Merge branch 'develop' into Fix3604

dnnsoftware · Mar 31, 2020 · d512902 · d512902
2 parents 68197fa + 33baec2
commit d512902
Show file tree

Hide file tree

Showing 48 changed files with 617 additions and 95 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -41,8 +41,9 @@ Provide any additional context that may be helpful in understanding and/or resol
 Please add X in at least one of the boxes as appropriate. In order for an issue to be accepted, a developer needs to be able to reproduce the issue on a currently supported version. If you are looking for a workaround for an issue with an older version, please visit the forums at https://dnncommunity.org/forums
 -->
 * [ ] 10.0.0 alpha build
-* [ ] 9.5.0 alpha build
-* [ ] 9.4.4 latest supported release
+* [ ]  9.5.1 alpha build
+* [ ]  9.5.0 latest supported release
+* [ ]  9.4.4 
 
 ## Affected browser
 <!-- 

diff --git a/Build/Cake/database.cake b/Build/Cake/database.cake
@@ -1,7 +1,8 @@
 // Database tasks for your local DNN development site
+using System.Data.SqlClient;
 
 Task("ResetDatabase")
-  .Does(() => 
+  .Does(() =>
     {
         var script = ReplaceScriptVariables(LoadScript("db-connections-drop"));
         ExecuteScript(script);
@@ -15,6 +16,13 @@ Task("ResetDatabase")
 
 public const string ScriptsPath = @".\Build\Cake\sql\";
 
+private static readonly string[] GoStatement = {
+    "\r\nGO\r\n",
+    "\nGO\n",
+    "\nGO\r\n",
+    "\r\nGO\n",
+};
+
 public string LoadScript(string scriptName) {
     var script = scriptName + ".local.sql";
     if (!System.IO.File.Exists(ScriptsPath + script)) {
@@ -30,16 +38,16 @@ public string ReplaceScriptVariables(string script) {
         .Replace("{DBLogin}", Settings.DnnSqlUsername);
 }
 
-public bool ExecuteScript(string ScriptStatement)
+public bool ExecuteScript(string scriptStatement)
 {
     try
     {
-        using (var connection = new System.Data.SqlClient.SqlConnection(Settings.SaConnectionString))
+        using (var connection = new SqlConnection(Settings.SaConnectionString))
         {
             connection.Open();
-            foreach (var cmd in ScriptStatement.Split(new string[] {"\r\nGO\r\n"}, StringSplitOptions.RemoveEmptyEntries)) {
-                var command = new System.Data.SqlClient.SqlCommand(cmd, connection);
-                command.ExecuteNonQuery();          
+            foreach (var cmd in scriptStatement.Split(GoStatement, StringSplitOptions.RemoveEmptyEntries)) {
+                var command = new SqlCommand(cmd, connection);
+                command.ExecuteNonQuery();
             }
             connection.Close();
         }
@@ -49,4 +57,4 @@ public bool ExecuteScript(string ScriptStatement)
         return false;
     }
     return true;
-}
+}
diff --git a/Build/Cake/devsite.cake b/Build/Cake/devsite.cake
@@ -2,6 +2,8 @@
 // Note these tasks depend on the correct settings in your settings file.
 
 Task("ResetDevSite")
+    .IsDependentOn("SetVersion")
+    .IsDependentOn("UpdateDnnManifests")
     .IsDependentOn("ResetDatabase")
     .IsDependentOn("PreparePackaging")
 	.IsDependentOn("OtherPackages")

diff --git a/Build/Cake/sql/create-db.sql b/Build/Cake/sql/create-db.sql
@@ -1,9 +1,9 @@
-IF db_id('{DBName}') IS NOT NULL DROP DATABASE {DBName};
+IF db_id('{DBName}') IS NOT NULL DROP DATABASE [{DBName}];
 GO
 
