public override void Load()
{
// depend on HiddenFieldPageStatePersister for heavy lifting and crypto
base.Load();
CompressedSerializedData compressedData = ViewState as CompressedSerializedData;
if (compressedData == null && ControlState != null)
{
// the underlying data was not compressed
return;
}
// decompress
using (MemoryStream uncompressedStream = new MemoryStream())
{
using (GZipStream zipStream = new GZipStream(uncompressedStream, CompressionMode.Decompress, leaveOpen: true))
{
zipStream.Write(compressedData.RawData, 0, compressedData.RawData.Length);
}
uncompressedStream.Position = 0;
ObjectStateFormatter formatter = new ObjectStateFormatter();
Pair pair = (Pair)formatter.Deserialize(uncompressedStream);
// extract
ViewState = pair.First;
ControlState = pair.Second;
}
}
private void context_PreRequestHandlerExecute(object sender, EventArgs e)
{
var app = sender as HttpApplication;
if (app != null)
{
var ctx = app.Context;
if (ctx.Request.AppRelativeCurrentExecutionFilePath.ToLowerInvariant().Contains("MakeTransfer.aspx".ToLowerInvariant()))
{
return;
}
if (ctx.Handler != null)
{
var page = ctx.Handler as Page;
if (page != null)
{
page.PreRender += page_PreRender;
if (ctx.Request.HttpMethod.Equals("POST", StringComparison.OrdinalIgnoreCase))
{
var cookie = ctx.Request.Cookies[cookieName];
var hidden = ctx.Request.Form[hiddenField];
var cookieValue = string.Empty;
if (cookie != null)
{
cookieValue = cookie.Value;
}
if (string.IsNullOrWhiteSpace(cookieValue) && string.IsNullOrWhiteSpace(hidden))
{
throw new Exception("Cookie and Form field missing");
}
if (string.IsNullOrWhiteSpace(cookieValue))
{
throw new Exception("Cookie missing");
}
if (string.IsNullOrWhiteSpace(hidden))
{
throw new Exception("Form field missing");
}
var tokenField = string.Empty;
var osf = new ObjectStateFormatter();
try
{
tokenField = osf.Deserialize(hidden).ToString();
//tokenField = hidden;
}
catch
{
throw new Exception("Invalid form field format");
}
if (string.IsNullOrWhiteSpace(tokenField))
{
throw new Exception("Invalid token");
}
if (!tokenField.Equals(cookieValue))
{
throw new Exception("Tokens mismatch");
}
}
}
}
}
}
/// <summary>
/// Deserializes a string generated by <see cref="UploadSession.Serialize" /> into an <see cref="UploadSession" /> instance.
/// </summary>
/// <param name="value">The string to deserialize.</param>
/// <returns>An <see cref="UploadSession" /> instance.</returns>
public static UploadSession Deserialize(string value)
{
ObjectStateFormatter formatter = new ObjectStateFormatter();
object[] values = formatter.Deserialize(value) as object[];
if (values != null && values.Length > 0)
return new UploadSession(values);
else
return null;
}
public void readExternal (java.io.ObjectInput __p1)
{
Page page = CurrentPage;
ObjectStateFormatter osf = new ObjectStateFormatter (page);
ObjectInputStream inputStream = new ObjectInputStream (__p1);
if (page.NeedViewStateEncryption || page.EnableViewStateMac)
_state = osf.Deserialize ((string) inputStream.readObject ());
else
_state = osf.Deserialize (inputStream);
}
public static object StringDeserialize(string objString)
{
ObjectStateFormatter osf = new ObjectStateFormatter();
return osf.Deserialize(objString);
}
internal static object GetStringDeserialized(string value)
{
value = value.Replace(' ', '+');
// TODO: decrypt
ObjectStateFormatter formatter = new ObjectStateFormatter();
if (string.IsNullOrEmpty(value))
return null;
else if (value.StartsWith("session-"))
return UploadSession.Deserialize(value.Substring("session-".Length));
else if (value.StartsWith("request-"))
return UploadRequest.Deserialize(value.Substring("request-".Length));
else if (value.StartsWith("sessionlist-"))
{
string[] uploadSessionStrings = (string[])formatter.Deserialize(value.Substring("sessionlist-".Length));
List<UploadSession> sessions = new List<UploadSession>();
foreach (string sessionString in uploadSessionStrings)
sessions.Add(UploadSession.Deserialize(sessionString));
return sessions;
}
else if (value.StartsWith("requestlist-"))
{
string[] uploadRequestStrings = (string[])formatter.Deserialize(value.Substring("requestlist-".Length));
List<UploadRequest> requests = new List<UploadRequest>();
foreach (string requestString in uploadRequestStrings)
requests.Add(UploadRequest.Deserialize(requestString));
return requests;
}
else
return formatter.Deserialize(value);
}