internal static string SafeFilename(string filename) {
if (string.IsNullOrEmpty(filename)) {
return filename;
}
// configuration file can be an http URL in IE
if (filename.StartsWith(HTTP_PREFIX, StringComparison.OrdinalIgnoreCase)) {
return filename;
}
try {
// Confirm that it is a full path.
// GetFullPath will also Demand PathDiscovery for the resulting path
string fullPath = Path.GetFullPath(filename);
}
catch (SecurityException) {
// Get just the name of the file without the directory part.
try {
string fullPath = FullPathWithAssert(filename);
filename = Path.GetFileName(fullPath);
}
catch {
filename = null;
}
}
catch {
filename = null;
}
return filename;
}