Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft Security Advisory CVE-2020-0606 : .NET Core Remote Code Execution Vulnerability (5.0 PR) #2430

Merged
merged 2 commits into from
Jan 15, 2020
Merged

Microsoft Security Advisory CVE-2020-0606 : .NET Core Remote Code Execution Vulnerability (5.0 PR) #2430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5f482ec
Merged PR 4305: [.Net 5.0] MSRC 54179, 54120: Replacing internal over…
arpitmathur Dec 17, 2019
740fbe5
Merge commit '5f482ecb55b68c52d338c72eea2457af2351edd1' into dev/arpi…
arpitmathur Jan 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/Microsoft.DotNet.Wpf/cycle-breakers/PresentationFramework/PresentationFramework.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11407,13 +11407,20 @@ public void CancelAsync() { }
public static System.Xaml.XamlSchemaContext GetWpfSchemaContext() { throw null; }
public static object Load(System.IO.Stream stream) { throw null; }
public static object Load(System.IO.Stream stream, System.Windows.Markup.ParserContext parserContext) { throw null; }
public static object Load(System.IO.Stream stream, System.Windows.Markup.ParserContext parserContext, bool useRestrictiveXamlReader) { throw null; }
public static object Load(System.Xaml.XamlReader reader) { throw null; }
public static object Load(System.Xml.XmlReader reader) { throw null; }
public static object Load(System.Xml.XmlReader reader, bool useRestrictiveXamlReader) { throw null; }
public object LoadAsync(System.IO.Stream stream) { throw null; }
public object LoadAsync(System.IO.Stream stream, bool useRestrictiveXamlReader) { throw null; }
public object LoadAsync(System.IO.Stream stream, System.Windows.Markup.ParserContext parserContext) { throw null; }
public object LoadAsync(System.IO.Stream stream, System.Windows.Markup.ParserContext parserContext, bool useRestrictiveXamlReader) { throw null; }
public object LoadAsync(System.Xml.XmlReader reader) { throw null; }
public object LoadAsync(System.Xml.XmlReader reader, bool useRestrictiveXamlReader) { throw null; }
public static object Parse(string xamlText) { throw null; }
public static object Parse(string xamlText, bool useRestrictiveXamlReader) { throw null; }
public static object Parse(string xamlText, System.Windows.Markup.ParserContext parserContext) { throw null; }
public static object Parse(string xamlText, System.Windows.Markup.ParserContext parserContext, bool useRestrictiveXamlReader) { throw null; }
}
public partial class XamlTypeMapper
{
Expand Down
2 changes: 1 addition & 1 deletion ...Wpf/src/PresentationFramework/MS/Internal/Controls/StickyNote/StickyNoteContentControl.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ public override void Load(XmlNode node)
RichTextBox richTextBox = (RichTextBox)InnerControl;

FlowDocument document = new FlowDocument();
TextRange rtbRange = new TextRange(document.ContentStart, document.ContentEnd);
TextRange rtbRange = new TextRange(document.ContentStart, document.ContentEnd, useRestrictiveXamlXmlReader: true);
using (MemoryStream buffer = new MemoryStream(Convert.FromBase64String(node.InnerText)))
{
rtbRange.Load(buffer, DataFormats.Xaml);
Expand Down
23 changes: 22 additions & 1 deletion src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRange.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,24 @@ public TextRange(TextPointer position1, TextPointer position2) :
internal TextRange(ITextPointer position1, ITextPointer position2)
: this(position1, position2, false /* ignoreTextUnitBoundaries */)
{
}

/// <summary>
/// Creates a new TextRange instance.
/// </summary>
/// <param name="position1">
/// </param>
/// TextPointer specifying the static end of the new TextRange.
/// <param name="position2">
/// TextPointer specifying the dynamic end of the new TextRange.
/// </param>
/// <param name="useRestrictiveXamlXmlReader">
/// Boolean flag. False by default, set to true to disable external xaml loading in specific scenarios like StickyNotes annotation loading
/// </param>
internal TextRange(TextPointer position1, TextPointer position2, bool useRestrictiveXamlXmlReader) :
this((ITextPointer)position1, (ITextPointer)position2)
{
_useRestrictiveXamlXmlReader = useRestrictiveXamlXmlReader;
}

// ignoreTextUnitBoundaries - true if normalization should ignore text
Expand Down Expand Up @@ -1366,7 +1384,7 @@ internal string Xml
try
{
// Parse the fragment into a separate subtree
object xamlObject = XamlReader.Load(new XmlTextReader(new System.IO.StringReader(value)));
object xamlObject = XamlReader.Load(new XmlTextReader(new System.IO.StringReader(value)), _useRestrictiveXamlXmlReader);
TextElement fragment = xamlObject as TextElement;

if (fragment != null)
Expand Down Expand Up @@ -1900,6 +1918,9 @@ private enum Flags
// Boolean flags, set with Flags enum.
private Flags _flags;

// Boolean flag, set to true via constructor when you want to use the RestrictiveXamlXmlReader
private bool _useRestrictiveXamlXmlReader;

#endregion Private Fields
}
}
Loading