/// <summary> /// Checks the request and query strings to see if it matches the definition of having a Surface controller /// posted/get value, if so, then we return a PostedDataProxyInfo object with the correct information. /// </summary> /// <param name="requestContext"></param> /// <returns></returns> internal static PostedDataProxyInfo GetFormInfo(RequestContext requestContext) { if (requestContext == null) { throw new ArgumentNullException(nameof(requestContext)); } //if it is a POST/GET then a value must be in the request if (requestContext.HttpContext.Request.QueryString["ufprt"].IsNullOrWhiteSpace() && requestContext.HttpContext.Request.Form["ufprt"].IsNullOrWhiteSpace()) { return(null); } string encodedVal; switch (requestContext.HttpContext.Request.RequestType) { case "POST": //get the value from the request. //this field will contain an encrypted version of the surface route vals. encodedVal = requestContext.HttpContext.Request.Form["ufprt"]; break; case "GET": //this field will contain an encrypted version of the surface route vals. encodedVal = requestContext.HttpContext.Request.QueryString["ufprt"]; break; default: return(null); } if (!UmbracoHelper.DecryptAndValidateEncryptedRouteString(encodedVal, out var decodedParts)) { return(null); } foreach (var item in decodedParts.Where(x => new[] { ReservedAdditionalKeys.Controller, ReservedAdditionalKeys.Action, ReservedAdditionalKeys.Area }.Contains(x.Key) == false)) { // Populate route with additional values which aren't reserved values so they eventually to action parameters requestContext.RouteData.Values[item.Key] = item.Value; } //return the proxy info without the surface id... could be a local controller. return(new PostedDataProxyInfo { ControllerName = HttpUtility.UrlDecode(decodedParts.Single(x => x.Key == ReservedAdditionalKeys.Controller).Value), ActionName = HttpUtility.UrlDecode(decodedParts.Single(x => x.Key == ReservedAdditionalKeys.Action).Value), Area = HttpUtility.UrlDecode(decodedParts.Single(x => x.Key == ReservedAdditionalKeys.Area).Value), }); }
public void ValidateRouteString(string ufprt, string currentController, string currentAction, string currentArea) { if (ufprt.IsNullOrWhiteSpace()) { throw new HttpUmbracoFormRouteStringException("The required request field \"ufprt\" is not present."); } if (!UmbracoHelper.DecryptAndValidateEncryptedRouteString(ufprt, out var additionalDataParts)) { throw new HttpUmbracoFormRouteStringException("The Umbraco form request route string could not be decrypted."); } if (!additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Controller].InvariantEquals(currentController) || !additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Action].InvariantEquals(currentAction) || (!additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Area].IsNullOrWhiteSpace() && !additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Area].InvariantEquals(currentArea))) { throw new HttpUmbracoFormRouteStringException("The provided Umbraco form request route string was meant for a different controller and action."); } }
public bool ValidateAdditionalData(HttpContextBase context, string additionalData) { if (!additionalData.DetectIsJson()) { return(false); //must be json } AdditionalData json; try { json = JsonConvert.DeserializeObject <AdditionalData>(additionalData); } catch { return(false); //couldn't parse } if (json.Stamp == default) { return(false); } //if there was a wrapped provider, validate it, else validate the static value var validateWrapped = _defaultProvider?.ValidateAdditionalData(context, json.WrappedValue) ?? json.WrappedValue == "default"; if (!validateWrapped) { return(false); } var ufprtRequest = context.Request["ufprt"]?.ToString(); //if the custom BeginUmbracoForms route value is not there, then it's nothing more to validate if (ufprtRequest.IsNullOrWhiteSpace() && json.Ufprt.IsNullOrWhiteSpace()) { return(true); } //if one or the other is null then something is wrong if (!ufprtRequest.IsNullOrWhiteSpace() && json.Ufprt.IsNullOrWhiteSpace()) { return(false); } if (ufprtRequest.IsNullOrWhiteSpace() && !json.Ufprt.IsNullOrWhiteSpace()) { return(false); } if (!UmbracoHelper.DecryptAndValidateEncryptedRouteString(json.Ufprt, out var additionalDataParts)) { return(false); } if (!UmbracoHelper.DecryptAndValidateEncryptedRouteString(ufprtRequest, out var requestParts)) { return(false); } //ensure they all match return(additionalDataParts.Count == requestParts.Count && additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Controller] == requestParts[RenderRouteHandler.ReservedAdditionalKeys.Controller] && additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Action] == requestParts[RenderRouteHandler.ReservedAdditionalKeys.Action] && additionalDataParts[RenderRouteHandler.ReservedAdditionalKeys.Area] == requestParts[RenderRouteHandler.ReservedAdditionalKeys.Area]); }