string ICallbackEventHandler.GetCallbackResult() { // Prepare the parameters for dialog string result = string.Empty; if (!string.IsNullOrEmpty(mCallbackValues)) { bool isValid = false; string[] values = mCallbackValues.Split(NODE_SEPARATOR); if (values.Length == 2) { // Check hash of the selected item string[] checkValues = values[1].Split('#'); var settings = new HashSettings { Redirect = false }; isValid = (checkValues.Length == 2) && ValidationHelper.ValidateHash(checkValues[0].Trim(';'), checkValues[1], settings); } if (isValid) { // Get new hash for currently selected items result = ValidationHelper.GetHashString(values[0]); } } return(result); }
protected override void OnPreInit(EventArgs e) { isDialog = QueryHelper.GetBoolean("editonlycode", false); if (isDialog) { // Check hash var settings = new HashSettings { Redirect = false }; if (!QueryHelper.ValidateHash("hash", "saved;name;templateid;selectorid;tabmode;siteid;selectedsiteid", settings, true)) { URLHelper.Redirect(ResolveUrl(String.Format("~/CMSMessages/Error.aspx?title={0}&text={1}", GetString("dialogs.badhashtitle"), GetString("dialogs.badhashtext")))); } string templateName = QueryHelper.GetString("name", String.Empty); EmailTemplateInfo templateInfo = EmailTemplateProvider.GetEmailTemplate(templateName, SiteID); if (templateInfo != null) { EditedObject = templateInfo; } MasterPageFile = "~/CMSMasterPages/UI/Dialogs/ModalDialogPage.master"; } base.OnPreInit(e); }
/// <summary> /// Validates the password against the existing hash. /// </summary> /// <param name="password">The password. This cannot be null.</param> /// <param name="encodedHash">The encoded hash. This cannot be empty or null.</param> /// <returns></returns> /// <exception cref="ArgumentNullException"> /// <paramref name="password"/> cannot be null. <paramref name="encodedHash"/> cannot be empty or null. /// </exception> public static bool ValidatePassword(string password, string encodedHash) { if (password == null) { throw new ArgumentNullException(nameof(password)); } if (string.IsNullOrEmpty(encodedHash)) { throw new ArgumentNullException(nameof(encodedHash)); } int actualVersion; byte[] actualSalt; byte[] actualHash; bool result = false; if (TryDecodeSaltedHash(encodedHash, out actualVersion, out actualSalt, out actualHash)) { HashSettings hashSettings = HashSettings.GetHashSettings(actualVersion); byte[] expectedHash = CreateSaltedHash(password, actualSalt, hashSettings.IterationsCount, actualHash.Length); result = CompareHashes(expectedHash, actualHash); } return(result); }
protected override void OnPreInit(EventArgs e) { isDialog = QueryHelper.GetBoolean("editonlycode", false); if (isDialog) { // Check hash var settings = new HashSettings("") { Redirect = false }; if (!QueryHelper.ValidateHash("hash", "saved;name;templateid;selectorid;tabmode;siteid;selectedsiteid", settings, true)) { URLHelper.Redirect(AdministrationUrlHelper.GetErrorPageUrl("dialogs.badhashtitle", "dialogs.badhashtext")); } string templateName = QueryHelper.GetString("name", String.Empty); EmailTemplateInfo templateInfo = EmailTemplateInfo.Provider.Get(templateName, SiteID); if (templateInfo != null) { EditedObject = templateInfo; } MasterPageFile = "~/CMSMasterPages/UI/Dialogs/ModalDialogPage.master"; } base.OnPreInit(e); }
/// <summary> /// Creates the salted hash using the default <see cref="HashSettings"/>. /// </summary> /// <param name="input">The input.</param> /// <returns></returns> /// <exception cref="ArgumentNullException"> /// <paramref name="input"/> cannot be null. /// </exception> public static string CreateEncodedSaltedHash(string input) { if (string.IsNullOrEmpty(input)) { throw new ArgumentNullException(nameof(input)); } // Get the current hash settings HashSettings hashSettings = HashSettings.GetHashSettings( ); return(CreateEncodedSaltedHash(input, hashSettings)); }
