[Mono-bugs] [Bug 325117] Security: OpenFileDialog must clear FileInfo information

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Fri Nov 9 17:17:36 EST 2007


--- Comment #3 from Sebastien Pouliot <spouliot at novell.com>  2007-11-09 15:17:35 MST ---
FileDialogFileInfo.Name must only return the file name (and extension).
The full path isn't available from it or any other FileDialogFileInfo's API.

The FileDialogFileInfo can can return:
a read-only Stream using OpenRead
a read-only StreamWriter using OpenText

none of which can expose the full-path of the original filename (in fact all
StreamReader ctor accepting path are SecurityCritical).

Note: since we're reusing our existing code we'll need to ensure that no
exception can leak the path too!

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list