public static void SaveAttributes(IAttributes attributes, SiteInfo siteInfo, List <TableStyleInfo> styleInfoList, NameValueCollection formCollection, List <string> dontAddAttributesLowercase) { if (dontAddAttributesLowercase == null) { dontAddAttributesLowercase = new List <string>(); } foreach (var styleInfo in styleInfoList) { if (dontAddAttributesLowercase.Contains(styleInfo.AttributeName.ToLower())) { continue; } //var theValue = GetValueByForm(styleInfo, siteInfo, formCollection); var theValue = formCollection[styleInfo.AttributeName] ?? string.Empty; var inputType = styleInfo.InputType; if (inputType == InputType.TextEditor) { theValue = ContentUtility.TextEditorContentEncode(siteInfo, theValue); theValue = UEditorUtils.TranslateToStlElement(theValue); } if (inputType != InputType.TextEditor && inputType != InputType.Image && inputType != InputType.File && inputType != InputType.Video && styleInfo.AttributeName != ContentAttribute.LinkUrl) { theValue = AttackUtils.FilterSqlAndXss(theValue); } attributes.Set(styleInfo.AttributeName, theValue); //TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, styleInfo.AttributeName, theValue); if (styleInfo.Additional.IsFormatString) { var formatString = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatStrong"]); var formatEm = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatEM"]); var formatU = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatU"]); var formatColor = formCollection[styleInfo.AttributeName + "_formatColor"]; var theFormatString = ContentUtility.GetTitleFormatString(formatString, formatEm, formatU, formatColor); attributes.Set(ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName), theFormatString); //TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName), theFormatString); } if (inputType == InputType.Image || inputType == InputType.File || inputType == InputType.Video) { var attributeName = ContentAttribute.GetExtendAttributeName(styleInfo.AttributeName); attributes.Set(attributeName, formCollection[attributeName]); //TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, attributeName, formCollection[attributeName]); } } }
public IHttpActionResult Main() { try { var request = new AuthenticatedRequest(); var siteId = request.GetPostInt("siteId"); var pageChannelId = request.GetPostInt("pageChannelId"); if (pageChannelId == 0) { pageChannelId = siteId; } var pageContentId = request.GetPostInt("pageContentId"); var pageTemplateId = request.GetPostInt("pageTemplateId"); var isPageRefresh = request.GetPostBool("isPageRefresh"); var templateContent = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("templateContent")); var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId")); var channelId = request.GetPostInt("channelId"); if (channelId == 0) { channelId = pageChannelId; } var contentId = request.GetPostInt("contentId"); if (contentId == 0) { contentId = pageContentId; } var pageUrl = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl")); var pageIndex = request.GetPostInt("pageNum"); if (pageIndex > 0) { pageIndex--; } var queryString = PageUtils.GetQueryStringFilterXss(PageUtils.UrlDecode(HttpContext.Current.Request.RawUrl)); queryString.Remove("siteId"); return(Ok(new { Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, pageTemplateId, isPageRefresh, templateContent, pageUrl, pageIndex, ajaxDivId, queryString, request.UserInfo) })); } catch (Exception ex) { return(InternalServerError(ex)); } }
public static string ParseRequestEntities(NameValueCollection queryString, string templateContent) { if (queryString != null && queryString.Count > 0) { foreach (string key in queryString.Keys) { var value = queryString[key]; value = WebUtility.UrlDecode(value); value = AttackUtils.FilterSqlAndXss(value); templateContent = StringUtils.ReplaceIgnoreCase(templateContent, $"{{Request.{key}}}", value); } } return(RegexUtils.Replace("{Request.[^}]+}", templateContent, string.Empty)); }
private static NameValueCollection GetQueryStringFilterSqlAndXss(string url) { if (string.IsNullOrEmpty(url) || url.IndexOf("?", StringComparison.Ordinal) == -1) { return(new NameValueCollection()); } var attributes = new NameValueCollection(); var querystring = url.Substring(url.IndexOf("?", StringComparison.Ordinal) + 1); var originals = TranslateUtils.ToNameValueCollection(querystring); foreach (string key in originals.Keys) { attributes[key] = AttackUtils.FilterSqlAndXss(originals[key]); } return(attributes); }