/// <summary> /// Page Load. /// </summary> protected void Page_Load(object sender, EventArgs e) { Guid userGuid = QueryHelper.GetGuid("userguid", Guid.Empty); // If StopProcessing flag is set or userguid is empty, do nothing if (StopProcessing || (userGuid == Guid.Empty)) { Visible = false; return; } // Validate hash var settings = new HashSettings { UserSpecific = false }; if (!QueryHelper.ValidateHash("hash", "aliaspath", settings)) { URLHelper.Redirect(UIHelper.GetErrorPageUrl("dialogs.badhashtitle", "dialogs.badhashtext")); } // Get registered user RegisteredUser = UserInfoProvider.GetUserInfoByGUID(userGuid); // Get default alias path where user will be redirected to string defaultAliasPath = SettingsKeyInfoProvider.GetValue(SiteContext.CurrentSiteName + ".CMSDefaultAliasPath"); string url = DocumentURLProvider.GetUrl(defaultAliasPath); // Set default url DefaultUrl = ResolveUrl(DataHelper.GetNotEmpty(url, "~/")); bool controlPb = false; if (RequestHelper.IsPostBack()) { Control pbCtrl = ControlsHelper.GetPostBackControl(Page); if (pbCtrl == btnConfirm) { controlPb = true; } } SetupControls(!controlPb); if (!controlPb) { CheckUserStatus(); } }
/// <summary> /// Checks if hash is valid (there are two parameters excluded from hash validation - backlink and cancel) /// </summary> /// <returns>True if hash is valid, otherwise false</returns> private bool IsHashValid() { bool isValid = false; var hashSettings = new HashSettings() { Redirect = false }; if (QueryHelper.ValidateHash("hash", "cancel", hashSettings)) { isValid = true; } return(isValid); }
/// <summary> /// Gets the text to be displayed as an information message. /// If the hash is valid return the value from the query string, otherwise return empty string. /// </summary> /// <returns>Information message text</returns> private static string GetMessageText() { // Set the default message text shown when page parameters are not consistent. string messageText = GetString("page.notconsistentparameters"); // Hash settings do not allow redirect when hash is not valid var hashSettings = new HashSettings { Redirect = false }; // Validate the hash, exclude the requestguid parameter used in system development mode. if (QueryHelper.ValidateHash("hash", "requestguid", hashSettings)) { // If hash is valid get the message from URL messageText = QueryHelper.GetText("message", QueryHelper.GetText("resstring", "")); } return GetString(messageText); }
protected void Page_Load(object sender, EventArgs e) { // If StopProcessing flag is set, do nothing if (StopProcessing) { Visible = false; return; } // Validate hash var settings = new HashSettings { UserSpecific = false }; if (!QueryHelper.ValidateHash("hash", "aliaspath", settings)) { URLHelper.Redirect(UIHelper.GetErrorPageUrl("dialogs.badhashtitle", "dialogs.badhashtext")); } // Get data from query string mSubscriptionHash = QueryHelper.GetString("forumsubscriptionhash", string.Empty); mRequestTime = QueryHelper.GetString("datetime", string.Empty); bool controlPb = false; if (RequestHelper.IsPostBack()) { Control pbCtrl = ControlsHelper.GetPostBackControl(Page); if (pbCtrl == btnConfirm) { controlPb = true; } } // Setup controls SetupControls(!controlPb); if (!controlPb) { CheckAndSubscribe(mSubscriptionHash, mRequestTime, true); } }
/// <summary> /// Gets the text to be displayed as an information message. /// If the hash is valid return the value from the query string, otherwise return empty string. /// </summary> /// <returns>Information message text</returns> private static string GetMessageText() { // Set the default message text shown when page parameters are not consistent. string messageText = GetString("page.notconsistentparameters"); // Hash settings do not allow redirect when hash is not valid var hashSettings = new HashSettings { Redirect = false }; // Validate the hash, exclude the requestguid parameter used in system development mode. if (QueryHelper.ValidateHash("hash", "requestguid", hashSettings)) { // If hash is valid get the message from URL messageText = QueryHelper.GetText("message", QueryHelper.GetText("resstring", "")); } return(GetString(messageText)); }
