public IHttpActionResult Main() { PageInfo pageInfo = null; var template = string.Empty; try { var request = new AuthenticatedRequest(); var form = GetPostCollection(request); var isAllSites = request.GetPostBool(StlSearch.IsAllSites.ToLower()); var siteName = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteName.ToLower())); var siteDir = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteDir.ToLower())); var siteIds = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteIds.ToLower())); var channelIndex = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelIndex.ToLower())); var channelName = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelName.ToLower())); var channelIds = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelIds.ToLower())); var type = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Type.ToLower())); var word = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Word.ToLower())); var dateAttribute = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateAttribute.ToLower())); var dateFrom = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateFrom.ToLower())); var dateTo = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateTo.ToLower())); var since = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Since.ToLower())); var pageNum = request.GetPostInt(StlSearch.PageNum.ToLower()); var isHighlight = request.GetPostBool(StlSearch.IsHighlight.ToLower()); var siteId = request.GetPostInt("siteid"); var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxdivid")); template = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("template")); var pageIndex = request.GetPostInt("page", 1) - 1; var templateInfo = new TemplateInfo(0, siteId, string.Empty, TemplateType.FileTemplate, string.Empty, string.Empty, string.Empty, ECharset.utf_8, false); var siteInfo = SiteManager.GetSiteInfo(siteId); pageInfo = new PageInfo(siteId, 0, siteInfo, templateInfo, new Dictionary <string, object>()) { UserInfo = request.UserInfo }; var contextInfo = new ContextInfo(pageInfo); var contentBuilder = new StringBuilder(StlRequestEntities.ParseRequestEntities(form, template)); var stlLabelList = StlParserUtility.GetStlLabelList(contentBuilder.ToString()); if (StlParserUtility.IsStlElementExists(StlPageContents.ElementName, stlLabelList)) { var stlElement = StlParserUtility.GetStlElement(StlPageContents.ElementName, stlLabelList); var stlPageContentsElement = stlElement; var stlPageContentsElementReplaceString = stlElement; var whereString = DataProvider.ContentDao.GetWhereStringByStlSearch(isAllSites, siteName, siteDir, siteIds, channelIndex, channelName, channelIds, type, word, dateAttribute, dateFrom, dateTo, since, siteId, ApiRouteActionsSearch.ExlcudeAttributeNames, form); var stlPageContents = new StlPageContents(stlPageContentsElement, pageInfo, contextInfo, pageNum, siteInfo.TableName, whereString); var pageCount = stlPageContents.GetPageCount(out var totalNum); if (totalNum == 0) { return(NotFound()); } for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex != pageIndex) { continue; } var pageHtml = stlPageContents.Parse(totalNum, currentPageIndex, pageCount, false); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageContentsElementReplaceString, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } Parser.Parse(pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } else if (StlParserUtility.IsStlElementExists(StlPageSqlContents.ElementName, stlLabelList)) { var stlElement = StlParserUtility.GetStlElement(StlPageSqlContents.ElementName, stlLabelList); var stlPageSqlContents = new StlPageSqlContents(stlElement, pageInfo, contextInfo); var pageCount = stlPageSqlContents.GetPageCount(out var totalNum); if (totalNum == 0) { return(NotFound()); } for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex != pageIndex) { continue; } var pageHtml = stlPageSqlContents.Parse(totalNum, currentPageIndex, pageCount, false); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlElement, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } Parser.Parse(pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } Parser.Parse(pageInfo, contextInfo, contentBuilder, string.Empty, false); return(Ok(contentBuilder.ToString())); } catch (Exception ex) { var message = LogUtils.AddStlErrorLog(pageInfo, StlSearch.ElementName, template, ex); return(BadRequest(message)); } }
