internal static string SafeFilename(string filename) {
if (string.IsNullOrEmpty(filename)) {
return filename;
}
// configuration file can be an http URL in IE
if (StringUtil.StartsWithIgnoreCase(filename, HTTP_PREFIX)) {
return filename;
}
//
// If it is a relative path, return it as is.
// This could happen if the exception was constructed from the serialization constructor,
// and the caller did not have PathDiscoveryPermission for the file.
//
try {
if (!Path.IsPathRooted(filename)) {
return filename;
}
}
catch {
return null;
}
try {
// Confirm that it is a full path.
// GetFullPath will also Demand PathDiscovery for the resulting path
string fullPath = Path.GetFullPath(filename);
}
catch (SecurityException) {
// Get just the name of the file without the directory part.
try {
string fullPath = FullPathWithAssert(filename);
filename = Path.GetFileName(fullPath);
}
catch {
filename = null;
}
}
catch {
filename = null;
}
return filename;
}