public void HandleRequest(HttpListenerContext context)
 {
     NameValueCollection query;
     using (StreamReader rdr = new StreamReader(context.Request.InputStream))
     {
         query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
     }
     int offset = int.Parse(query["offset"]);
     using (Database dbx = new Database())
     {
         var cmd = dbx.CreateQuery();
         cmd.CommandText = "SELECT * FROM info ORDER BY date DESC LIMIT 1 OFFSET @off;";
         cmd.Parameters.AddWithValue("@off", offset);
         using (var rdr = cmd.ExecuteReader())
         {
             rdr.Read();
             var page = new PageItem()
             {
             };
             page.Name = rdr.GetString("name");
             List<string> contents = new List<string>();
             if (rdr.GetInt32("newsType") == 0)
             {
                 foreach (var i in rdr.GetString("contents").Split('&'))
                 {
                     contents.Add(i);
                 }
                 page.ContentType = 0;
                 page.ContentLines = contents.ToArray();
             }
             else
             {
                 foreach (var i in rdr.GetString("contents").Split('&'))
                     contents.Add(i);
                 page.ContentType = rdr.GetInt32("newsType");
                 page.ContentLines = contents.ToArray();
             }
             DateTime time = rdr.GetDateTime("date");
             page.Date = time.ToString("g");
             if (!rdr.IsDBNull(rdr.GetOrdinal("link")) && rdr.GetString("link") != "")
             {
                 page.Link = rdr.GetString("link");
             }
             byte[] fff = Encoding.ASCII.GetBytes(page.ToString());
             context.Response.OutputStream.Write(fff, 0, fff.Length);
             context.Response.Close();
         }
         dbx.Dispose();
     }
 }
Example #2
0
        public override void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (var rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            if (query.AllKeys.Length == 0)
            {
                string queryString = string.Empty;
                string currUrl = context.Request.RawUrl;
                int iqs = currUrl.IndexOf('?');
                if (iqs >= 0)
                {
                    query =
                        HttpUtility.ParseQueryString((iqs < currUrl.Length - 1)
                            ? currUrl.Substring(iqs + 1)
                            : String.Empty);
                }
            }

            //warning: maybe has hidden url injection
            string id = query["id"];
            string instance = query["instance"];

            byte[] status = Encoding.UTF8.GetBytes("<Error>Bad Request</Error>");

            //if (instance != "local" || instance != "production" || instance != "testing")
            //    status = Encoding.UTF8.GetBytes("<Error>Invalid Instance.</Error>");
            try
            {
                using (var db = new Database(Program.Settings.GetValue("conn")))
                {
                    var cmd = db.CreateQuery();

                    cmd.CommandText = "SELECT data, fileSize FROM sprites WHERE [email protected]";
                    cmd.Parameters.AddWithValue("@id", query["id"]);

                    using (MySqlDataReader rdr = cmd.ExecuteReader())
                    {
                        if (!rdr.HasRows) return;
                        rdr.Read();

                        context.Response.ContentType = "image/png";
                        var fileSize = rdr.GetInt32(rdr.GetOrdinal("fileSize"));
                        var raw = new byte[fileSize];
                        var file = rdr.GetBytes(rdr.GetOrdinal("data"), 0, raw, 0, fileSize);
                        status = raw;
                    }
                }
                /*foreach (char i in id)
                {
                    if (char.IsLetter(i) || i == '_' || i == '-') continue;

                    status = Encoding.UTF8.GetBytes("<Error>Invalid ID.</Error>");
                    context.Response.OutputStream.Write(status, 0, status.Length);
                    return;
                }
                string path = Path.GetFullPath("texture/_" + id + ".png");
                if (!File.Exists(path))
                {
                    status = Encoding.UTF8.GetBytes("<Error>Invalid ID.</Error>");
                    context.Response.OutputStream.Write(status, 0, status.Length);
                    return;
                }

                context.Response.ContentType = "image/png";
                using (FileStream i = File.OpenRead(path))
                {
                    int c;
                    while ((c = i.Read(buff, 0, buff.Length)) > 0)
                        context.Response.OutputStream.Write(buff, 0, c);
                }*/
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
            context.Response.OutputStream.Write(status, 0, status.Length);
        }