protected void CourseIndexDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e)
{
if (e.ParameterValues[1] != null)
{
//防注入,替换四个关键key
// e.ParameterValues[1].ToString().Replace("'", "''");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("'", "''");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("[", "[[]");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("%", "[%]");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("_", "[_]");
/*
* AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("[", "[[]"));
* AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("%", "[%]"));
* AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("_", "[_]"));
*/
}
}
protected void UserStatisticalDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e)
{
if (e.ParameterValues[0].ToString().Equals("all"))
{
e.ParameterValues[0] = null;
return;
}
if (e.ParameterValues[1] != null)
{
//防注入,替换四个关键key
// e.ParameterValues[1].ToString().Replace("'", "''");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("'", "''");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("[", "[[]");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("%", "[%]");
e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("_", "[_]");
/*
* AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("[", "[[]"));
* AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("%", "[%]"));
* AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("_", "[_]"));
*/
}
}
protected void SubmissionsSqlDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e)
{
if (Page.User.Identity.IsAuthenticated)
{
if (Page.User.IsInRole("Novell"))
{
string filter = string.Empty;
string datefrom_text = Novell_DateFromTextBox.Text;
string dateto_text = Novell_DateToTextBox.Text;
if (datefrom_text != string.Empty &&
dateto_text != string.Empty)
{
try
{
DateTime datefrom = DateTime.Parse(datefrom_text);
DateTime dateto = DateTime.Parse(dateto_text);
/* Make dateto include the whole of the dateto day */
dateto = dateto.AddHours(23);
dateto = dateto.AddMinutes(59);
dateto = dateto.AddSeconds(59);
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "report_date >= '" + datefrom.ToString("o") + "' AND report_date <= '" + dateto.ToString("o") + "'";
}
catch (FormatException) { }
}
string imp_filter = string.Empty;
foreach (ListItem item in Novell_ImportanceCheckBoxList.Items)
{
if (item.Selected)
{
if (imp_filter != string.Empty)
{
imp_filter += " OR ";
}
imp_filter += "importance='" + item.Value + "'";
}
}
if (imp_filter != string.Empty)
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "(" + imp_filter + ")";
}
if (Novell_AppNameFilterTextBox.Text != string.Empty)
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "application_name='" + Novell_AppNameFilterTextBox.Text + "'";
}
string type_filter = string.Empty;
foreach (ListItem item in Novell_AppTypeCheckBoxList.Items)
{
if (item.Selected)
{
if (type_filter != string.Empty)
{
type_filter += " OR ";
}
type_filter += "application_type='" + item.Value + "'";
}
}
if (type_filter != string.Empty)
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "(" + type_filter + ")";
}
if (Novell_ProfileFilterDropDownList.SelectedItem != null &&
Novell_ProfileFilterDropDownList.SelectedItem.Value != "[All]")
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "display_name='" + Novell_ProfileFilterDropDownList.SelectedItem.Value + "'";
}
// If nothing selected, the empty string will filter nothing
SubmissionsSqlDataSource.FilterExpression = filter;
}
else
{
string filter = string.Empty;
string datefrom_text = LoggedIn_DateFromTextBox.Text;
string dateto_text = LoggedIn_DateToTextBox.Text;
if (datefrom_text != string.Empty &&
dateto_text != string.Empty)
{
try
{
DateTime datefrom = DateTime.Parse(datefrom_text);
DateTime dateto = DateTime.Parse(dateto_text);
/* Make dateto include the whole of the dateto day */
dateto = dateto.AddHours(23);
dateto = dateto.AddMinutes(59);
dateto = dateto.AddSeconds(59);
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "report_date >= '" + datefrom.ToString("o") + "' AND report_date <= '" + dateto.ToString("o") + "'";
}
catch (FormatException) { }
}
string type_filter = string.Empty;
foreach (ListItem item in LoggedIn_AppTypeCheckBoxList.Items)
{
if (item.Selected)
{
if (type_filter != string.Empty)
{
type_filter += " OR ";
}
type_filter += "application_type='" + item.Value + "'";
}
}
if (type_filter != string.Empty)
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "(" + type_filter + ")";
}
if (LoggedIn_ProfileFilterDropDownList.SelectedItem != null &&
LoggedIn_ProfileFilterDropDownList.SelectedItem.Value != "[All]")
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "display_name='" + LoggedIn_ProfileFilterDropDownList.SelectedItem.Value + "'";
}
// If nothing selected, the empty string will filter nothing
SubmissionsSqlDataSource.FilterExpression = filter;
}
}
}
protected void IssuesSqlDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e)
{
if (Page.User.Identity.IsAuthenticated)
{
string filter = string.Empty;
foreach (ListItem item in IssueTypeFilterCheckBoxList.Items)
{
if (item.Selected)
{
if (filter != string.Empty)
{
filter += " OR ";
}
filter += "lookup_name='" + item.Value + "'";
}
}
if (IssueNamespaceFilterTextBox.Text != string.Empty)
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "method_namespace='" + IssueNamespaceFilterTextBox.Text + "'";
}
if (IssueClassFilterTextBox.Text != string.Empty)
{
if (filter != string.Empty)
{
filter += " AND ";
}
filter += "method_class='" + IssueClassFilterTextBox.Text + "'";
}
// If nothing selected, the empty string will filter nothing
IssuesSqlDataSource.FilterExpression = filter;
}
}
