You've already forked linux-packaging-mono
Imported Upstream version 4.3.2.467
Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
This commit is contained in:
@@ -70,7 +70,7 @@ namespace System.Web.Configuration {
|
||||
return (o != null && StringUtil.EqualsIgnoreCase(Extension, o.Extension) && Type == o.Type);
|
||||
}
|
||||
public override int GetHashCode() {
|
||||
return HashCodeCombiner.CombineHashCodes(Extension.ToLower(CultureInfo.InvariantCulture).GetHashCode(),
|
||||
return HashCodeCombiner.CombineHashCodes(StringUtil.GetNonRandomizedHashCode(Extension.ToLower(CultureInfo.InvariantCulture)),
|
||||
Type.GetHashCode());
|
||||
}
|
||||
|
||||
|
@@ -61,7 +61,7 @@ namespace System.Web.Configuration {
|
||||
return (o != null && StringUtil.EqualsIgnoreCase(Name, o.Name) && Type == o.Type);
|
||||
}
|
||||
public override int GetHashCode() {
|
||||
return HashCodeCombiner.CombineHashCodes(Name.ToLower(CultureInfo.InvariantCulture).GetHashCode(),
|
||||
return HashCodeCombiner.CombineHashCodes(StringUtil.GetNonRandomizedHashCode(Name.ToLower(CultureInfo.InvariantCulture)),
|
||||
Type.GetHashCode());
|
||||
}
|
||||
|
||||
|
@@ -404,7 +404,8 @@ namespace System.Web.Configuration {
|
||||
return null;
|
||||
}
|
||||
|
||||
Regex regex = new Regex("\\.NET CLR (?'clrVersion'[0-9\\.]*)");
|
||||
// Adding timeout for Regex in case of malicious UA string causing DoS
|
||||
Regex regex = RegexUtil.CreateRegex("\\.NET CLR (?'clrVersion'[0-9\\.]*)", RegexOptions.None);
|
||||
MatchCollection matches = regex.Matches(ua);
|
||||
|
||||
if (matches.Count == 0) {
|
||||
|
@@ -106,8 +106,8 @@ namespace System.Web.Configuration
|
||||
|
||||
internal byte[] ValidationKeyInternal { get { RuntimeDataInitialize(); return (byte[])_ValidationKey.Clone(); } }
|
||||
internal byte[] DecryptionKeyInternal { get { RuntimeDataInitialize(); return (byte[])_DecryptionKey.Clone(); } }
|
||||
internal static int HashSize { get { s_config.RuntimeDataInitialize(); return _HashSize; } }
|
||||
internal static int ValidationKeySize { get { s_config.RuntimeDataInitialize(); return _AutoGenValidationKeySize; } }
|
||||
internal static int HashSize { get { EnsureConfig(); s_config.RuntimeDataInitialize(); return _HashSize; } }
|
||||
internal static int ValidationKeySize { get { EnsureConfig(); s_config.RuntimeDataInitialize(); return _AutoGenValidationKeySize; } }
|
||||
|
||||
static MachineKeySection()
|
||||
{
|
||||
@@ -369,7 +369,7 @@ namespace System.Web.Configuration
|
||||
}
|
||||
if (fAppSpecific)
|
||||
{
|
||||
int dwCode = StringComparer.InvariantCultureIgnoreCase.GetHashCode( appName );
|
||||
int dwCode = StringUtil.GetNonRandomizedStringComparerHashCode(appName);
|
||||
_ValidationKey[0] = (byte)(dwCode & 0xff);
|
||||
_ValidationKey[1] = (byte)((dwCode & 0xff00) >> 8);
|
||||
_ValidationKey[2] = (byte)((dwCode & 0xff0000) >> 16);
|
||||
@@ -377,7 +377,7 @@ namespace System.Web.Configuration
|
||||
}
|
||||
if (fAppIdSpecific)
|
||||
{
|
||||
int dwCode = StringComparer.InvariantCultureIgnoreCase.GetHashCode( appId );
|
||||
int dwCode = StringUtil.GetNonRandomizedStringComparerHashCode(appId);
|
||||
_ValidationKey[4] = (byte)(dwCode & 0xff);
|
||||
_ValidationKey[5] = (byte)((dwCode & 0xff00) >> 8);
|
||||
_ValidationKey[6] = (byte)((dwCode & 0xff0000) >> 16);
