https://bugzilla.novell.com/show_bug.cgi?id=467221
https://bugzilla.novell.com/show_bug.cgi?id=467221#c10 Mike Morano <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Version|2.6.x |2.8.x Target Milestone|2.6.x |2.8.x --- Comment #10 from Mike Morano <[email protected]> 2010-09-16 02:47:38 UTC --- Hi Marek, I was wondering if you had any luck with the test site, and reproducing the issue. I've started trying to do a little digging to see if I could find anything, and have noticed a couple things. If I update the url in the sitemap to be "~/admin" rather than "~/admin/index.aspx" then security trimming does seem to take hold. based on this, and looking through the code, the general path of interest the code seems to take is: WebConfigurationManager.LookUpLocation Configuration.FindLocationConfiguration ConfigurationLocationCollection.Find I could see the relative path from the sitemap go through here, for example: admin/index.aspx. Of course, in the web.config, the location is defined with a path="admin" so the string compare of "admin/index.aspx" will not match "admin". However, if I update the code to try to fall back for paths, this seems to start to work (though I would expect this is not the right place for the fix, the code below illustrates my point - and does trim in my test env): in ConfigurationLocationCollection: internal ConfigurationLocation Find (string location) { // find the most specific location possible, and when the full path does not match, fall back // to searching for path membership while(!string.IsNullOrEmpty(location)) { foreach (ConfigurationLocation loc in InnerList) { if (String.Compare (loc.Path, location, StringComparison.OrdinalIgnoreCase) == 0) { return loc; } } int idx = location.LastIndexOf("/"); if(idx <= 0) { location = null; } else { location = location.Remove(idx); } } return null; } Hope this helps, sorry I have next to no time to help out, I'm in quite a different spot than a couple years ago... All the best, Mike -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
