protected virtual string GetRequestInfoJavaScript(string webScreenKey, string webScreenName) { var info = AppInfo.GetAppInfo(); using (var writer = new StringWriter()) { writer.Write(" <script id=\"_OSrequestInfoScript\" type=\"text/javascript\">(function(global) { "); writer.Write("global.outsystems = global.outsystems || {};"); writer.Write("global.outsystems.internal = global.outsystems.internal || {};"); if (Settings.GetBool(Settings.Configs.JavascriptAPI_ShowHiddenFields)) { writer.Write("global.outsystems.internal.showHiddenFields = true;"); } writer.Write("global.outsystems.internal.requestInfo = {"); // #564602 OSVisit and OSVisitor cookies allow HTML injection -check if cookies' value was modified writer.Write("visitorKey:'{0}',", GuidUtils.IsGuid(info.VisitorId) ? info.VisitorId : ""); writer.Write("visitKey:'{0}',", GuidUtils.IsGuid(info.VisitId) ? info.VisitId : ""); writer.Write("sessionKey:'{0}',", info.OsContext.Session.SessionIDHash); writer.Write("userKey:'{0}',", info.OsContext.Session.UserIdGuid); var perfTracer = info.OsContext.RequestTracer; bool perfTracerExists = perfTracer != null; writer.Write("requestKey:'{0}',", (perfTracerExists) ? perfTracer.RequestKey : ""); writer.Write("webScreenKey:'{0}',", ObjectKeyUtils.DatabaseValue(ObjectKey.Parse(webScreenKey))); writer.Write("webScreenName:'{0}',", webScreenName); writer.Write("espaceKey:'{0}',", (perfTracerExists) ? perfTracer.ModuleKey : info.eSpaceUID); writer.Write("espaceName:'{0}',", (perfTracerExists) ? perfTracer.ModuleName : info.eSpaceName); writer.Write("applicationKey:'{0}',", (perfTracerExists) ? perfTracer.ApplicationKey : info.ApplicationUID); writer.Write("applicationName:'{0}',", (perfTracerExists) ? perfTracer.ApplicationName : info.ApplicationName); writer.Write("tenantKey:'{0}',", (perfTracerExists) ? perfTracer.TenantKey : info.Tenant.Id_Guid); writer.Write("tenantName:'{0}',", (perfTracerExists) ? perfTracer.TenantName : info.Tenant.Name); writer.Write("environmentKey:'{0}',", (perfTracerExists) ? perfTracer.EnvironmentKey : info.EnvironmentKey); writer.Write("environmentName:'{0}',", (perfTracerExists) ? perfTracer.EnvironmentName : info.EnvironmentName); if (Settings.GetBool(Settings.Configs.JavascriptAPI_ShowHiddenFields)) { writer.Write("username:'******',", info.OsContext.Session.UserName); writer.Write("frontendName:'{0}',", (perfTracerExists) ? perfTracer.FrontEndName : info.FrontendName); } // #664816 - When the host serial on OSSYS_SERVER is different from the one in the windows registry the FrontendName will not be read from the DB. // We do a null check here to prevent this not vital information from stopping the application load. string value = null; if (perfTracerExists) { value = string.IsNullOrEmpty(perfTracer.FrontEndName) ? "" : SecureConfidentialInformationEncryption.EncryptWithAlgorithm(perfTracer.FrontEndName, SecureConfidentialInformationEncryption.FixedKeyAES128.Instance); } else { value = string.IsNullOrEmpty(info.FrontendName) ? "" : SecureConfidentialInformationEncryption.EncryptWithAlgorithm(info.FrontendName, SecureConfidentialInformationEncryption.FixedKeyAES128.Instance); } writer.Write("frontendKey:'{0}'", value); writer.Write("}"); writer.Write("})(this);"); writer.Write("</script>\n"); return(writer.ToString()); } }
public static ObjectKey Parse(string str) { if (string.IsNullOrEmpty(str) || str == " ") { return(null); } int separatorPos = str.LastIndexOf(SeparatorChar); if (separatorPos == -1) { if (str.StartsWith(LocalKeyPrefix)) { return(new LocalKey(LocalKeyValueUtils.ToLocalKeyValue(str.Substring(LocalKeyPrefix.Length)))); } else if (IsAPre50KeyToKeep(str)) { return(new Pre50Key(str)); } else if (str.Length < Constants.MinimumExtendedGuidLength) { Guid guid = Base64.GuidFromBase64(str); if (guid != Guid.Empty) { return(new GuidKey(guid)); } return(null); } else { if (GuidUtils.IsGuid(str)) { return(new GuidKey(new Guid(str))); } return(null); } } ObjectKey key = Parse(str.Substring(separatorPos + 1)); if (key == null) { return(null); } key.Parent = Parse(str.Substring(0, separatorPos)); return(key); }
