void CheckIfIncludeFileIsSecure (string filePath)
{
if (filePath == null || filePath.Length == 0)
return;
// a bit slow, but fully portable
string newdir = null;
Exception exception = null;
try {
string origdir = Directory.GetCurrentDirectory ();
Directory.SetCurrentDirectory (Path.GetDirectoryName (filePath));
newdir = Directory.GetCurrentDirectory ();
Directory.SetCurrentDirectory (origdir);
if (newdir [newdir.Length - 1] != '/')
newdir += "/";
} catch (DirectoryNotFoundException) {
return; // will be converted into 404
} catch (FileNotFoundException) {
return; // as above
} catch (Exception ex) {
// better safe than sorry
exception = ex;
}
if (exception != null || !StrUtils.StartsWith (newdir, HttpRuntime.AppDomainAppPath))
throw new ParseException (Location, "Files above the application's root directory cannot be included.");
}