protected void Page_Load(object sender, EventArgs e) { if (!QueryHelper.ValidateHash("hash")) { URLHelper.Redirect(AdministrationUrlHelper.GetErrorPageUrl("imageeditor.badhashtitle", "imageeditor.badhashtext")); } else { ScriptHelper.RegisterJQueryCrop(Page); ScriptHelper.RegisterScriptFile(Page, "~/CMSAdminControls/ImageEditor/ImageEditorInnerPage.js"); CssRegistration.RegisterBootstrap(Page); string imgUrl = QueryHelper.GetString("imgurl", null); if (String.IsNullOrEmpty(imgUrl)) { string query = RequestContext.CurrentQueryString; query = URLHelper.RemoveParameterFromUrl(query, "hash"); var settings = new HashSettings { HashSalt = HashValidationSalts.GET_IMAGE_VERSION }; query = URLHelper.AddParameterToUrl(query, "hash", ValidationHelper.GetHashString(query, settings)); imgContent.ImageUrl = UrlResolver.ResolveUrl("~/CMSPages/GetImageVersion.aspx" + query); int imgwidth = QueryHelper.GetInteger("imgwidth", 0); int imgheight = QueryHelper.GetInteger("imgheight", 0); if ((imgwidth > 0) && (imgheight > 0)) { imgContent.Width = imgwidth; imgContent.Height = imgheight; } } else { imgContent.ImageUrl = imgUrl; } } }
protected void Page_Load(object sender, EventArgs e) { if (!QueryHelper.ValidateHash("hash")) { URLHelper.Redirect(UIHelper.GetErrorPageUrl("imageeditor.badhashtitle", "imageeditor.badhashtext")); } else { ScriptHelper.RegisterJQueryCrop(Page); ScriptHelper.RegisterScriptFile(Page, "~/CMSAdminControls/ImageEditor/ImageEditorInnerPage.js"); CSSHelper.RegisterBootstrap(Page); string imgUrl = QueryHelper.GetString("imgurl", null); if (String.IsNullOrEmpty(imgUrl)) { string query = RequestContext.CurrentQueryString; query = URLHelper.RemoveParameterFromUrl(query, "hash"); var settings = new HashSettings { HashSalt = HashValidationSalts.GET_IMAGE_VERSION }; query = URLHelper.AddParameterToUrl(query, "hash", ValidationHelper.GetHashString(query, settings)); imgContent.ImageUrl = URLHelper.ResolveUrl("~/CMSPages/GetImageVersion.aspx" + query); int imgwidth = QueryHelper.GetInteger("imgwidth", 0); int imgheight = QueryHelper.GetInteger("imgheight", 0); if ((imgwidth > 0) && (imgheight > 0)) { imgContent.Width = imgwidth; imgContent.Height = imgheight; } } else { imgContent.ImageUrl = imgUrl; } } }
/// <summary> /// Create the salted hash using the given <see cref="HashSettings"/>. /// </summary> /// <param name="input">The input.</param> /// <param name="hashSettings"></param> /// <returns></returns> /// <exception cref="ArgumentNullException"> /// No argument can be null. /// </exception> public static string CreateEncodedSaltedHash(string input, HashSettings hashSettings) { if (string.IsNullOrEmpty(input)) { throw new ArgumentNullException(nameof(input)); } if (hashSettings == null) { throw new ArgumentNullException(nameof(hashSettings)); } // Create the salt data byte[] salt = GetRandomBytes(hashSettings.SaltBytesCount); // Hash the input using the specified salt and settings. byte[] hash = CreateSaltedHash(input, salt, hashSettings.IterationsCount, hashSettings.HashBytesCount); // Encode the hash as a string return(EncodeSaltedHash(hashSettings.Version, salt, hash)); }
protected override void OnPreInit(EventArgs e) { isDialog = QueryHelper.GetBoolean("editonlycode", false); if (isDialog) { // Check hash var settings = new HashSettings { Redirect = false }; if (!QueryHelper.ValidateHash("hash", "saved;name;templateid;selectorid;tabmode;siteid;selectedsiteid", settings, true)) { URLHelper.Redirect(UIHelper.GetErrorPageUrl("dialogs.badhashtitle", "dialogs.badhashtext")); } MasterPageFile = "~/CMSMasterPages/UI/Dialogs/ModalDialogPage.master"; } base.OnPreInit(e); }
/// <summary> /// Gets the hash settings given a specified version. /// </summary> /// <param name="version">The version.</param> /// <returns></returns> /// <exception cref="System.ArgumentOutOfRangeException">version</exception> public static HashSettings GetHashSettings(int version = HashVersion10) { HashSettings settings; switch (version) { case HashVersion10: settings = new HashSettings { Version = version, SaltBytesCount = SaltSizeV10, HashBytesCount = HashSizeV10, IterationsCount = IterationsCountV10 }; break; case HashVersion11: settings = new HashSettings { Version = version, SaltBytesCount = SaltSizeV11, HashBytesCount = HashSizeV11, IterationsCount = IterationsCountV11 }; break; default: settings = null; break; } if (settings == null) { throw new ArgumentOutOfRangeException(nameof(version)); } return(settings); }