public IHttpActionResult Main() { try { var body = new RequestBody(); var form = HttpContext.Current.Request.Form; var isAllSites = body.GetPostBool(StlSearch.AttributeIsAllSites.ToLower()); var siteName = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeSiteName.ToLower())); var siteDir = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeSiteDir.ToLower())); var siteIds = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeSiteIds.ToLower())); var channelIndex = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeChannelIndex.ToLower())); var channelName = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeChannelName.ToLower())); var channelIds = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeChannelIds.ToLower())); var type = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeType.ToLower())); var word = PageUtils.FilterSql(body.GetPostString(StlSearch.AttributeWord.ToLower())); var dateAttribute = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeDateAttribute.ToLower())); var dateFrom = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeDateFrom.ToLower())); var dateTo = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeDateTo.ToLower())); var since = PageUtils.FilterSqlAndXss(body.GetPostString(StlSearch.AttributeSince.ToLower())); var pageNum = body.GetPostInt(StlSearch.AttributePageNum.ToLower()); var isHighlight = body.GetPostBool(StlSearch.AttributeIsHighlight.ToLower()); var isDefaultDisplay = body.GetPostBool(StlSearch.AttributeIsDefaultDisplay.ToLower()); var publishmentSystemId = body.GetPostInt("publishmentsystemid"); var ajaxDivId = PageUtils.FilterSqlAndXss(body.GetPostString("ajaxdivid")); var template = TranslateUtils.DecryptStringBySecretKey(body.GetPostString("template")); var pageIndex = body.GetPostInt("page", 1) - 1; var templateInfo = new TemplateInfo(0, publishmentSystemId, string.Empty, ETemplateType.FileTemplate, string.Empty, string.Empty, string.Empty, ECharset.utf_8, false); var publishmentSystemInfo = PublishmentSystemManager.GetPublishmentSystemInfo(publishmentSystemId); var pageInfo = new PageInfo(publishmentSystemId, 0, publishmentSystemInfo, templateInfo, body.UserInfo); var contextInfo = new ContextInfo(pageInfo); var contentBuilder = new StringBuilder(StlRequestEntities.ParseRequestEntities(form, template)); var stlLabelList = StlParserUtility.GetStlLabelList(contentBuilder.ToString()); if (StlParserUtility.IsStlElementExists(StlPageContents.ElementName, stlLabelList)) { var stlElement = StlParserUtility.GetStlElement(StlPageContents.ElementName, stlLabelList); var stlPageContentsElement = stlElement; var stlPageContentsElementReplaceString = stlElement; bool isDefaultCondition; var whereString = DataProvider.ContentDao.GetWhereStringByStlSearch(isAllSites, siteName, siteDir, siteIds, channelIndex, channelName, channelIds, type, word, dateAttribute, dateFrom, dateTo, since, publishmentSystemId, ActionsSearch.ExlcudeAttributeNames, form, out isDefaultCondition); //没搜索条件时不显示搜索结果 if (isDefaultCondition && !isDefaultDisplay) { return(NotFound()); } var stlPageContents = new StlPageContents(stlPageContentsElement, pageInfo, contextInfo, pageNum, publishmentSystemInfo.AuxiliaryTableForContent, whereString); int totalNum; var pageCount = stlPageContents.GetPageCount(out totalNum); if (totalNum == 0) { return(NotFound()); } for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex != pageIndex) { continue; } var pageHtml = stlPageContents.Parse(totalNum, currentPageIndex, pageCount, false); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageContentsElementReplaceString, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageNodeId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } StlUtility.ParseStl(publishmentSystemInfo, pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } StlUtility.ParseStl(publishmentSystemInfo, pageInfo, contextInfo, contentBuilder, string.Empty, false); return(Ok(contentBuilder.ToString())); } catch (Exception ex) { return(InternalServerError(ex)); } }