 CREATE DATABASE [{DBName}] ON PRIMARY
 ( NAME = N'{DBName}', FILENAME = N'{DBPath}\{DBName}.mdf')
- LOG ON 
+ LOG ON
 ( NAME = N'{DBName}_log', FILENAME = N'{DBPath}\{DBName}_log.ldf')
 GO
 

diff --git a/DNN Platform/DotNetNuke.Web.Mvc/Extensions/StartupExtensions.cs b/DNN Platform/DotNetNuke.Web.Mvc/Extensions/StartupExtensions.cs
@@ -22,7 +22,7 @@ public static void AddMvcControllers(this IServiceCollection services)
                 );
             foreach (var controller in controllerTypes)
             {
-                services.TryAddScoped(controller);
+                services.TryAddTransient(controller);
             }
         }
     }

diff --git a/DNN Platform/Library/Common/Utilities/FileSystemExtensions.cs b/DNN Platform/Library/Common/Utilities/FileSystemExtensions.cs
@@ -0,0 +1,16 @@
+using System;
+
+namespace DotNetNuke.Common.Utilities
+{
+    public static class FileSystemExtensions
+    {
+        public static void CheckZipEntry(this ICSharpCode.SharpZipLib.Zip.ZipEntry input)
+        {
+            var fullName = input.Name.Replace('\\', '/');
+            if (fullName.StartsWith("..") || fullName.Contains("/../"))
+            {
+                throw new Exception("Illegal Zip File");
+            }
+        }
+    }
+}
diff --git a/DNN Platform/Library/Common/Utilities/FileSystemUtils.cs b/DNN Platform/Library/Common/Utilities/FileSystemUtils.cs
@@ -324,6 +324,7 @@ public static void UnzipResources(ZipInputStream zipStream, string destPath)
                 var zipEntry = zipStream.GetNextEntry();
                 while (zipEntry != null)
                 {
+                    zipEntry.CheckZipEntry();
                     HtmlUtils.WriteKeepAlive();
                     var localFileName = zipEntry.Name;
                     var relativeDir = Path.GetDirectoryName(zipEntry.Name);

diff --git a/DNN Platform/Library/Common/Utilities/NetworkUtils.cs b/DNN Platform/Library/Common/Utilities/NetworkUtils.cs
@@ -5,8 +5,10 @@
 #region Usings
 
 using System;
+using System.Linq;
 using System.Net;
 using System.Net.Sockets;
+using System.Web;
 
 #endregion
 
@@ -242,6 +244,24 @@ public static bool IsIPInRange(string currentIP, string startIP, string subnetma
             }
             return false;
         }
+
+        /// <summary>
+        /// Gets the Client IP address of the current request, from server variables if available, otherwise returns Request.UserHostAddress.
+        /// </summary>
+        /// <param name="request">The current http request.</param>
+        /// <returns>The current client ip address.</returns>
+        public static string GetClientIpAddress(HttpRequest request)
+        {
+            var ipAddress = request.ServerVariables["HTTP_X_FORWARDED_FOR"]?.Split(',').FirstOrDefault();
+
+            // If there is no proxy, get the standard remote address
+            if (string.IsNullOrWhiteSpace(ipAddress) || ipAddress.Equals("unknown", StringComparison.OrdinalIgnoreCase))
+            {
+                ipAddress = request.UserHostAddress;
+            }
+
+            return ipAddress;
+        }
     }
 
     /// <summary>

diff --git a/DNN Platform/Library/DotNetNuke.Library.csproj b/DNN Platform/Library/DotNetNuke.Library.csproj
@@ -195,6 +195,7 @@
     <Compile Include="Common\Extensions\HttpContextDependencyInjectionExtensions.cs" />
     <Compile Include="Common\NavigationManager.cs" />
     <Compile Include="Common\Utilities\CryptographyUtils.cs" />
+    <Compile Include="Common\Utilities\FileSystemExtensions.cs" />
     <Compile Include="Common\Utilities\RegexUtils.cs" />
     <Compile Include="Data\ControllerBase.cs" />
     <Compile Include="Data\DatabaseConnectionProvider.cs" />

diff --git a/DNN Platform/Library/Entities/Modules/ModuleController.cs b/DNN Platform/Library/Entities/Modules/ModuleController.cs
@@ -497,8 +497,6 @@ private static void GetModuleContent(XmlNode nodeModule, int ModuleId, int TabId
                 {
                     var portal = PortalController.Instance.GetPortal(PortalId);
 
