Reputation: 148514
Server.MapPath issue?
So I am reading a book about asp.net security. and one of the sections there was : how to prevent directory traversal filename ( hacked filenames).
so the line of code was :
string fullPath = Server.MapPath(System.IO.Path.Combine(@"d:\inetpub\inbound\",filename));
but then I noticed the result of the combine which will be :
d:\inetpub\inbound\myfile.txt
But I remember that the parameter type should be virtual path and not filesystem path !
d:\inetpub\inbound\myfile.txt is not a virtual path!
what am I missing ?
p.s. this is the book : (wrox)
Upvotes: 3
Views: 1418
Answers (2)
Reputation: 40506
The code sample is wrong.
The role of Server.MapPath is indeed to transform a virtual path into a physical one. If you already have a physical path, there'a no need for Server.MapPath.
The code will probably throw an Exception with the message:
'd:\inetpub\inbound\myfile.txt' is a physical path, but a virtual path was expected.
Upvotes: 2
Reputation: 33139
You must use Server.MapPath to convert a virtual path (i.e., a path inside your website) to a physical path (such as D:\InetPub\...).
So you can do this:
var physicalPath = Server.MapPath("~/Incoming/Receivedfile.txt");
and then you can use physicalPath to actually access the file.
BTW the tilde in the filename above represents the root of the website the code is running under.
Upvotes: 1
Related Questions
- Server.MapPath() wrong path on IIS
- Server.MapPath - Physical path given, virtual path expected
- Server.MapPath does not exist in the Current Context
- Server.MapPath does not exist in current context
- Server.MapPath - Could not find a part of the path in ASP.net
- Server.map path not working in asp.net
- Server.MapPath returning incorrect path
- Server.mappath confusion
- Server.MapPath()
- Server.MapPath gives wrong path, exception "The given path's format is not supported" when running on IIS server?