Access数据库管理页面禁止下载非.resx扩展名文件

sdnuacmicpc · Jun 10, 2015 · cf301f3 · cf301f3
1 parent a148190
commit cf301f3
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/website/SDNUOJ.Configuration/Properties/AssemblyInfo.cs b/website/SDNUOJ.Configuration/Properties/AssemblyInfo.cs
@@ -32,5 +32,5 @@
 // 可以指定所有这些值，也可以使用“内部版本号”和“修订号”的默认值，
 // 方法是按如下所示使用“*”:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.2.0.56")]
-[assembly: AssemblyFileVersion("1.2.0.56")]
+[assembly: AssemblyVersion("1.2.0.57")]
+[assembly: AssemblyFileVersion("1.2.0.57")]
diff --git a/website/SDNUOJ.Controllers/Core/DatabaseManager.cs b/website/SDNUOJ.Controllers/Core/DatabaseManager.cs
@@ -321,6 +321,11 @@ public static IMethodResult AdminGetDataBaseDownloadPath(Int32 did)
                 return MethodResult.FailedAndLog("Database does not exist!");
             }
 
+            if (!String.Equals(fi.Extension, ".resx", StringComparison.OrdinalIgnoreCase))
+            {
+                return MethodResult.FailedAndLog("Your can not download this file!");
+            }
+
             return MethodResult.SuccessAndLog<String>(filePath, "Admin download database, name = {0}", fi.Name);
         }
 

diff --git a/website/SDNUOJ/Areas/Admin/Views/Database/List.cshtml b/website/SDNUOJ/Areas/Admin/Views/Database/List.cshtml
@@ -48,7 +48,7 @@
             <td class="text-center">@((Item.Length / 1024.0).ToString("0.00")) KB</td>
             <td class="text-center">@Html.ActionLink("压缩", "Compact", "Database", new { id = i }, null)</td>
             <td class="text-center">@(!String.Equals(Item.Name, ViewBag.DefaultFileName as String) ? Html.ActionLink("还原", "Restore", "Database", new { id = i }, null) : Html.Raw("还原"))</td>
-            <td class="text-center">@(!String.Equals(Item.Name, ViewBag.DefaultFileName as String) ? Html.ActionLink("下载", "Download", "Database", new { id = i }, null) : Html.Raw("下载"))</td>
+            <td class="text-center">@((!String.Equals(Item.Name, ViewBag.DefaultFileName as String) && String.Equals(Item.Extension, ".resx", StringComparison.OrdinalIgnoreCase)) ? Html.ActionLink("下载", "Download", "Database", new { id = i }, null) : Html.Raw("下载"))</td>
             <td class="text-center">@(!String.Equals(Item.Name, ViewBag.DefaultFileName as String) ? Html.ActionLink("删除", "Delete", "Database", new { id = i }, new { @data_advancelink = "true", @data_confirm = "true", @data_async = "true" }) : Html.Raw("删除"))</td>
         </tr>
     }