protected void Application_AcquireRequestState(Object sender, EventArgs e) { Context.Items["osCurrentPTAName"] = RequestPtaName; Context.Items["osCurrentPTAUserName"] = RequestPtaUserName; Context.Items["osIsLoadingScreen"] = false; RunningInfo.InitializeRunningInfo(); RunningInfo.ESpaceHash = ConfigurationManager.AppSettings["OutSystems.HubEdition.EspaceCompilationHash"]; RunningInfo.ESpaceVersionToken = ConfigurationManager.AppSettings["OutSystems.HubEdition.EspaceVersionToken"]; RunningInfo.ESpaceVersionId = int.Parse(ConfigurationManager.AppSettings["OutSystems.HubEdition.EspaceVersionID"]); RunningInfo.DebugMode = false; // Skips internal pages if (Request.FilePath.ToLowerInvariant().EndsWith("/_ping.aspx") || Request.FilePath.ToLowerInvariant().EndsWith("/_queriescoverage.aspx") || Request.FilePath.ToLower().EndsWith("/_debugger.asmx") || Request.FilePath.ToLower().EndsWith("/_debuggerevents.ashx")) { return; } if (App == null) { // Try again Application_Start(sender, e); if (Application["ApplicationStartError"] != null) { ApplicationStartErrorRedirect(); } } if (App.Tenant.PhoneConfigException != null) { Application["ApplicationStartError"] = App.Tenant.PhoneConfigException; ApplicationStartErrorRedirect(); } // Session Start HeContext heContext = Global.App.OsContext; heContext.InitSession(); var sessionCookieKey = Response.Cookies.AllKeys.FirstIfSingleOrDefault(c => c == CookieActions.GetSessionCookieName()); if (sessionCookieKey != null) { var sessionCookie = Response.Cookies.Get(sessionCookieKey); if (sessionCookie != null && Settings.GetBool(Settings.Configs.EnforceSessionCookiesSecure)) { sessionCookie.Secure = true; } } if (Context.Session == null || heContext.Session.NeedsSessionStart(App.eSpaceName)) { if (Request.Path.ToLowerInvariant().EndsWith("_SmsHandler.aspx")) { Global.App.OsContext.Session["TerminalType"] = "SMS"; Global.App.OsContext.Session["MSISDN"] = Global.App.OsContext.MOMsg.MSISDN; } else if (Request.Path.ToLowerInvariant().EndsWith("smshandler.asmx")) { Global.App.OsContext.Session["TerminalType"] = "SMS"; Global.App.OsContext.Session["MSISDN"] = Request.Headers["MSISDN"]; } else { Global.App.OsContext.Session["TerminalType"] = "WEB"; Global.App.OsContext.Session["MSISDN"] = ""; } if (Application["ApplicationStartError"] != null) { // Try again Application_Start(sender, e); } if (Application["ApplicationStartError"] != null) { ApplicationStartErrorRedirect(); } if (Context.Session != null) { ExtendedActions.AutoLogin(App, App.OsContext.Session); RunOnSessionStart(); } } /* * else { * * } */ // Process visit cookies if (RuntimePlatformUtils.ShouldCreateCookieForRequest()) { if (Request.CurrentExecutionFilePath.ToLowerInvariant().EndsWith(".aspx")) { var osVisitorCookie = Request.Cookies["osVisitor"]; var osVisitCookie = Request.Cookies["osVisit"]; if (osVisitorCookie == null || !GuidUtils.IsGuid(osVisitorCookie.Value)) { osVisitorCookie = new HttpCookie("osVisitor", Guid.NewGuid().ToString()); osVisitorCookie.Expires = DateTime.Now.AddYears(100); // forever SecureCookieUtils.setSecureCookie(osVisitorCookie, heContext.Context.Response); } if (osVisitCookie == null || !GuidUtils.IsGuid(osVisitCookie.Value)) { osVisitCookie = new HttpCookie("osVisit", Guid.NewGuid().ToString()); heContext.Session["osIsNewVisit"] = true; } osVisitCookie.Expires = DateTime.Now.AddMinutes(30); SecureCookieUtils.setSecureCookie(osVisitCookie, heContext.Context.Response); Context.Items["osVisitor"] = osVisitorCookie.Value; Context.Items["osVisit"] = osVisitCookie.Value; } } App.OsContext.Session[GenericExtendedActions.ReqAuditCountSessionName] = 0; // Default Multilingual state if (!App.MultilingualEnabled) { GenericExtendedActions.SetCurrentLocale(heContext, ""); } else { string localeHeader = heContext.OsISAPIFilter.GetLocale(Request); if (localeHeader != null) { try { GenericExtendedActions.SetCurrentLocale(heContext, localeHeader); } catch {} } } }