|
||||
@@ -425,7 +425,7 @@ namespace System.Web.Configuration
|
||||
}
|
||||
if (fAppSpecific)
|
||||
{
|
||||
int dwCode = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appName);
|
||||
int dwCode = StringUtil.GetNonRandomizedStringComparerHashCode(appName);
|
||||
_DecryptionKey[0] = (byte)(dwCode & 0xff);
|
||||
_DecryptionKey[1] = (byte)((dwCode & 0xff00) >> 8);
|
||||
_DecryptionKey[2] = (byte)((dwCode & 0xff0000) >> 16);
|
||||
@@ -433,7 +433,7 @@ namespace System.Web.Configuration
|
||||
}
|
||||
if (fAppIdSpecific)
|
||||
{
|
||||
int dwCode = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appId);
|
||||
int dwCode = StringUtil.GetNonRandomizedStringComparerHashCode(appId);
|
||||
_DecryptionKey[4] = (byte)(dwCode & 0xff);
|
||||
_DecryptionKey[5] = (byte)((dwCode & 0xff00) >> 8);
|
||||
_DecryptionKey[6] = (byte)((dwCode & 0xff0000) >> 16);
|
||||
|
@@ -48,6 +48,7 @@ namespace System.Web.Configuration {
|
||||
minRequiredPasswordLength="int" The minimum number of characters required in a password
|
||||
minRequiredNonAlphanumericCharacters="int" The minimum number of non-alphanumeric characters that are required in a password
|
||||
passwordStrengthRegularExpression="string" The regular expression used to test the password strength
|
||||
passwordStrengthRegexTimeout="int" The timeout in milliseconds for the regex we use to check password strength
|
||||
-->
|
||||
|
||||
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" >
|
||||
@@ -60,6 +61,7 @@ namespace System.Web.Configuration {
|
||||
minRequiredPasswordLength="7"
|
||||
minRequireNonAlphanumericCharacters="1"
|
||||
passwordStrengthRegularExpression=""
|
||||
passwordStrengthRegexTimeout="2000"
|
||||
enablePasswordRetrieval="false"
|
||||
enablePasswordReset="true"
|
||||
requiresQuestionAndAnswer="true"
|
||||
|
@@ -88,7 +88,8 @@ namespace System.Web.Configuration {
|
||||
target = String.Empty;
|
||||
}
|
||||
|
||||
Regex regex = new Regex(regexExpression, RegexOptions.ExplicitCapture);
|
||||
// Adding timeout for Regex in case of malicious string causing DoS
|
||||
Regex regex = RegexUtil.CreateRegex(regexExpression, RegexOptions.ExplicitCapture);
|
||||
Match match = regex.Match(target);
|
||||
if(match.Success == false) {
|
||||
return false;
|
||||
|
@@ -59,7 +59,6 @@ namespace System.Web.Configuration {
|
||||
// For config implemented with IConfigurationSectionHandler, this
|
||||
// may return null, non-null, or throw an exception.
|
||||
//
|
||||
[System.Runtime.TargetedPatchingOptOut("Performance critical to inline across NGen image boundaries")]
|
||||
static internal RuntimeConfig GetConfig(HttpContext context) {
|
||||
if (!HttpConfigurationSystem.UseHttpConfigurationSystem) {
|
||||
return GetClientRuntimeConfig();
|
||||
@@ -359,7 +358,6 @@ namespace System.Web.Configuration {
|
||||
}
|
||||
|
||||
internal PagesSection Pages {
|
||||
[System.Runtime.TargetedPatchingOptOut("Performance critical to inline across NGen image boundaries")]
|
||||
get {
|
||||
return (PagesSection) GetSection("system.web/pages", typeof(PagesSection), ResultsIndex.Pages);
|
||||
}
|
||||
|
@@ -9,4 +9,4 @@ namespace System.Web.Configuration {
|
||||
Framework20 = 0,
|
||||
Framework40 = 1,
|
||||
}
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user