-                    content = HttpContext.Current.Server.HtmlDecode(content);
-
                     //Determine if the Module is copmpletely installed 
                     //(ie are we running in the same request that installed the module).
                     if (module.DesktopModule.SupportedFeatures == Null.NullInteger)
@@ -518,7 +516,8 @@ private static void GetModuleContent(XmlNode nodeModule, int ModuleId, int TabId
                                 var controller = businessController as IPortable;
                                 if (controller != null)
                                 {
-                                    controller.ImportModule(module.ModuleID, content, version, portal.AdministratorId);
+                                    var decodedContent = HttpContext.Current.Server.HtmlDecode(content);
+                                    controller.ImportModule(module.ModuleID, decodedContent, version, portal.AdministratorId);
                                 }
                             }
                             catch

diff --git a/DNN Platform/Library/Services/FileSystem/FileManager.cs b/DNN Platform/Library/Services/FileSystem/FileManager.cs
@@ -1616,6 +1616,7 @@ internal virtual int ExtractFiles(IFileInfo file, IFolderInfo destinationFolder,
 
                     while (zipEntry != null)
                     {
+                        zipEntry.CheckZipEntry();
                         if (!zipEntry.IsDirectory)
                         {
                             exactFilesCount++;

diff --git a/DNN Platform/Library/Services/Installer/InstallerInfo.cs b/DNN Platform/Library/Services/Installer/InstallerInfo.cs
@@ -329,6 +329,7 @@ private void ReadZipStream(Stream inputStream, bool isEmbeddedZip)
             ZipEntry entry = unzip.GetNextEntry();
             while (entry != null)
             {
+                entry.CheckZipEntry();
                 if (!entry.IsDirectory)
                 {
 					//Add file to list

diff --git a/DNN Platform/Library/Services/Installer/Installers/ResourceFileInstaller.cs b/DNN Platform/Library/Services/Installer/Installers/ResourceFileInstaller.cs
@@ -158,6 +158,7 @@ protected override bool InstallFile(InstallFile insFile)
                         ZipEntry entry = unzip.GetNextEntry();
                         while (entry != null)
                         {
+                            entry.CheckZipEntry();
                             if (!entry.IsDirectory)
                             {
                                 string fileName = Path.GetFileName(entry.Name);
@@ -256,6 +257,7 @@ protected override void RollbackFile(InstallFile insFile)
                 ZipEntry entry = unzip.GetNextEntry();
                 while (entry != null)
                 {
+                    entry.CheckZipEntry();
                     if (!entry.IsDirectory)
                     {
                         //Check for Backups

diff --git a/DNN Platform/Library/Services/Installer/Packages/PackageController.cs b/DNN Platform/Library/Services/Installer/Packages/PackageController.cs
@@ -356,6 +356,7 @@ public static void ParsePackage(string file, string installPath, Dictionary<stri
                 ZipEntry entry = unzip.GetNextEntry();
                 while (entry != null)
                 {
+                    entry.CheckZipEntry();
                     if (!entry.IsDirectory)
                     {
                         var fileName = entry.Name;

diff --git a/DNN Platform/Library/Services/Social/Messaging/MessagingController.cs b/DNN Platform/Library/Services/Social/Messaging/MessagingController.cs
@@ -16,7 +16,9 @@
 using DotNetNuke.Framework;
 using DotNetNuke.Security;
 using DotNetNuke.Entities.Users;
+using DotNetNuke.Security.Permissions;
 using DotNetNuke.Security.Roles;
+using DotNetNuke.Services.FileSystem;
 using DotNetNuke.Services.Social.Messaging.Data;
 using DotNetNuke.Services.Social.Messaging.Exceptions;
 using DotNetNuke.Services.Social.Messaging.Internal;
@@ -193,7 +195,10 @@ public virtual void SendMessage(Message message, IList<RoleInfo> roles, IList<Us
             {
                 foreach (var attachment in fileIDs.Select(fileId => new MessageAttachment { MessageAttachmentID = Null.NullInteger, FileID = fileId, MessageID = message.MessageID }))
                 {
-                    _dataService.SaveMessageAttachment(attachment, UserController.Instance.GetCurrentUserInfo().UserID);
+                    if (CanViewFile(attachment.FileID))
+                    {
+                        _dataService.SaveMessageAttachment(attachment, UserController.Instance.GetCurrentUserInfo().UserID);
+                    }
                 }
             }
 
@@ -274,5 +279,17 @@ internal virtual bool IsAdminOrHost(UserInfo userInfo)
         }
 
