0

我们有一个带有管理区域(areaname = 'admin')的 ASP.NET MVC 3 WebApp。

在管理区域的页面(Razor => Index.cshtml)上,我调用:

@Html.RouteLink("Preview", Resources_Blog.Route_Name_StaticPages, new { pagename = page.Slug, area = "" }, new {target = "_blank", Request.Url.Scheme})

Route 在 global.asax 中声明如下:

routes.MapRoute(
            Resources_Blog.Route_Name_StaticPages, // Routename
            Resources_Blog.Route_Url_StaticPages + "/{pagename}", // URL with parameters
            new { controller = "Home", action = "Page", page = UrlParameter.Optional, area = "" }, // Defaults
            new[] { "My.Namespace.Controllers" }
        );

资源是:

Route_Name_StaticPages = "StaticPages" 
Route_Url_StaticPages  = "static"

当页面被渲染或应该被渲染时,我得到这个异常:

System.Web.HttpException (0x80004005): Cannot use a leading .. to exit above the top directory.
at System.Web.Util.UrlPath.ReduceVirtualPath(String path)
at System.Web.Util.UrlPath.Reduce(String path)
at System.Web.HttpResponse.ApplyAppPathModifier(String virtualPath)
at System.Web.Routing.RouteCollection.NormalizeVirtualPath(RequestContext requestContext, String virtualPath)
at System.Web.Routing.RouteCollection.GetVirtualPath(RequestContext requestContext, String name, RouteValueDictionary values)
at System.Web.Mvc.RouteCollectionExtensions.GetVirtualPathForArea(RouteCollection routes, RequestContext requestContext, String name, RouteValueDictionary values, Boolean& usingAreas)
at System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues)
at System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, String protocol, String hostName, String fragment, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues)
at System.Web.Mvc.HtmlHelper.GenerateLinkInternal(RequestContext requestContext, RouteCollection routeCollection, String linkText, String routeName, String actionName, String controllerName, String protocol, String hostName, String fragment, RouteValueDictionary routeValues, IDictionary`2 htmlAttributes, Boolean includeImplicitMvcValues)
at System.Web.Mvc.Html.LinkExtensions.RouteLink(HtmlHelper htmlHelper, String linkText, String routeName, RouteValueDictionary routeValues, IDictionary`2 htmlAttributes)

不幸的是,该异常仅在 livesystem 而不是在developsystem 上引发,因此我无法真正调试它。它是一个 IIS 7。

我还尝试在没有 area-parameter 的情况下调用 RouteLink 方法也会引发异常:

Html.RouteLink("Preview", Resources_Blog.Route_Name_StaticPages, new { pagename = page.Slug, area = "" }, new {target = "_blank", Request.Url.Scheme})

另一个尝试是调用 RouteUrl 但它也失败了:

<a target="_blank" href="@Url.RouteUrl(Resources_Blog.Route_Name_StaticPages, new { pagename = page.Slug })">@Resources_Administration.Pages_StaticPage_Show</a>

有人可以帮助我们吗?

是 IIS 配置问题还是区域配置错误?

4

1 回答 1

0

“解决”了问题。

VA-Test 成功注入了一个包含“\..\..\..\..\..\..”的鼻涕虫。因此该异常被正确抛出。

于 2014-08-13T06:34:07.633 回答