiddenFiles” or something, ready use. It turned out i couldn’t be more wrong!

so what to do? After testing and thinking of several ways to solve my issue, I ended up with a quite simple solution where I used TreeNodeDataBound to determine if the current node should be rendered or not. In the sample unit this method is used to add different functionality for files and directories. Just add a few more lines of code to it like below:

protected void FileTree_TreeNodeDataBound(object sender, System.Web.UI.WebControls.TreeNodeEventArgs e)
        {
            VirtualFileBase virtualFile = e.Node.DataItem as VirtualFileBase;
           
            if (virtualFile.IsDirectory)
            {
                e.Node.SelectAction = TreeNodeSelectAction.Expand;
            }
            else
            {
                try
                {
                    VersioningFile RealFile = VirtualPathHandler.Instance.GetFile(virtualFile.VirtualPath, true) as VersioningFile;
                    string RealPath = RealFile.LocalPath;
                    FileInfo RealFileInfo = new FileInfo(RealPath);

                    if (RealFileInfo.Exists)
                    {
                        bool IsHidden = (RealFileInfo.Attributes & FileAttributes.Hidden) == FileAttributes.Hidden;
                        bool IsSystem = (RealFileInfo.Attributes & FileAttributes.System) == FileAttributes.System;
                        bool IsTemporary = (RealFileInfo.Attributes & FileAttributes.Temporary) == FileAttributes.Temporary;

                        if (IsHidden || IsSystem || IsTemporary)
                            FileTree.Nodes.Remove(e.Node);
                    }
                }
                catch { }

                e.Node.NavigateUrl = e.Node.DataPath;
            }
        }

Now it’s safe to list files from folders where hidden, system or temporary files are sored!

Mar 28, 2013

Comments

Please login to comment.
Latest blogs
Join the Work Smarter Webinar: Working with the Power of Configured Commerce (B2B) Customer Segmentation December 7th

Join this webinar and learn about customer segmentation – how to best utilize it, how to use personalization to differentiate segmentation and how...

Karen McDougall | Dec 1, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Creating Content Pages

The blog post discusses the creation of additional page types with Next.js and Optimizely SaaS Core. It provides a step-by-step guide on how to...

Francisco Quintanilla | Dec 1, 2023 | Syndicated blog

Stop Managing Humans in Your CMS

Too many times, a content management system becomes a people management system. Meaning, an organization uses the CMS to manage all the information...

Deane Barker | Nov 30, 2023

A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023