2007-11-02 Marek Habersack <mhabersack@novell.com>
+ * HttpServerUtility.cs: in 2.0, Transfer is allowed only from
+ pages. Fixes bug #334931
+ Also, according to MSDN docs, transfer in 2.0+ is possible only to
+ other pages.
+
* HttpRuntime.cs: BinDirectory returns a full path to the actual
bin directory in the application root. If no bin directory is
found, it defaults to returning <applicationPath>/bin. Fixes bug
IHttpHandler handler = context.ApplicationInstance.GetHandler (context);
request.SetCurrentExePath (oldFilePath);
+#if NET_2_0
+ // If the target handler is not Page, the transfer must not occur.
+ // InTransit == true means we're being called from Transfer
+ if (context.InTransit && !(handler is Page))
+ throw new HttpException ("Transfer is possible only to .aspx files");
+#endif
+
TextWriter previous = null;
try {
#if NET_2_0
Page page = (Page) context.Handler;
preserveForm = !page.IsPostBack;
}
+#if NET_2_0
+ else
+ throw new HttpException ("Transfer may only be called from within a Page instance");
+#endif
Transfer (path, preserveForm);
}
public void Transfer (string path, bool preserveForm)
{
+#if NET_2_0
+ if (!(context.Handler is Page))
+ throw new HttpException ("Transfer may only be called from within a Page instance");
+#endif
+
context.InTransit = true;
Execute (path, null, preserveForm);
context.Response.End ();
{
if (handler == null)
throw new ArgumentNullException ("handler");
-
+ if (!(handler is Page))
+ throw new HttpException ("Transfer may only be called from within a Page instance");
+
// TODO: see the MS doc and search for "enableViewStateMac": this method is not
// allowed for pages when preserveForm is true and the page IsCallback property
// is true.
if (handler == null)
throw new ArgumentNullException ("handler");
+ // If the target handler is not Page, the transfer must not occur.
+ // InTransit == true means we're being called from Transfer
+ if (context.InTransit && !(handler is Page))
+ throw new HttpException ("Transfer is possible only to .aspx files");
+
HttpRequest request = context.Request;
string oldQuery = request.QueryStringRaw;
if (!preserveForm) {