public override void OnHandle(IStore store,
string collection,
JObject command,
JObject document)
{
IObjectStore st = store.GetCollection(collection);
if (document.Type == JTokenType.Array)
{
var documents = document.Values();
if (documents != null)
foreach (JObject d in documents)
{
var k = d.Property(DocumentMetadata.IdPropertyName);
if (k != null)
st.Set((string)k, d);
}
}
else
{
var k = document.Property(DocumentMetadata.IdPropertyName);
if (k != null)
st.Set((string)k, document);
}
}
internal UmbracoGalleryBlock(string type, JObject obj, JObject data)
: base(type, obj)
{
Items = (
from JObject child in data.Values()
select new UmbracoMediaItem(child)
).ToArray();
}
public CardSet(JObject jObject)
{
Id = jObject.Value<string>("id");
Name = jObject.Value<string>("name");
Type = jObject.Value<string>("type");
Block = jObject.Value<string>("block");
Description = jObject.Value<string>("description");
DateReleased = jObject.Value<DateTime>("releasedAt");
cardIds = jObject.Values<int>("cardIds");
}
public static Order ConvertJsonToOrder(JObject jOrder)
{
var order = new Order();
var values = jOrder.Values().ToList();
foreach(var value in values)
{
if(value.Path.Equals("Items", StringComparison.OrdinalIgnoreCase))
{
order.Items = ConvertJsonToOrderItems(value);
}
if (value.Path.Equals("Id", StringComparison.OrdinalIgnoreCase))
{
order.Id = new Guid(value.Value<JToken>("id").ToString());
}
}
return order;
}
public void Ordering()
{
JObject o = new JObject(
new JProperty("Integer", new JValue(1)),
new JProperty("Float", new JValue(1.2d)),
new JProperty("Decimal", new JValue(1.1m))
);
IList<object> orderedValues = o.Values().Cast<JValue>().OrderBy(v => v).Select(v => v.Value).ToList();
Assert.AreEqual(1L, orderedValues[0]);
Assert.AreEqual(1.1m, orderedValues[1]);
Assert.AreEqual(1.2d, orderedValues[2]);
}
public static List<JObject> GetStandAloneChecks(JObject obj)
{
var standAloneChecks = new List<JObject>();
if (obj == null)
return standAloneChecks;
try
{
standAloneChecks = obj.Values<JToken>().Values<JObject>()
.Where(n => n["standalone"].Value<bool>()).
Select(n => JObject.FromObject(new { name = ((JProperty)n.Parent).Name, command = n["command"], interval = n["interval"] })).ToList();
}
catch (Exception)
{
Log.Debug("No standalone checks fount!");
}
return standAloneChecks;
}
public static JObject GetCheckByName(JObject check, JObject checks)
{
return checks.Values<JToken>().Values<JObject>().
Where(n => ((JProperty)n.Parent).Name == check["name"].Value<string>()).
Select(n => n).FirstOrDefault();
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
ContentResult Content = new ContentResult();
// xss验证开关
var xss = System.Configuration.ConfigurationManager.AppSettings.Get("Xss");
if (xss != null && (xss.ToLower().Equals("0") || xss.ToLower().Equals("false")))
{
return;
}
#region 检验XSS注入
if (param != null && param.Count > 0)
{
foreach (var p in param.AllKeys)
{
string msg = "";
string v = param.Get(p);
if (IsContainXSSCharacter(v, out msg))
{
Content.Content = msg;
filterContext.Result = Content;
filterContext.HttpContext.Response.StatusCode = 801;
filterContext.HttpContext.Response.StatusDescription = "sensitive information";
return;
}
}
}
#endregion
#region application/json 方式请求要从流中读取
var req = filterContext.RequestContext.HttpContext.Request;
if (req.ContentType.ToLower().Contains("application/json") && req.InputStream.Length > 0)
{
System.IO.Stream stm = new MemoryStream();
req.InputStream.CopyTo(stm);
stm.Position = 0;
req.InputStream.Position = 0;
using (System.IO.StreamReader sr = new System.IO.StreamReader(stm))
{
try
{
Newtonsoft.Json.Linq.JObject jo = Newtonsoft.Json.Linq.JObject.Parse(sr.ReadToEnd());
if (jo.HasValues)
{
foreach (JToken item in jo.Values())
{
var tmpMsg = "";
int ckResult = ChkJson(item, out tmpMsg);
if (ckResult != 0)
{
Content.Content = tmpMsg;
filterContext.Result = Content;
filterContext.HttpContext.Response.StatusCode = ckResult;
filterContext.HttpContext.Response.StatusDescription = "sensitive information";
return;
}
}
}
}
catch (System.Exception)
{
// 若输入流不是json对象不再校验
}
}
}
#endregion
}
/// <summary>
/// 从对象添加
/// </summary>
/// <param name="table"></param>
/// <param name="value"></param>
private static void AddFromJObject(DataTable table, JObject value)
{
foreach (var kv in value)
{
table.Columns.Add(kv.Key);
}
table.Rows.Add(value.Values().ToArray());
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
param.Clear();
ContentResult Content = new ContentResult();
#region 获取URL和post参数,用于确认是否含有敏感信息
try
{
var q = filterContext.RequestContext.HttpContext.Request;
param.Add(q.QueryString);
param.Add(q.Form);
}
catch (Exception err)// 在获取request参数时系统会自动检测是否含有危险信息
{
Content.Content = "您提交的数据中检测到有潜在危险的信息。";
filterContext.Result = Content;
filterContext.HttpContext.Response.StatusCode = 800;
filterContext.HttpContext.Response.StatusDescription = "sensitive information";
return;
}
#endregion
// SQL注入验证开关
var sqlInject = System.Configuration.ConfigurationManager.AppSettings.Get("SqlInject");
if (sqlInject != null && (sqlInject.ToLower().Equals("0") || sqlInject.ToLower().Equals("false")))
{
return;
}
#region 检测SQL注入
if (param != null && param.Count > 0)
{
foreach (var p in param.AllKeys)
{
if (p == null || p.ToLower().Equals("authorization"))
{
continue;
}
string msg = "";
string v = param.Get(p);
if (IsSqlInjectCharacter(v, out msg))
{
Content.Content = msg;
filterContext.Result = Content;
filterContext.HttpContext.Response.StatusCode = 800;
filterContext.HttpContext.Response.StatusDescription = "sql inject";
return;
}
}
}
#endregion
#region application/json 方式请求要从流中读取
var req = filterContext.RequestContext.HttpContext.Request;
if (req.ContentType.ToLower().Contains("application/json") && req.InputStream.Length > 0)
{
System.IO.Stream stm = new MemoryStream();
req.InputStream.CopyTo(stm);
stm.Position = 0;
req.InputStream.Position = 0;
using (System.IO.StreamReader sr = new System.IO.StreamReader(stm))
{
try
{
Newtonsoft.Json.Linq.JObject jo = Newtonsoft.Json.Linq.JObject.Parse(sr.ReadToEnd());
if (jo.HasValues)
{
foreach (JToken item in jo.Values())
{
var tmpMsg = "";
int ckResult = ChkJson(item, out tmpMsg);
if (ckResult != 0)
{
Content.Content = tmpMsg;
filterContext.Result = Content;
filterContext.HttpContext.Response.StatusCode = ckResult;
filterContext.HttpContext.Response.StatusDescription = "sql inject";
return;
}
}
}
}
catch (Exception)
{
// 若输入流不是json对象不再校验
}
}
}
#endregion
}