public IHttpActionResult Main() { try { var body = new RequestBody(); var form = HttpContext.Current.Request.Form; var publishmentSystemId = body.GetPostInt("publishmentSystemId"); var publishmentSystemInfo = PublishmentSystemManager.GetPublishmentSystemInfo(publishmentSystemId); var ajaxDivId = PageUtils.FilterSqlAndXss(body.GetPostString("ajaxDivId")); var pageNum = body.GetPostInt("pageNum"); var isHighlight = body.GetPostBool("isHighlight"); var isRedirectSingle = body.GetPostBool("isRedirectSingle"); var isDefaultDisplay = body.GetPostBool("isDefaultDisplay"); var dateAttribute = PageUtils.FilterSqlAndXss(body.GetPostString("dateAttribute")); if (string.IsNullOrEmpty(dateAttribute)) { dateAttribute = ContentAttribute.AddDate; } var pageIndex = body.GetPostInt("page", 1) - 1; var template = TranslateUtils.DecryptStringBySecretKey(body.GetPostString("template")); template = StlRequestEntities.ParseRequestEntities(form, template); var word = PageUtils.FilterSql(body.GetPostString("word")); var channelId = body.GetPostString("channelID"); var dateFrom = PageUtils.FilterSqlAndXss(body.GetPostString("dateFrom")); var dateTo = PageUtils.FilterSqlAndXss(body.GetPostString("dateTo")); var date = PageUtils.FilterSqlAndXss(body.GetPostString("date")); var typeCollection = TranslateUtils.StringCollectionToStringCollection(PageUtils.UrlDecode(PageUtils.FilterSqlAndXss(body.GetPostString("type")))); var nodeInfo = NodeManager.GetNodeInfo(publishmentSystemId, TranslateUtils.ToInt(channelId, publishmentSystemId)); if (nodeInfo == null) { nodeInfo = NodeManager.GetNodeInfo(publishmentSystemId, publishmentSystemId); } var tableStyle = NodeManager.GetTableStyle(publishmentSystemInfo, nodeInfo); var excludeAttributes = "ajaxdivid,pagenum,pageindex,iscrosssite,ishighlight,isredirectsingle,isdefaultdisplay,charset,template,word,click,channelid,datefrom,dateto,date,type,dateattribute"; var templateInfo = new TemplateInfo(0, publishmentSystemId, string.Empty, ETemplateType.FileTemplate, string.Empty, string.Empty, string.Empty, ECharsetUtils.GetEnumType(publishmentSystemInfo.Additional.Charset), false); var pageInfo = new PageInfo(nodeInfo.NodeId, 0, publishmentSystemInfo, templateInfo, body.UserInfo); var contextInfo = new ContextInfo(pageInfo); var contentBuilder = new StringBuilder(template); var stlLabelList = StlParserUtility.GetStlLabelList(contentBuilder.ToString()); if (StlParserUtility.IsStlElementExists(StlPageContents.ElementName, stlLabelList)) { var stlElement = StlParserUtility.GetStlElement(StlPageContents.ElementName, stlLabelList); var stlPageContentsElement = stlElement; var stlPageContentsElementReplaceString = stlElement; var whereString = DataProvider.ContentDao.GetWhereStringBySearchOutput(publishmentSystemInfo, nodeInfo.NodeId, tableStyle, word, typeCollection, channelId, dateFrom, dateTo, date, dateAttribute, excludeAttributes, form); //没搜索条件时不显示搜索结果 if (string.IsNullOrEmpty(whereString) && !isDefaultDisplay) { return(Ok(string.Empty)); } var stlPageContents = new StlPageContents(stlPageContentsElement, pageInfo, contextInfo, pageNum, whereString); int totalNum; var pageCount = stlPageContents.GetPageCount(out totalNum); if (totalNum == 0) { return(NotFound()); } var isRedirect = false; if (isRedirectSingle && totalNum == 1) { var contentInfo = DataProvider.ContentDao.GetContentInfo(tableStyle, stlPageContents.SqlString); if (contentInfo != null) { isRedirect = true; contentBuilder = new StringBuilder($@" <script> location.href = '{PageUtility.GetContentUrl(publishmentSystemInfo, contentInfo)}'; </script> "); } } if (!isRedirect) { for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex == pageIndex) { var pageHtml = stlPageContents.Parse(totalNum, currentPageIndex, pageCount, false); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageContentsElementReplaceString, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageNodeId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } StlUtility.ParseStl(publishmentSystemInfo, pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } } } else if (StlParserUtility.IsStlElementExists(StlPageSqlContents.ElementName, stlLabelList)) { var siteId = TranslateUtils.ToInt(body.GetPostString("siteID"), 0); var stlElement = StlParserUtility.GetStlElement(StlPageSqlContents.ElementName, stlLabelList); var stlPageSqlContentsElement = stlElement; var stlPageSqlContentsElementReplaceString = stlElement; var whereBuilder = new StringBuilder(); if (!string.IsNullOrEmpty(word)) { whereBuilder.Append("("); foreach (var type in typeCollection) { whereBuilder.Append($"[{type}] like '%{word}%' OR "); } whereBuilder.Length = whereBuilder.Length - 3; whereBuilder.Append(")"); } if (!string.IsNullOrEmpty(dateFrom)) { if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append($" AddDate >= '{dateFrom}' "); } if (!string.IsNullOrEmpty(dateTo)) { if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append($" AddDate <= '{dateTo}' "); } if (!string.IsNullOrEmpty(date)) { var days = TranslateUtils.ToInt(date); if (days > 0) { if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append(SqlUtils.GetDateDiffLessThanDays("AddDate", days.ToString())); } } if (siteId > 0) { if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append($"(PublishmentSystemID = {siteId})"); } if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append("(NodeID > 0) "); var tableName = BaiRongDataProvider.TableCollectionDao.GetFirstTableNameByTableType(EAuxiliaryTableType.BackgroundContent); var arraylist = TranslateUtils.StringCollectionToStringList("ajaxdivid,pagenum,pageindex,iscrosssite,ishighlight,isredirectsingle,isdefaultdisplay,charset,successtemplatestring,failuretemplatestring,word,click,channelid,datefrom,dateto,date,type,siteid"); foreach (string key in form.Keys) { if (arraylist.Contains(key.ToLower())) { continue; } if (!string.IsNullOrEmpty(form[key])) { var value = StringUtils.Trim(form[key]); if (!string.IsNullOrEmpty(value)) { if (TableManager.IsAttributeNameExists(tableStyle, tableName, key)) { if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append($"([{key}] like '%{value}%')"); } else { if (whereBuilder.Length > 0) { whereBuilder.Append(" AND "); } whereBuilder.Append($"({ContentAttribute.SettingsXml} like '%{key}={value}%')"); } } } } //没搜索条件时不显示搜索结果 if (whereBuilder.Length == 0 && isDefaultDisplay == false) { return(Ok(string.Empty)); } var stlPageSqlContents = new StlPageSqlContents(stlPageSqlContentsElement, pageInfo, contextInfo, false, false); if (string.IsNullOrEmpty(stlPageSqlContents.DisplayInfo.QueryString)) { stlPageSqlContents.DisplayInfo.QueryString = $"SELECT * FROM {tableName} WHERE {whereBuilder}"; } stlPageSqlContents.LoadData(); int totalNum; var pageCount = stlPageSqlContents.GetPageCount(out totalNum); if (totalNum == 0) { return(NotFound()); } for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex == pageIndex) { var pageHtml = stlPageSqlContents.Parse(currentPageIndex, pageCount); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageSqlContentsElementReplaceString, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageNodeId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } StlUtility.ParseStl(publishmentSystemInfo, pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } } StlUtility.ParseStl(publishmentSystemInfo, pageInfo, contextInfo, contentBuilder, string.Empty, false); return(Ok(contentBuilder.ToString())); } catch (Exception ex) { return(InternalServerError(ex)); } }