[DotNetDevelopment] Re: List files from directory

Fri, 03 Jul 2009 22:11:59 -0700 

here in my following code im listing files from dynamically created
folder (folder name is userid of the user)
i can get all files in grid...
bt im nt getting virtual path of file
in grid im getting link like this
http://www.site.com/pcs/admin/testt.doc
but actaul file path is
http://www.site.com/pcs/admin/1/testt.doc


void Page_Load(object sender, EventArgs e)
    {
        string dirname = Session["projectid"].ToString();

        string Path = Server.MapPath(".") + "\\" + dirname;

        DirectoryInfo dirInfo = new DirectoryInfo(Path);

        articleList.DataSource = dirInfo.GetFiles("*.*");
        articleList.DataBind();
    }




<asp:DataGrid runat="server" id="articleList" Font-Name="Verdana"
    AutoGenerateColumns="False" AlternatingItemStyle-
BackColor="#eeeeee"
    HeaderStyle-BackColor="Navy" HeaderStyle-ForeColor="White"
    HeaderStyle-Font-Size="15pt" HeaderStyle-Font-Bold="True">
  <Columns>
    <asp:HyperLinkColumn DataNavigateUrlField="Name"
DataTextField="Name"
           HeaderText="File Name" />
    <asp:BoundColumn DataField="LastWriteTime" HeaderText="Last Write
Time"
        ItemStyle-HorizontalAlign="Center" DataFormatString="{0:d}" /
>
    <asp:BoundColumn DataField="Length" HeaderText="File Size"
                ItemStyle-HorizontalAlign="Right"
                DataFormatString="{0:#,### bytes}" />
  </Columns>
</asp:DataGrid>





On Jul 3, 1:35 pm, Processor Devil <[email protected]> wrote:
> ok, so why do you think it is unsecure? :P
>
> 2009/7/3 nag <[email protected]>
>
>
>
>
>
> > ahahha hmmm...nice jke.. ( :
>
> > On Jul 2, 11:59 am, Processor Devil <[email protected]> wrote:
> > > I see you know a lot :)
>
> > > 2009/7/1 Cerebrus <[email protected]>
>
> > > > Directory Traversal... also known as the Canonicalization attack. Very
> > > > good! ;-)
>
> > > > On Jul 1, 8:14 pm, Processor Devil <[email protected]> wrote:
> > > > > Well, ok, Directory Travelsal (that is the name of the exploit), is
> > > > really
> > > > > very well known and I don't think that .NET would allow you to do
> > this.
> > > > If
> > > > > you don't trust me, just try it yourself or instead of MapPath use
> > your
> > > > > constant.- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -

Reply via email to