         #endregion
+
+        private bool CanViewFile(int fileId)
+        {
+            var file = FileManager.Instance.GetFile(fileId);
+            if (file == null)
+            {
+                return false;
+            }
+
+            var folder = FolderManager.Instance.GetFolder(file.FolderId);
+            return folder != null && FolderPermissionController.Instance.CanViewFolder(folder);
+        }
     }
 }
diff --git a/DNN Platform/Library/UI/Skins/SkinController.cs b/DNN Platform/Library/UI/Skins/SkinController.cs
@@ -451,6 +451,7 @@ public static string UploadLegacySkin(string rootPath, string skinRoot, string s
             objZipEntry = objZipInputStream.GetNextEntry();
             while (objZipEntry != null)
             {
+                objZipEntry.CheckZipEntry();
                 if (!objZipEntry.IsDirectory)
                 {
 					//validate file extension

diff --git a/...leWebFarmCachingProvider/DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider.csproj b/...leWebFarmCachingProvider/DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider.csproj
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" ToolsVersion="15.0">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{2C25580C-A971-4F0B-9F70-436A35C2473E}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider</RootNamespace>
+    <AssemblyName>DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider</AssemblyName>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Providers</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <DocumentationFile>bin\Providers\DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider.xml</DocumentationFile>
+    <NoWarn>1591,0618</NoWarn>
+    <LangVersion>7</LangVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Providers</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <DocumentationFile>bin\Providers\DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider.xml</DocumentationFile>
+    <NoWarn>1591,0618</NoWarn>
+    <LangVersion>7</LangVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Web" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="SimpleWebFarmCachingProvider.cs" />
+    <Compile Include="SimpleWebFarmSynchronizationHandler.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="..\..\..\..\SolutionInfo.cs">
+      <Link>Properties\SolutionInfo.cs</Link>
+    </Compile>
+    <None Include="SimpleWebFarmCachingProvider.dnn" />
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="license.txt" />
+    <Content Include="releaseNotes.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\DotNetNuke.Instrumentation\DotNetNuke.Instrumentation.csproj">
+      <Project>{3cd5f6b8-8360-4862-80b6-f402892db7dd}</Project>
+      <Name>DotNetNuke.Instrumentation</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\..\Library\DotNetNuke.Library.csproj">
+      <Project>{6b29aded-7b56-4484-bea5-c0e09079535b}</Project>
+      <Name>DotNetNuke.Library</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="Provider.build" />
+</Project>
diff --git a/...ders/DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider/Properties/AssemblyInfo.cs b/...ders/DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider/Properties/AssemblyInfo.cs
@@ -0,0 +1,15 @@
+// 
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See LICENSE file in the project root for full license information.
+// 
+#region Usings
+
+using System;
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+#endregion
+
+[assembly: AssemblyTitle("DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider")]
+[assembly: AssemblyDescription("Open Source Web Application Framework")]
+[assembly: Guid("2c25580c-a971-4f0b-9f70-436a35c2473e")]
diff --git a/...CachingProviders/DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider/Provider.build b/...CachingProviders/DotNetNuke.Providers.Caching.SimpleWebFarmCachingProvider/Provider.build
@@ -0,0 +1,21 @@
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" ToolsVersion="4.0">
+  <PropertyGroup>
+    <RootDirectory>$(MSBuildProjectDirectory)\..\..\..\..</RootDirectory>
+  </PropertyGroup>
+  <Import Project="..\..\..\..\DNN_Platform.build" />
+  <PropertyGroup>
+    <Extension>zip</Extension>
+    <DNNFileName>SimpleWebFarmCachingProvider</DNNFileName>
+    <PackageName>DNN_SimpleWebFarmCachingProvider</PackageName>
+    <Providers>/Providers</Providers>
+    <InstallPath>$(WebsiteInstallPath)\Provider</InstallPath>
+  </PropertyGroup>
+  <Import Project="$(BuildScriptsPath)\Package.Targets" />
+  <Target Name="AfterBuild" DependsOnTargets="DebugProject;Package">
+  </Target>
+  <Target Name="DebugProject" Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <Copy SourceFiles="$(MSBuildProjectDirectory)/bin$(Providers)/$(AssemblyName).dll" DestinationFolder="$(WebsitePath)/bin$(Providers)" />
+    <Copy SourceFiles="$(MSBuildProjectDirectory)/bin$(Providers)/$(AssemblyName).pdb" DestinationFolder="$(WebsitePath)/bin$(Providers)" />
+    <Copy SourceFiles="$(MSBuildProjectDirectory)/bin$(Providers)/$(AssemblyName).xml" DestinationFolder="$(WebsitePath)/bin$(Providers)" />
+  </Target>
+</Project>