protected void Page_Load(object sender, EventArgs e) { // Check the license if (DataHelper.GetNotEmpty(RequestContext.CurrentDomain, "") != "") { LicenseHelper.CheckFeatureAndRedirect(RequestContext.CurrentDomain, FeatureEnum.TranslationServices); } var settings = new HashSettings { UserSpecific = false }; if (!QueryHelper.ValidateHash("hash", null, settings)) { ShowError(GetString("general.badhashtext")); uploadElem.StopProcessing = true; uploadElem.Visible = false; return; } int submissionID = QueryHelper.GetInteger("submissionid", 0); TranslationSubmissionInfo submissionInfo = TranslationSubmissionInfoProvider.GetTranslationSubmissionInfo(submissionID); if (submissionInfo != null) { EditedObject = submissionInfo; bool allowUpload = true; // Show information about submission status switch (submissionInfo.SubmissionStatus) { case TranslationStatusEnum.TranslationCanceled: ShowInformation(String.Format(GetString("translationservice.submit.submissioncanceled"), submissionInfo.SubmissionName)); allowUpload = false; break; case TranslationStatusEnum.TranslationCompleted: ShowInformation(String.Format(GetString("translationservice.submissioncompleted"), submissionInfo.SubmissionName)); allowUpload = false; break; case TranslationStatusEnum.ResubmittingSubmission: case TranslationStatusEnum.ProcessingSubmission: ShowInformation(String.Format(GetString("translationservice.submissionactive"), submissionInfo.SubmissionName)); allowUpload = false; break; } if (!allowUpload) { // Disable uploader uploadElem.Visible = false; uploadElem.StopProcessing = true; btnUpload.Visible = false; } else { // Initialize uploader uploadElem.SubmissionID = QueryHelper.GetInteger("submissionid", 0); uploadElem.SubmissionItemID = QueryHelper.GetInteger("itemid", 0); btnUpload.Click += btnUpload_Click; } } else { ShowInformation(GetString("translationservice.submit.submissiondeleted")); // Disable uploader uploadElem.Visible = false; uploadElem.StopProcessing = true; btnUpload.Visible = false; } }
protected override void ProcessRequestInternal(HttpContextBase context) { var hash = QueryHelper.GetString("hash", string.Empty); var path = QueryHelper.GetString("path", string.Empty); // Validate hash var settings = new HashSettings { Redirect = false }; if (!ValidationHelper.ValidateHash("?path=" + URLHelper.EscapeSpecialCharacters(path), hash, settings)) { RequestHelper.Respond403(); } if (path.StartsWithCSafe("~")) { path = context.Server.MapPath(path); } var blobPath = AzurePathHelper.GetBlobPath(path); var blob = BlobCollection.Instance.GetOrCreate(blobPath); if (!blob.Exists()) { RequestHelper.Respond404(); } CookieHelper.ClearResponseCookies(); Response.Clear(); SetRevalidation(); var eTag = blob.GetAttribute(a => a.Etag); var lastModified = ValidationHelper.GetDateTime(blob.GetAttribute(a => a.LastModified), DateTimeHelper.ZERO_TIME); SetResponseContentType(path); // Client caching - only on the live site if (AllowCache && AllowClientCache && ETagsMatch(eTag, lastModified)) { // Set the file time stamps to allow client caching SetTimeStamps(lastModified); RespondNotModified(eTag); return; } SetDisposition(Path.GetFileName(path), Path.GetExtension(path)); // Setup Etag property ETag = eTag; if (AllowCache) { // Set the file time stamps to allow client caching SetTimeStamps(lastModified); Response.Cache.SetETag(eTag); } else { SetCacheability(); } WriteFile(path, CacheHelper.CacheImageAllowed(CurrentSiteName, Convert.ToInt32(blob.GetAttribute(a => a.Length)))); CompleteRequest(); }
string ICallbackEventHandler.GetCallbackResult() { // Prepare the parameters for dialog string result = string.Empty; if (!string.IsNullOrEmpty(callbackValues)) { bool isValid = false; string[] values = callbackValues.Split(new[] { '|' }); if (values.Length == 2) { // Check hash of the selected item string[] checkValues = values[1].Split(new[] { '#' }); var settings = new HashSettings { Redirect = false }; isValid = (checkValues.Length == 2) && ValidationHelper.ValidateHash(checkValues[0].Trim(new[] { ';' }), checkValues[1]); } if (isValid) { // Get new hash for currently selected items result = ValidationHelper.GetHashString(values[0]); } } return result; }
