File cve-2010-1459.patch of Package mono-core
Index: mcs/class/System.Web/System.Web.UI/PageParser.cs
===================================================================
--- mcs/class/System.Web/System.Web.UI/PageParser.cs (revision 154507)
+++ mcs/class/System.Web/System.Web.UI/PageParser.cs (working copy)
@@ -44,7 +44,8 @@
public sealed class PageParser : TemplateControlParser
{
PagesEnableSessionState enableSessionState = PagesEnableSessionState.True;
- bool enableViewStateMac = true;
+ bool enableViewStateMac;
+ bool enableViewStateMacSet;
bool smartNavigation;
bool haveTrace;
bool trace;
@@ -381,8 +382,12 @@
enable_event_validation = GetBool (atts, "EnableEventValidation", enable_event_validation);
maintainScrollPositionOnPostBack = GetBool (atts, "MaintainScrollPositionOnPostBack", maintainScrollPositionOnPostBack);
#endif
+ if (atts.ContainsKey ("EnableViewStateMac")) {
+ enableViewStateMac = GetBool (atts, "EnableViewStateMac", enableViewStateMac);
+ enableViewStateMacSet = true;
+ }
+
// Ignored by now
- GetString (atts, "EnableViewStateMac", null);
GetString (atts, "SmartNavigation", null);
base.ProcessMainAttributes (atts);
@@ -463,6 +468,10 @@
internal bool EnableViewStateMac {
get { return enableViewStateMac; }
}
+
+ internal bool EnableViewStateMacSet {
+ get { return enableViewStateMacSet; }
+ }
internal bool SmartNavigation {
get { return smartNavigation; }
Index: mcs/class/System.Web/System.Web.UI/Page.cs
===================================================================
--- mcs/class/System.Web/System.Web.UI/Page.cs (revision 154507)
+++ mcs/class/System.Web/System.Web.UI/Page.cs (working copy)
@@ -189,10 +189,15 @@
if (ps != null) {
asyncTimeout = ps.AsyncTimeout;
viewStateEncryptionMode = ps.ViewStateEncryptionMode;
+ _viewStateMac = ps.EnableViewStateMac;
} else {
asyncTimeout = TimeSpan.FromSeconds (DefaultAsyncTimeout);
viewStateEncryptionMode = ViewStateEncryptionMode.Auto;
}
+#else
+ PagesConfiguration ps = PagesConfiguration.GetInstance (HttpContext.Current);
+ if (ps != null)
+ _viewStateMac = ps.EnableViewStateMac;
#endif
}
Index: mcs/class/System.Web/System.Web.Configuration/PagesConfiguration.cs
===================================================================
--- mcs/class/System.Web/System.Web.Configuration/PagesConfiguration.cs (revision 154507)
+++ mcs/class/System.Web/System.Web.Configuration/PagesConfiguration.cs (working copy)
@@ -38,7 +38,7 @@
internal bool Buffer = true;
internal PagesEnableSessionState EnableSessionState = PagesEnableSessionState.True;
internal bool EnableViewState = true;
- internal bool EnableViewStateMac = false;
+ internal bool EnableViewStateMac = true;
internal bool SmartNavigation = false;
internal bool AutoEventWireup = true;
internal bool ValidateRequest = true;
Index: mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs
===================================================================
--- mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs (revision 154507)
+++ mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs (working copy)
@@ -286,11 +286,13 @@
protected override void AddStatementsToInitMethod (CodeMemberMethod method)
{
+ ILocation directiveLocation = pageParser.DirectiveLocation;
+ CodeArgumentReferenceExpression ctrlVar = new CodeArgumentReferenceExpression("__ctrl");
+
+ if (pageParser.EnableViewStateMacSet)
+ method.Statements.Add (AddLinePragma (CreatePropertyAssign (ctrlVar, "EnableViewStateMac", pageParser.EnableViewStateMac), directiveLocation));
#if NET_2_0
AddStatementsFromDirective (method);
- ILocation directiveLocation = pageParser.DirectiveLocation;
-
- CodeArgumentReferenceExpression ctrlVar = new CodeArgumentReferenceExpression("__ctrl");
if (pageParser.Title != null)
method.Statements.Add (AddLinePragma (CreatePropertyAssign (ctrlVar, "Title", pageParser.Title), directiveLocation));
