From 445bc609bc117f62cabf49e1462f7a43b0f8f9a2 Mon Sep 17 00:00:00 2001
From: MaceySoftware <Maceysoftware@gmail.com>
Date: Tue, 6 Aug 2024 18:19:59 +0100
Subject: [PATCH] #4133 Backfit of : Prevent use of .. or : in file path #3552
 (#4138)

---
 Source/Csla.Shared/Reflection/MethodCaller.cs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Source/Csla.Shared/Reflection/MethodCaller.cs b/Source/Csla.Shared/Reflection/MethodCaller.cs
index 3c7b81c0c6..46d8f112c6 100644
--- a/Source/Csla.Shared/Reflection/MethodCaller.cs
+++ b/Source/Csla.Shared/Reflection/MethodCaller.cs
@@ -234,7 +234,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
         string[] splitName = typeName.Split(',');
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
+
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else