From f3a5c3474974f60ce3c8ffbd5d91c23a1e397ea4 Mon Sep 17 00:00:00 2001
From: MaceySoftware <Maceysoftware@gmail.com>
Date: Tue, 6 Aug 2024 20:03:06 +0100
Subject: [PATCH] #4133 Backfit of : Prevent use of .. or : in file path #3552
 (#4144)

---
 Source/Csla/Reflection/MethodCaller.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Source/Csla/Reflection/MethodCaller.cs b/Source/Csla/Reflection/MethodCaller.cs
index e791076020..1aa039dc9f 100644
--- a/Source/Csla/Reflection/MethodCaller.cs
+++ b/Source/Csla/Reflection/MethodCaller.cs
@@ -252,8 +252,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
 
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
 
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else