public HttpResponseMessage Post(UploadModel data) {
var cleanData = new UploadModel();
foreach (var propertyName in data.GetType().GetProperties()) {
var element = data.GetType().GetProperty(propertyName.Name).GetValue(data, null);
dynamic cleanValue = null;
// validate any strings that may come in.
// Any property value of the data object that doesn't match the property type of the UploadModel
// will be "kicked out," meaning C# will ignore the value passed and will set it to some valid
// default value in UploadModel. If a property like MonthlyUsers (int) is sent as a string
// when C# converts the data into the UploadModel, the MonthlyUsers will default to the value 0.
// Therefore, we really only need to check Strings, since those can be used to pass malicious values.
if (element != null && propertyName.PropertyType.Name == "String") {
cleanValue = AntiXssEncoder.HtmlEncode(element.ToString(), true);
}
else {
// we are only worried about Strings, so any null or non-String value we can safely pass on.
cleanValue = element;
}
// if element is null, obviously no validation needed.
cleanData
.GetType()
.GetProperty(propertyName.Name)
.SetValue(cleanData, cleanValue);
}
var result = new ResultObject();
try {
var proxy = new RESTProxy(new ProxyConfiguration(_contentManager, _encryptionService, ProxySettingTypes.Default));
var newItemId = proxy.Send(new JsonDTO
{
Title = string.Concat(cleanData.Company, "_", DateTime.Now.ToString("yyyyMMdd")),
PartnerFirstName = cleanData.FirstName,
PartnerLastName = cleanData.LastName,
PartnerEmail = cleanData.Email,
PartnerPhone = cleanData.Phone,
PartnerCompanyName = cleanData.Company,
PartnerIndustry = cleanData.Industry,
PartnerCompanyAddress = cleanData.CompanyAddress,
PartnerCountry = cleanData.Country,
PartnerStateProvince = cleanData.State,
PartnerCity = cleanData.City,
PartnerZip = cleanData.Zip,
ProductUrl = new UrlDTO { Url = cleanData.ProductUrl, Description = "" },
IntegrationType = cleanData.IntegrationType,
PartnershipScenarios = data.Scenarios, // not encoded
PartnershipDescription = data.Description, // not encoded
MonthlyUsers = cleanData.MonthlyUsers,
DailyUsers = cleanData.DailyUsers,
ViewSessions = cleanData.ViewSessions,
EditSessions = cleanData.EditSessions,
TotalWordDocuments = cleanData.MsWord,
TotalPPTDocuments = cleanData.MsPpt,
TotalExcelDocuments = cleanData.MsXl,
NorthAmerica = cleanData.NorthAmerica,
SouthAmerica = cleanData.SouthAmerica,
Europe = cleanData.Europe,
Asia = cleanData.Asia,
Africa = cleanData.Africa,
Australia = cleanData.Australia,
DatacentreDistribution = data.Distribution // not encoded
});
var newAttachmentIds = proxy.Attach(cleanData.EncodedImageData, newItemId);
result.Success = true;
try
{
//Nested try because an exception from sending mail could be anything
//and we don't want to tell the user we failed if sending the email fails
new MailHelper(_contentManager, _encryptionService).SendCloudStorageEmail(cleanData.Email, cleanData.FirstName);
}
catch (Exception exception)
{
Logger.Error(exception, string.Format("Error sending cloud storage email to {0}", cleanData.Email));
}
}
catch (Exception exception) {
result.Error = exception.Message;
}
var response = Request.CreateResponse(HttpStatusCode.OK, result, new System.Net.Http.Headers.MediaTypeHeaderValue("application/json"));
return response;
}
public HttpResponseMessage Post(ActivityFeedAPIFormUploadModel data)
{
var cleanData = new ActivityFeedAPIFormUploadModel();
foreach (var propertyName in data.GetType().GetProperties())
{
var element = data.GetType().GetProperty(propertyName.Name).GetValue(data, null);
dynamic cleanValue = null;
// validate any strings that may come in.
// Any property value of the data object that doesn't match the property type of the APIRequestUploadModel
// will be "kicked out," meaning C# will ignore the value passed and will set it to some valid
// default value in APIRequestUploadModel. If a property like MonthlyUsers (int) is sent as a string
// when C# converts the data into the UploadModel, the MonthlyUsers will default to the value 0.
// Therefore, we really only need to check Strings, since those can be used to pass malicious values.
if (element != null && propertyName.PropertyType.Name == "String")
{
cleanValue = AntiXssEncoder.HtmlEncode(element.ToString(), true);
}
else
{
// we are only worried about Strings, so any null or non-String value we can safely pass on.
cleanValue = element;
}
// if element is null, obviously no validation needed.
cleanData
.GetType()
.GetProperty(propertyName.Name)
.SetValue(cleanData, cleanValue);
}
var result = new ActivityFeedAPIFormResultObject();
try {
var config = new ProxyConfiguration(_contentManager, _encryptionService, ProxySettingTypes.APISubmission);
var proxy = new RESTProxy(config);
var newItemId = proxy.Send(new JsonDTOApiSubmission
{
Title = string.Concat(cleanData.CompanyName, "_", DateTime.Now.ToString("yyyyMMdd")),
SubmissionFirstName = cleanData.FirstName,
SubmissionLastName = cleanData.LastName,
SubmissionEmail = cleanData.Email,
SubmissionPhone = cleanData.Phone,
SubmissionCompanyName = cleanData.CompanyName,
SubmissionCompanyAddress = cleanData.CompanyAddress,
SubmissionCountry = cleanData.Country,
SubmissionState = cleanData.State,
SubmissionCity = cleanData.City,
SubmissionPostCode = cleanData.PostCode,
ProductPageUrl = new UrlDTO { Url = cleanData.PageUrl, Description = "" },
PlatformIntegrationDescription = data.PlatformIntegrationDescription,
SubmissionScenario = data.Scenarios,
MonthlyUsers = cleanData.MonthlyUsers,
DailyUsers = cleanData.DailyUsers,
Current365Customers = cleanData.Current365Customers,
Future365Customers = cleanData.Future365Customers,
IsvPartner = cleanData.IsvPartner
});
result.Success = true;
try
{
//Nested try because an exception from sending mail could be anything
//and we don't want to tell the user we failed if sending the email fails
//NOTE Email will not be sent if no From address
new MailHelper(_contentManager, _encryptionService).SendActivityFeedApiEmail(cleanData.Email, cleanData.FirstName);
}
catch(Exception exception)
{
Logger.Error(exception, string.Format("Error sending activity feed api email to {0}", cleanData.Email));
}
}
catch (Exception exception)
{
result.Error = exception.Message;
}
var response = Request.CreateResponse(HttpStatusCode.OK, result, new System.Net.Http.Headers.MediaTypeHeaderValue("application/json"));
return response;
}