/// <summary> /// Validates Value against hash. /// </summary> private void ValidateValue() { string value = GetValue(false).ToString(); // Validate hash (if not special value - all, empty...) var settings = new HashSettings { Redirect = false }; mHashIsValid = ValidationHelper.ValidateHash(value, hdnHash.Value, settings); if (!String.IsNullOrEmpty(value) && !mHashIsValid) { if (!IsLiveSite) { // Data is not consistent! ShowWarning(GetString("uniselector.badhash")); } // Reset value Value = null; } mHashValidated = true; }
protected void Page_Load(object sender, EventArgs e) { string hash = QueryHelper.GetString("hash", string.Empty); string path = QueryHelper.GetString("path", string.Empty); // Validate hash var settings = new HashSettings { UserSpecific = false }; if (ValidationHelper.ValidateHash("?path=" + URLHelper.EscapeSpecialCharacters(path), hash, settings)) { if (path.StartsWithCSafe("~")) { path = Server.MapPath(path); } // Get file content from blob BlobInfo bi = new BlobInfo(path); // Check if blob exists if (BlobInfoProvider.BlobExists(bi)) { // Clear response. CookieHelper.ClearResponseCookies(); Response.Clear(); // Set the revalidation SetRevalidation(); string etag = bi.ETag; DateTime lastModified = ValidationHelper.GetDateTime(bi.GetMetadata(ContainerInfoProvider.LAST_WRITE_TIME), DateTimeHelper.ZERO_TIME); // Set correct response content type SetResponseContentType(path); // Client caching - only on the live site if (AllowCache && AllowClientCache && ETagsMatch(etag, lastModified)) { // Set the file time stamps to allow client caching SetTimeStamps(lastModified); RespondNotModified(etag); return; } Stream stream = BlobInfoProvider.GetBlobContent(bi); SetDisposition(Path.GetFileName(path), Path.GetExtension(path)); // Setup Etag property ETag = etag; if (AllowCache) { // Set the file time stamps to allow client caching SetTimeStamps(lastModified); Response.Cache.SetETag(etag); } else { SetCacheability(); } // Send headers Response.Flush(); Byte[] buffer = new Byte[StorageHelper.BUFFER_SIZE]; int bytesRead = stream.Read(buffer, 0, StorageHelper.BUFFER_SIZE); // Copy data from blob stream to cache while (bytesRead > 0) { // Write the data to the current output stream Response.OutputStream.Write(buffer, 0, bytesRead); // Flush the data to the output Response.Flush(); // Read next part of data bytesRead = stream.Read(buffer, 0, StorageHelper.BUFFER_SIZE); } stream.Close(); CompleteRequest(); } else { NotFound(); } } else { URLHelper.Redirect(ResolveUrl("~/CMSMessages/Error.aspx?title=" + ResHelper.GetString("general.badhashtitle") + "&text=" + ResHelper.GetString("general.badhashtext"))); } }
/// <summary> /// Checks if hash is valid (there are two parameters excluded from hash validation - backlink and cancel) /// </summary> /// <returns>True if hash is valid, otherwise false</returns> private bool IsHashValid() { bool isValid = false; var hashSettings = new HashSettings() { Redirect = false }; if (QueryHelper.ValidateHash("hash", "cancel", hashSettings)) { isValid = true; } return isValid; }
/// <summary> /// Page Load. /// </summary> protected void Page_Load(object sender, EventArgs e) { Guid userGuid = QueryHelper.GetGuid("userguid", Guid.Empty); // If StopProcessing flag is set or userguid is empty, do nothing if (StopProcessing || (userGuid == Guid.Empty)) { Visible = false; return; } // Validate hash var settings = new HashSettings { UserSpecific = false }; if (!QueryHelper.ValidateHash("hash", "aliaspath", settings)) { URLHelper.Redirect(ResolveUrl("~/CMSMessages/Error.aspx?title=" + ResHelper.GetString("dialogs.badhashtitle") + "&text=" + ResHelper.GetString("dialogs.badhashtext"))); } // Get registered user RegisteredUser = UserInfoProvider.GetUserInfoByGUID(userGuid); // Get default alias path where user will be redirected to string defaultAliasPath = SettingsKeyInfoProvider.GetValue(SiteContext.CurrentSiteName + ".CMSDefaultAliasPath"); string url = DocumentURLProvider.GetUrl(defaultAliasPath); // Set default url DefaultUrl = ResolveUrl(DataHelper.GetNotEmpty(url, "~/")); bool controlPb = false; if (RequestHelper.IsPostBack()) { Control pbCtrl = ControlsHelper.GetPostBackControl(Page); if (pbCtrl == btnConfirm) { controlPb = true; } } SetupControls(!controlPb); if (!controlPb) { CheckUserStatus(); } }