[Mono-bugs] [Bug 325117] Security: OpenFileDialog must clear FileInfo information
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Fri Nov 9 17:17:36 EST 2007
https://bugzilla.novell.com/show_bug.cgi?id=325117#c3
--- Comment #3 from Sebastien Pouliot <spouliot at novell.com> 2007-11-09 15:17:35 MST ---
FileDialogFileInfo.Name must only return the file name (and extension).
The full path isn't available from it or any other FileDialogFileInfo's API.
The FileDialogFileInfo can can return:
a read-only Stream using OpenRead
a read-only StreamWriter using OpenText
none of which can expose the full-path of the original filename (in fact all
StreamReader ctor accepting path are SecurityCritical).
Note: since we're reusing our existing code we'll need to ensure that no
exception can leak the path too!
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the mono-bugs
mailing list