From b003bf93b747e8e62ba678b19a1effcb5b0e2121 Mon Sep 17 00:00:00 2001
From: dbuechel <damian.buechel@let.ethz.ch>
Date: Fri, 24 Jan 2020 10:19:11 +0100
Subject: [PATCH] SEBWIN-308: Implemented mechanism to block uploads.

---
 .../BrowserApplicationInstance.cs             | 23 ++++++++++++++-----
 .../DataMapping/BrowserDataMapper.cs          |  7 +++---
 .../ConfigurationData/Keys.cs                 |  2 +-
 .../Browser/BrowserSettings.cs                |  5 ++++
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/SafeExamBrowser.Browser/BrowserApplicationInstance.cs b/SafeExamBrowser.Browser/BrowserApplicationInstance.cs
index ac9f8870..3b6e5a0a 100644
--- a/SafeExamBrowser.Browser/BrowserApplicationInstance.cs
+++ b/SafeExamBrowser.Browser/BrowserApplicationInstance.cs
@@ -217,17 +217,28 @@ namespace SafeExamBrowser.Browser
 
 		private void DialogHandler_DialogRequested(DialogRequestedEventArgs args)
 		{
-			var result = fileSystemDialog.Show(args.Element, args.Operation, args.InitialPath, title: args.Title, owner: window);
+			var isDownload = args.Operation == FileSystemOperation.Save;
+			var isUpload = args.Operation == FileSystemOperation.Open;
+			var isAllowed = (isDownload && settings.AllowDownloads) || (isUpload && settings.AllowUploads);
 
-			if (result.Success)
+			if (isAllowed)
 			{
-				args.FullPath = result.FullPath;
-				args.Success = result.Success;
-				logger.Debug($"User selected path '{result.FullPath}' when asked to {args.Operation}->{args.Element}.");
+				var result = fileSystemDialog.Show(args.Element, args.Operation, args.InitialPath, title: args.Title, owner: window);
+
+				if (result.Success)
+				{
+					args.FullPath = result.FullPath;
+					args.Success = result.Success;
+					logger.Debug($"User selected path '{result.FullPath}' when asked to {args.Operation}->{args.Element}.");
+				}
+				else
+				{
+					logger.Debug($"User aborted file system dialog to {args.Operation}->{args.Element}.");
+				}
 			}
 			else
 			{
-				logger.Debug($"User aborted file system dialog to {args.Operation}->{args.Element}.");
+				logger.Info($"Blocked file system dialog to {args.Operation}->{args.Element}, as {(isDownload ? "downloading" : "uploading")} is not allowed.");
 			}
 		}
 
diff --git a/SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs b/SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs
index c075d18f..491ec18d 100644
--- a/SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs
+++ b/SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs
@@ -30,8 +30,8 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 				case Keys.Browser.AllowDeveloperConsole:
 					MapAllowDeveloperConsole(settings, value);
 					break;
-				case Keys.Browser.AllowDownloads:
-					MapAllowDownloads(settings, value);
+				case Keys.Browser.AllowDownloadsAndUploads:
+					MapAllowDownloadsAndUploads(settings, value);
 					break;
 				case Keys.Browser.AllowPageZoom:
 					MapAllowPageZoom(settings, value);
@@ -162,11 +162,12 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 			}
 		}
 
-		private void MapAllowDownloads(AppSettings settings, object value)
+		private void MapAllowDownloadsAndUploads(AppSettings settings, object value)
 		{
 			if (value is bool allow)
 			{
 				settings.Browser.AllowDownloads = allow;
+				settings.Browser.AllowUploads = allow;
 			}
 		}
 
diff --git a/SafeExamBrowser.Configuration/ConfigurationData/Keys.cs b/SafeExamBrowser.Configuration/ConfigurationData/Keys.cs
index 23546863..2bb3db82 100644
--- a/SafeExamBrowser.Configuration/ConfigurationData/Keys.cs
+++ b/SafeExamBrowser.Configuration/ConfigurationData/Keys.cs
@@ -44,7 +44,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			internal const string AllowConfigurationDownloads = "downloadAndOpenSebConfig";
 			internal const string AllowCustomDownloadLocation = "allowCustomDownloadLocation";
 			internal const string AllowDeveloperConsole = "allowDeveloperConsole";
-			internal const string AllowDownloads = "allowDownUploads";
+			internal const string AllowDownloadsAndUploads = "allowDownUploads";
 			internal const string AllowPageZoom = "enableZoomPage";
 			internal const string CustomUserAgentDesktop = "browserUserAgentWinDesktopModeCustom";
 			internal const string CustomUserAgentMobile = "browserUserAgentWinTouchModeCustom";
diff --git a/SafeExamBrowser.Settings/Browser/BrowserSettings.cs b/SafeExamBrowser.Settings/Browser/BrowserSettings.cs
index 418ede6a..68c8b93b 100644
--- a/SafeExamBrowser.Settings/Browser/BrowserSettings.cs
+++ b/SafeExamBrowser.Settings/Browser/BrowserSettings.cs
@@ -41,6 +41,11 @@ namespace SafeExamBrowser.Settings.Browser
 		/// </summary>
 		public bool AllowPageZoom { get; set; }
 
+		/// <summary>
+		/// Determines whether the user will be allowed to upload files.
+		/// </summary>
+		public bool AllowUploads { get; set; }
+
 		/// <summary>
 		/// Determines whether the user needs to confirm the termination of SEB by <see cref="QuitUrl"/>.
 		/// </summary>