public async Task <IActionResult> Details(int id, string review)
{
var pie = await _pieRepository.GetById(id);
if (pie == null)
{
return(NotFound());
}
//html encode the user input - useful for html input fields - ensures malicious script inout cant be re-rendered later
try
{
string encodedReview = _htmlEncoder.Encode(review);
await _pieReviewRepository.AddPieReview(new PieReview()
{
Pie = pie, Review = encodedReview
});
}
catch (Exception e)
{
_logger.LogWarning(e.Message, "Error attempting to html encode user review");
}
return(View(new PieDetailViewModel()
{
Pie = pie
}));
}
public async Task <IActionResult> Details(int id, string review)
{
var pie = _pieRepository.GetPieById(id);
if (pie == null)
{
// _logger.LogWarning(LogEventIds.GetPieIdNotFound, new Exception("Pie not found"), "Pie with id {0} not found", id);
return(NotFound());
}
if (string.IsNullOrEmpty(review) || review == String.Empty)
{
ModelState.AddModelError("", "review empty");
}
else
{
var user = await _userManager.GetUserAsync(User);
string encodedReview = _htmlEncoder.Encode(review);
_pieReviewRepository.AddPieReview(
new PieReview()
{
Pie = pie,
// UserReview = user,
UserName = $"{user.FirstName} {user.LastName}",
UserId = user.Id,
Review = encodedReview
});
}
return(View(new PieDetailViewModel()
{
Pie = pie
}));
}
public IActionResult Details(int id, string review)
{
var pie = _pieRepository.GetPieById(id);
if (pie == null)
{
return(NotFound());
}
string encodedReview = _htmlEncoder.Encode(review);
_pieReviewRepository.AddPieReview(new PieReview()
{
Pie = pie, Review = encodedReview
});
return(View(new PieDetailViewModel()
{
Pie = pie
}));
}
public IActionResult Details(int id, string review)
{
var pie = _pieRepository.GetPieById(id);
if (pie == null)
{
_logger.LogDebug(LogEventIds.GetPieIdNotFound, new Exception("Pie Not Found"), "Pie with id {0} not found", id);
return(NotFound());
}
string encodedReview = _htmlEncoder.Encode(review);
_pieReviewRepository.AddPieReview(new PieReview()
{
Pie = pie, Review = encodedReview
});
return(View(new PieDetailViewModel()
{
Pie = pie
}));
}
public IActionResult Details(int id, string review)
{
var pie = _pieRepository.GetPieById(id);
if (pie == null)
{
return(NotFound());
}
// Protect against XSS attacks by encoding all input
string encodedReview = _htmlEncoder.Encode(review);
_pieReviewRepository.AddPieReview(new PieReview()
{
Pie = pie, Review = encodedReview
});
return(View(new PieDetailViewModel()
{
Pie = pie, Review = ""
}));
}