public IHttpActionResult Main() { try { var request = new AuthRequest(); var siteId = request.GetPostInt("siteId"); var channelId = request.GetPostInt("channelId"); var contentId = request.GetPostInt("contentId"); var templateId = request.GetPostInt("templateId"); var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId")); var pageUrl = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl")); var testType = AttackUtils.FilterSqlAndXss(request.GetPostString("testType")); //var testValue = PageUtils.FilterSqlAndXss(request.GetPostString("testValue")); //var testOperate = PageUtils.FilterSqlAndXss(request.GetPostString("testOperate")); var successTemplate = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("successTemplate")); var failureTemplate = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("failureTemplate")); var isSuccess = false; if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsUserLoggin)) { isSuccess = request.IsUserLoggin; } else if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsAdministratorLoggin)) { isSuccess = request.IsAdminLoggin; } else if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsUserOrAdministratorLoggin)) { isSuccess = request.IsUserLoggin || request.IsAdminLoggin; } return(Ok(new { Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, templateId, false, isSuccess ? successTemplate : failureTemplate, pageUrl, 0, ajaxDivId, null, request.UserInfo) })); } catch (Exception ex) { return(InternalServerError(ex)); } }
public IHttpActionResult Main() { PageInfo pageInfo = null; var template = string.Empty; try { var request = new RequestImpl(); var form = GetPostCollection(request); var isAllSites = request.GetPostBool(StlSearch.IsAllSites.ToLower()); var siteName = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteName.ToLower())); var siteDir = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteDir.ToLower())); var siteIds = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteIds.ToLower())); var channelIndex = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelIndex.ToLower())); var channelName = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelName.ToLower())); var channelIds = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelIds.ToLower())); var type = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Type.ToLower())); var word = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Word.ToLower())); var dateAttribute = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateAttribute.ToLower())); var dateFrom = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateFrom.ToLower())); var dateTo = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateTo.ToLower())); var since = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Since.ToLower())); var pageNum = request.GetPostInt(StlSearch.PageNum.ToLower()); var isHighlight = request.GetPostBool(StlSearch.IsHighlight.ToLower()); var siteId = request.GetPostInt("siteid"); var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxdivid")); template = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("template")); var pageIndex = request.GetPostInt("page", 1) - 1; var templateInfo = new TemplateInfo(0, siteId, string.Empty, TemplateType.FileTemplate, string.Empty, string.Empty, string.Empty, ECharset.utf_8, false); var siteInfo = SiteManager.GetSiteInfo(siteId); pageInfo = new PageInfo(siteId, 0, siteInfo, templateInfo, new Dictionary <string, object>()) { UserInfo = request.UserInfo }; var contextInfo = new ContextInfo(pageInfo); var contentBuilder = new StringBuilder(StlRequestEntities.ParseRequestEntities(form, template)); var stlLabelList = StlParserUtility.GetStlLabelList(contentBuilder.ToString()); if (StlParserUtility.IsStlElementExists(StlPageContents.ElementName, stlLabelList)) { var stlElement = StlParserUtility.GetStlElement(StlPageContents.ElementName, stlLabelList); var stlPageContentsElement = stlElement; var stlPageContentsElementReplaceString = stlElement; var whereString = DataProvider.ContentDao.GetWhereStringByStlSearch(isAllSites, siteName, siteDir, siteIds, channelIndex, channelName, channelIds, type, word, dateAttribute, dateFrom, dateTo, since, siteId, ApiRouteActionsSearch.ExlcudeAttributeNames, form); var stlPageContents = new StlPageContents(stlPageContentsElement, pageInfo, contextInfo, pageNum, siteInfo.TableName, whereString); var pageCount = stlPageContents.GetPageCount(out var totalNum); if (totalNum == 0) { return(NotFound()); } for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex != pageIndex) { continue; } var pageHtml = stlPageContents.Parse(totalNum, currentPageIndex, pageCount, false); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageContentsElementReplaceString, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } Parser.Parse(pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } else if (StlParserUtility.IsStlElementExists(StlPageSqlContents.ElementName, stlLabelList)) { var