SEBWIN-308: Implemented mechanism to block uploads.

SafeExamBrowser.Browser/BrowserApplicationInstance.cs

@@ -217,17 +217,28 @@ namespace SafeExamBrowser.Browser
 
 		private void DialogHandler_DialogRequested(DialogRequestedEventArgs args)
 		{
-			var result = fileSystemDialog.Show(args.Element, args.Operation, args.InitialPath, title: args.Title, owner: window);
+			var isDownload = args.Operation == FileSystemOperation.Save;
+			var isUpload = args.Operation == FileSystemOperation.Open;
+			var isAllowed = (isDownload && settings.AllowDownloads) || (isUpload && settings.AllowUploads);
 
-			if (result.Success)
+			if (isAllowed)
 			{
-				args.FullPath = result.FullPath;
+				var result = fileSystemDialog.Show(args.Element, args.Operation, args.InitialPath, title: args.Title, owner: window);
-				args.Success = result.Success;
+
-				logger.Debug($"User selected path '{result.FullPath}' when asked to {args.Operation}->{args.Element}.");
+				if (result.Success)
+				{
+					args.FullPath = result.FullPath;
+					args.Success = result.Success;
+					logger.Debug($"User selected path '{result.FullPath}' when asked to {args.Operation}->{args.Element}.");
+				}
+				else
+				{
+					logger.Debug($"User aborted file system dialog to {args.Operation}->{args.Element}.");
+				}
 			}
 			else
 			{
-				logger.Debug($"User aborted file system dialog to {args.Operation}->{args.Element}.");
+				logger.Info($"Blocked file system dialog to {args.Operation}->{args.Element}, as {(isDownload ? "downloading" : "uploading")} is not allowed.");
 			}
 		}
 

SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs

@@ -30,8 +30,8 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 				case Keys.Browser.AllowDeveloperConsole:
 					MapAllowDeveloperConsole(settings, value);
 					break;
-				case Keys.Browser.AllowDownloads:
+				case Keys.Browser.AllowDownloadsAndUploads:
-					MapAllowDownloads(settings, value);
+					MapAllowDownloadsAndUploads(settings, value);
 					break;
 				case Keys.Browser.AllowPageZoom:
 					MapAllowPageZoom(settings, value);
@@ -162,11 +162,12 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
 			}
 		}
 
-		private void MapAllowDownloads(AppSettings settings, object value)
+		private void MapAllowDownloadsAndUploads(AppSettings settings, object value)
 		{
 			if (value is bool allow)
 			{
 				settings.Browser.AllowDownloads = allow;
+				settings.Browser.AllowUploads = allow;
 			}
 		}
 

SafeExamBrowser.Configuration/ConfigurationData/Keys.cs

@@ -44,7 +44,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			internal const string AllowConfigurationDownloads = "downloadAndOpenSebConfig";
 			internal const string AllowCustomDownloadLocation = "allowCustomDownloadLocation";
 			internal const string AllowDeveloperConsole = "allowDeveloperConsole";
-			internal const string AllowDownloads = "allowDownUploads";
+			internal const string AllowDownloadsAndUploads = "allowDownUploads";
 			internal const string AllowPageZoom = "enableZoomPage";
 			internal const string CustomUserAgentDesktop = "browserUserAgentWinDesktopModeCustom";
 			internal const string CustomUserAgentMobile = "browserUserAgentWinTouchModeCustom";

SafeExamBrowser.Settings/Browser/BrowserSettings.cs

@@ -41,6 +41,11 @@ namespace SafeExamBrowser.Settings.Browser
 		/// </summary>
 		public bool AllowPageZoom { get; set; }
 
+		/// <summary>
+		/// Determines whether the user will be allowed to upload files.
+		/// </summary>
+		public bool AllowUploads { get; set; }
+
 		/// <summary>
 		/// Determines whether the user needs to confirm the termination of SEB by <see cref="QuitUrl"/>.
 		/// </summary>