public override void SaveDataFields(MvcPostValue MvcPost, MvcResult result)
{
//wangxg 19.8
string val = "";
foreach (var item in MvcPost.BizObject.DataItems)
{
val += item.Value.V;
}
string msg = "";
bool isInject = new DongZheng.H3.WebApi.Controllers.XssAttribute().IsContainXSSCharacter(val, out msg);
if (isInject)
{
result.Successful = false;
result.Errors.Add("检测到SQL敏感字符");
return;
}
isInject = new DongZheng.H3.WebApi.Controllers.SqlInjectAttribute().IsSqlInjectCharacter(val, out msg);
if (isInject)
{
result.Successful = false;
result.Errors.Add("检测到XSS敏感字符");
return;
}
// 保存后,后台执行事件
base.SaveDataFields(MvcPost, result);
}
/// <summary>
/// 保存表单数据到引擎中
/// </summary>
/// <param name="Args"></param>
public override void SaveDataFields(MvcPostValue MvcPost, MvcResult result)
{
try
{
MvcDataItem type = new MvcDataItem();
MvcPost.BizObject.DataItems.TryGetValue("APPLICANT_TYPE", out type);
var dataJson = JsonConvert.SerializeObject(MvcPost.BizObject.DataItems);
var r = JsonConvert.DeserializeObject <List <System.Collections.Generic.Dictionary <object, object> > >(JsonConvert.SerializeObject(type.V));
if (r.Count() > 0)
{
var name = r[0]["NAME1"] + string.Empty;
string msg = "";
bool isInject = new DongZheng.H3.WebApi.Controllers.XssAttribute().IsContainXSSCharacter(name, out msg);
if (isInject)
{
result.Successful = false;
result.Errors.Add("检测到SQL敏感字符");
return;
}
isInject = new DongZheng.H3.WebApi.Controllers.SqlInjectAttribute().IsSqlInjectCharacter(name, out msg);
if (isInject)
{
result.Successful = false;
result.Errors.Add("检测到XSS敏感字符");
return;
}
}
}
catch (Exception ex)
{
}
// 保存后,后台执行事件
base.SaveDataFields(MvcPost, result);
string Command = Request["Command"] + string.Empty;
//1.判断是否成功保存
if (result.Successful && Command.ToLower() == MvcController.Button_Submit)
{
var version = 1;
var tokenId = 1;
var fields = this.ActionContext.Schema.Fields;
var sheetDataType = this.ActionContext.SheetDataType;
var clientActivity = (H3.WorkflowTemplate.ClientActivity) this.ActionContext.ActivityTemplate;
var context = this.ActionContext.Engine.InstanceManager.GetInstanceContext(this.ActionContext.InstanceId);
if (context != null)
{
var tokens = context.GetTokens("Activity2", Instance.TokenState.Unspecified).OrderByDescending(p => p.CreatedTime);
version = tokens.Count() == 0 ? 1 : tokens.Count();
tokenId = tokens.Count() == 0 ? 1 : tokens.FirstOrDefault().TokenId;
}
var instanceId = this.ActionContext.InstanceId;
//2.记录数据变动日志
Task.Run(() =>
{
var trackResult = new DataLogger().DataTrack(MvcPost, fields, sheetDataType, clientActivity);
string sql = "insert into H3.c_fidatatrack(objectid,instanceid,verson,activitycode,datatrack,tokenid,createdtime) values('" + Guid.NewGuid().ToString() + "','" + instanceId + "','" + version + "','Activity2',:content,'" + tokenId + "',to_date('" + DateTime.Now + "','yyyy/mm/dd HH24:MI:SS'))";
try
{
var i = 0;
string connectionCode = "Engine";
var dbObject = AppUtility.Engine.SettingManager.GetBizDbConnectionConfig(connectionCode);
OracleConnection connection = new OracleConnection(dbObject.DbConnectionString);
connection.Open();
OracleCommand Cmd = new OracleCommand(sql, connection);
OracleParameter Temp = new OracleParameter("content", OracleType.NClob);
Temp.Direction = ParameterDirection.Input;
Temp.Value = trackResult;
Cmd.Parameters.Add(Temp);
i = Cmd.ExecuteNonQuery();
connection.Close();
}
catch (Exception ex)
{
AppUtility.Engine.LogWriter.Write("保存风控报告数据异常:" + ex.ToString());
}
}).GetAwaiter();
}
}
