From b5056a9410f423a7f0f46b057e0e6627ac44fb0d Mon Sep 17 00:00:00 2001 From: jonko0493 Date: Sun, 14 Jan 2024 02:58:59 -0800 Subject: [PATCH] Remove BinaryFormatter from DragDropLib --- src/Eto.Wpf/CustomControls/DragDropLib.cs | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/Eto.Wpf/CustomControls/DragDropLib.cs b/src/Eto.Wpf/CustomControls/DragDropLib.cs index b79bfbed3a..2a855a7d74 100755 --- a/src/Eto.Wpf/CustomControls/DragDropLib.cs +++ b/src/Eto.Wpf/CustomControls/DragDropLib.cs @@ -382,9 +382,10 @@ public static object GetManagedData(this IDataObject dataObject, string format) if (ManagedDataStamp.Equals(guid)) { // Stamp matched, so deserialize - BinaryFormatter formatter = new BinaryFormatter(); - Type dataType = (Type)formatter.Deserialize(dataStream); - object data2 = formatter.Deserialize(dataStream); + DataContractSerializer typeSerializer = new DataContractSerializer(typeof(Type)); + Type dataType = (Type)typeSerializer.ReadObject(dataStream); + DataContractSerializer objectSerializer = new DataContractSerializer(dataType); + object data2 = objectSerializer.ReadObject(dataStream); if (data2.GetType() == dataType) return data2; else if (data2 is string) @@ -442,9 +443,10 @@ private static void GetMediumFromObject(object data, out STGMEDIUM medium) // we'll try type conversion. Also, we serialize the type. That way, // during deserialization, we know which type to convert back to, if // appropriate. - BinaryFormatter formatter = new BinaryFormatter(); - formatter.Serialize(stream, data.GetType()); - formatter.Serialize(stream, GetAsSerializable(data)); + DataContractSerializer typeSerializer = new DataContractSerializer(typeof(Type)); + typeSerializer.WriteObject(stream, data.GetType()); + DataContractSerializer objectSerializer = new DataContractSerializer(data.GetType()); + objectSerializer.WriteObject(stream, GetAsSerializable(data)); // Now copy to an HGLOBAL byte[] bytes = stream.GetBuffer();