Sanitize login return url and theme path

rxtur · rxtur · commit 8e9835fc7c9d · 2019-05-06T20:45:40.000-05:00
diff --git a/BlogEngine/BlogEngine.Core/BlogSettings.cs b/BlogEngine/BlogEngine.Core/BlogSettings.cs
@@ -420,27 +420,27 @@ public string Theme
                     var request = context.Request;
                     if (request.QueryString["theme"] != null)
                     {
-                        return request.QueryString["theme"];
+                        return request.QueryString["theme"].SanitizePath();
                     }
 
                     var cookie = request.Cookies[this.ThemeCookieName];
                     if (cookie != null)
                     {
-                        return cookie.Value;
+                        return cookie.Value.SanitizePath();
                     }
 
                     if (Utils.ShouldForceMainTheme(request))
                     {
-                        return this.configuredTheme;
+                        return this.configuredTheme.SanitizePath();
                     }
                 }
 
-                return this.configuredTheme;
+                return this.configuredTheme.SanitizePath();
             }
 
             set
             {
-                this.configuredTheme = String.IsNullOrEmpty(value) ? String.Empty : value;
+                this.configuredTheme = String.IsNullOrEmpty(value) ? String.Empty : value.SanitizePath();
             }
         }
 
diff --git a/BlogEngine/BlogEngine.NET/Custom/Controls/PostList.ascx.cs b/BlogEngine/BlogEngine.NET/Custom/Controls/PostList.ascx.cs
@@ -123,7 +123,7 @@ private void BindPosts()
 
             var theme = Request.QueryString["theme"];
             if(!string.IsNullOrEmpty(theme))
-                theme = theme.Replace(".", "").Replace("/", "").Replace("\\", "");
+                theme = theme.SanitizePath();
 
             var path = string.Format("{0}Custom/Themes/{1}/PostView.ascx", Utils.ApplicationRelativeWebRoot, BlogSettings.Instance.GetThemeWithAdjustments(theme));
             var counter = 0;

Original file line number	Diff line number	Diff line change
`@@ -420,27 +420,27 @@ public string Theme`
`420`	`420`	`var request = context.Request;`
`421`	`421`	`if (request.QueryString["theme"] != null)`
`422`	`422`	`{`
`423`		`- return request.QueryString["theme"];`
	`423`	`+ return request.QueryString["theme"].SanitizePath();`
`424`	`424`	`}`
`425`	`425`
`426`	`426`	`var cookie = request.Cookies[this.ThemeCookieName];`
`427`	`427`	`if (cookie != null)`
`428`	`428`	`{`
`429`		`- return cookie.Value;`
	`429`	`+ return cookie.Value.SanitizePath();`
`430`	`430`	`}`
`431`	`431`
`432`	`432`	`if (Utils.ShouldForceMainTheme(request))`
`433`	`433`	`{`
`434`		`- return this.configuredTheme;`
	`434`	`+ return this.configuredTheme.SanitizePath();`
`435`	`435`	`}`
`436`	`436`	`}`
`437`	`437`
`438`		`- return this.configuredTheme;`
	`438`	`+ return this.configuredTheme.SanitizePath();`
`439`	`439`	`}`
`440`	`440`
`441`	`441`	`set`
`442`	`442`	`{`
`443`		`- this.configuredTheme = String.IsNullOrEmpty(value) ? String.Empty : value;`
	`443`	`+ this.configuredTheme = String.IsNullOrEmpty(value) ? String.Empty : value.SanitizePath();`
`444`	`444`	`}`
`445`	`445`	`}`
`446`	`446`