2007-11-02 Marek Habersack <mhabersack@novell.com>

	* HttpServerUtility.cs: in 2.0, Transfer is allowed only from
	pages. Fixes bug #334931
	Also, according to MSDN docs, transfer in 2.0+ is possible only to
	other pages.

svn path=/trunk/mcs/; revision=88721

diff --git a/mcs/class/System.Web/System.Web/ChangeLog b/mcs/class/System.Web/System.Web/ChangeLog
index 157102a49452214c29f5875274017f94ae731518..84ab98c1b31afe6e944f5a978a492e79979e7cbc 100644 (file)
--- a/mcs/class/System.Web/System.Web/ChangeLog
+++ b/mcs/class/System.Web/System.Web/ChangeLog
@@ -1,5 +1,10 @@
 2007-11-02  Marek Habersack  <mhabersack@novell.com>
 
+       * HttpServerUtility.cs: in 2.0, Transfer is allowed only from
+       pages. Fixes bug #334931
+       Also, according to MSDN docs, transfer in 2.0+ is possible only to
+       other pages.
+
        * HttpRuntime.cs: BinDirectory returns a full path to the actual
        bin directory in the application root. If no bin directory is
        found, it defaults to returning <applicationPath>/bin. Fixes bug

diff --git a/mcs/class/System.Web/System.Web/HttpServerUtility.cs b/mcs/class/System.Web/System.Web/HttpServerUtility.cs
index 0e6ab659ec025f9052c2e8bf09823416bf9d2d8a..819c47dba6ffe83fa63ae2ec127eb6b3bb300238 100644 (file)
--- a/mcs/class/System.Web/System.Web/HttpServerUtility.cs
+++ b/mcs/class/System.Web/System.Web/HttpServerUtility.cs
@@ -132,6 +132,13 @@ namespace System.Web {
                        IHttpHandler handler = context.ApplicationInstance.GetHandler (context);
                        request.SetCurrentExePath (oldFilePath);
                        
+#if NET_2_0
+                       // If the target handler is not Page, the transfer must not occur.
+                       // InTransit == true means we're being called from Transfer
+                       if (context.InTransit && !(handler is Page))
+                               throw new HttpException ("Transfer is possible only to .aspx files");
+#endif
+                       
                        TextWriter previous = null;
                        try {
 #if NET_2_0
@@ -203,12 +210,21 @@ namespace System.Web {
                                Page page = (Page) context.Handler;
                                preserveForm = !page.IsPostBack;
                        }
+#if NET_2_0
+                       else
+                               throw new HttpException ("Transfer may only be called from within a Page instance");
+#endif
 
                        Transfer (path, preserveForm);
                }
 
                public void Transfer (string path, bool preserveForm)
                {
+#if NET_2_0
+                       if (!(context.Handler is Page))
+                               throw new HttpException ("Transfer may only be called from within a Page instance");
+#endif
+
                        context.InTransit = true;
                        Execute (path, null, preserveForm);
                        context.Response.End ();
@@ -218,7 +234,9 @@ namespace System.Web {
                {
                        if (handler == null)
                                throw new ArgumentNullException ("handler");
-
+                       if (!(handler is Page))
+                               throw new HttpException ("Transfer may only be called from within a Page instance");
+                       
                        // TODO: see the MS doc and search for "enableViewStateMac": this method is not
                        // allowed for pages when preserveForm is true and the page IsCallback property
                        // is true.
@@ -232,6 +250,11 @@ namespace System.Web {
                        if (handler == null)
                                throw new ArgumentNullException ("handler");
 
+                       // If the target handler is not Page, the transfer must not occur.
+                       // InTransit == true means we're being called from Transfer
+                       if (context.InTransit && !(handler is Page))
+                               throw new HttpException ("Transfer is possible only to .aspx files");
+                       
                        HttpRequest request = context.Request;
                        string oldQuery = request.QueryStringRaw;
                        if (!preserveForm) {