stlElement = StlParserUtility.GetStlElement(StlPageSqlContents.ElementName, stlLabelList); var stlPageSqlContents = new StlPageSqlContents(stlElement, pageInfo, contextInfo); var pageCount = stlPageSqlContents.GetPageCount(out var totalNum); if (totalNum == 0) { return(NotFound()); } for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++) { if (currentPageIndex != pageIndex) { continue; } var pageHtml = stlPageSqlContents.Parse(totalNum, currentPageIndex, pageCount, false); var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlElement, pageHtml)); StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum); if (isHighlight && !string.IsNullOrEmpty(word)) { var pagedContents = pagedBuilder.ToString(); pagedBuilder = new StringBuilder(); pagedBuilder.Append(RegexUtils.Replace( $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents, $"<span style='color:#cc0000'>{word}</span>")); } Parser.Parse(pageInfo, contextInfo, pagedBuilder, string.Empty, false); return(Ok(pagedBuilder.ToString())); } } Parser.Parse(pageInfo, contextInfo, contentBuilder, string.Empty, false); return(Ok(contentBuilder.ToString())); } catch (Exception ex) { var message = LogUtils.AddStlErrorLog(pageInfo, StlSearch.ElementName, template, ex); return(BadRequest(message)); } }
public void Page_Load(object sender, EventArgs e) { if (IsForbidden) { return; } PageUtils.CheckRequestParameter("siteId", "channelId", "ReturnUrl"); _channelId = AuthRequest.GetQueryInt("channelId"); ReturnUrl = StringUtils.ValueFromUrl(AttackUtils.FilterSqlAndXss(AuthRequest.GetQueryString("ReturnUrl"))); //if (!base.HasChannelPermissions(this.channelId, AppManager.CMS.Permission.Channel.ChannelAdd)) //{ // PageUtils.RedirectToErrorPage("您没有添加栏目的权限!"); // return; //} var parentNodeInfo = ChannelManager.GetChannelInfo(SiteId, _channelId); if (parentNodeInfo.Additional.IsChannelAddable == false) { PageUtils.RedirectToErrorPage("此栏目不能添加子栏目!"); return; } CacAttributes.SiteInfo = SiteInfo; CacAttributes.ChannelId = _channelId; if (!IsPostBack) { ChannelManager.AddListItems(DdlParentChannelId.Items, SiteInfo, true, true, AuthRequest.AdminPermissionsImpl); ControlUtils.SelectSingleItem(DdlParentChannelId, _channelId.ToString()); DdlContentModelPluginId.Items.Add(new ListItem("<默认>", string.Empty)); var contentTables = PluginContentManager.GetContentModelPlugins(); foreach (var contentTable in contentTables) { DdlContentModelPluginId.Items.Add(new ListItem(contentTable.Title, contentTable.Id)); } ControlUtils.SelectSingleItem(DdlContentModelPluginId, parentNodeInfo.ContentModelPluginId); var plugins = PluginContentManager.GetAllContentRelatedPlugins(false); if (plugins.Count > 0) { foreach (var pluginMetadata in plugins) { CblContentRelatedPluginIds.Items.Add(new ListItem(pluginMetadata.Title, pluginMetadata.Id)); } } else { PhContentRelatedPluginIds.Visible = false; } CacAttributes.Attributes = new AttributesImpl(); TbImageUrl.Attributes.Add("onchange", GetShowImageScript("preview_NavigationPicPath", SiteInfo.Additional.WebUrl)); var showPopWinString = ModalFilePathRule.GetOpenWindowString(SiteId, _channelId, true, TbChannelFilePathRule.ClientID); BtnCreateChannelRule.Attributes.Add("onclick", showPopWinString); showPopWinString = ModalFilePathRule.GetOpenWindowString(SiteId, _channelId, false, TbContentFilePathRule.ClientID); BtnCreateContentRule.Attributes.Add("onclick", showPopWinString); showPopWinString = ModalSelectImage.GetOpenWindowString(SiteInfo, TbImageUrl.ClientID); BtnSelectImage.Attributes.Add("onclick", showPopWinString); showPopWinString = ModalUploadImage.GetOpenWindowString(SiteId, TbImageUrl.ClientID); BtnUploadImage.Attributes.Add("onclick", showPopWinString); ELinkTypeUtils.AddListItems(DdlLinkType); ETaxisTypeUtils.AddListItemsForChannelEdit(DdlTaxisType); ControlUtils.SelectSingleItem(DdlTaxisType, ETaxisTypeUtils.GetValue(ETaxisType.OrderByTaxisDesc)); ControlUtils.AddListControlItems(CblNodeGroupNameCollection, ChannelGroupManager.GetGroupNameList(SiteId)); //CblNodeGroupNameCollection.DataSource = DataProvider.ChannelGroupDao.GetDataSource(SiteId); DdlChannelTemplateId.DataSource = DataProvider.TemplateDao.GetDataSourceByType(SiteId, TemplateType.ChannelTemplate); DdlContentTemplateId.DataSource = DataProvider.TemplateDao.GetDataSourceByType(SiteId, TemplateType.ContentTemplate); DataBind(); DdlChannelTemplateId.Items.Insert(0, new ListItem("<默认>", "0")); DdlChannelTemplateId.Items[0].Selected = true; DdlContentTemplateId.Items.Insert(0, new ListItem("<默认>", "0")); DdlContentTemplateId.Items[0].Selected = true; TbContent.SetParameters(SiteInfo, ChannelAttribute.Content, string.Empty); } else { CacAttributes.Attributes = new AttributesImpl(Request.Form); } }