Esempio n. 1
0
        /// <summary>
        /// cmdUpdate_Click runs when the Update button is clicked
        /// </summary>
        /// <history>
        ///     [cnurse]	01/17/2005	documented
        /// </history>
        protected void cmdUpdate_Click(Object sender, EventArgs e)
        {
            try
            {
                string strAlias = txtAlias.Text;
                if (!String.IsNullOrEmpty(strAlias))
                {
                    if (strAlias.IndexOf("://") != -1)
                    {
                        strAlias = strAlias.Remove(0, strAlias.IndexOf("://") + 3);
                    }
                    if (strAlias.IndexOf("\\\\") != -1)
                    {
                        strAlias = strAlias.Remove(0, strAlias.IndexOf("\\\\") + 2);
                    }

                    PortalAliasController p = new PortalAliasController();
                    if (ViewState["PortalAliasID"] != null)
                    {
                        PortalAliasInfo objPortalAliasInfo = new PortalAliasInfo();
                        objPortalAliasInfo.PortalAliasID = Convert.ToInt32(ViewState["PortalAliasID"]);
                        objPortalAliasInfo.PortalID      = Convert.ToInt32(ViewState["PortalID"]);
                        objPortalAliasInfo.HTTPAlias     = strAlias;
                        try
                        {
                            p.UpdatePortalAliasInfo(objPortalAliasInfo);
                        }
                        catch
                        {
                            UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("DuplicateAlias", this.LocalResourceFile), ModuleMessageType.RedError);
                            return;
                        }
                    }
                    else
                    {
                        PortalAliasInfo objPortalAliasInfo;
                        objPortalAliasInfo = p.GetPortalAlias(strAlias, Convert.ToInt32(ViewState["PortalAliasID"]));
                        if (objPortalAliasInfo == null)
                        {
                            objPortalAliasInfo           = new PortalAliasInfo();
                            objPortalAliasInfo.PortalID  = Convert.ToInt32(ViewState["PortalID"]);
                            objPortalAliasInfo.HTTPAlias = strAlias;
                            p.AddPortalAlias(objPortalAliasInfo);
                        }
                        else
                        {
                            UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("DuplicateAlias", this.LocalResourceFile), ModuleMessageType.RedError);
                            return;
                        }
                    }
                    UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("Success", this.LocalResourceFile), ModuleMessageType.GreenSuccess);
                    Response.Redirect(Convert.ToString(ViewState["UrlReferrer"]), true);
                }
            }
            catch (Exception exc)  //Module failed to load
            {
                Exceptions.ProcessModuleLoadException(this, exc);
            }
        }
 protected string AddPortalAlias(string portalAlias, int portalID)
 {
     if (!String.IsNullOrEmpty(portalAlias))
     {
         if (portalAlias.IndexOf("://") != -1)
         {
             portalAlias = portalAlias.Remove(0, portalAlias.IndexOf("://") + 3);
         }
         var objPortalAliasController = new PortalAliasController();
         var objPortalAlias           = objPortalAliasController.GetPortalAlias(portalAlias, portalID);
         if (objPortalAlias == null)
         {
             objPortalAlias = new PortalAliasInfo {
                 PortalID = portalID, HTTPAlias = portalAlias
             };
             objPortalAliasController.AddPortalAlias(objPortalAlias);
         }
     }
     return(portalAlias);
 }
        public void OnBeginRequest(object s, EventArgs e)
        {
            var app           = (HttpApplication)s;
            var server        = app.Server;
            var request       = app.Request;
            var response      = app.Response;
            var requestedPath = app.Request.Url.AbsoluteUri;

            if (RewriterUtils.OmitFromRewriteProcessing(request.Url.LocalPath))
            {
                return;
            }

            //'Carry out first time initialization tasks
            Initialize.Init(app);
            if (request.Url.LocalPath.ToLower().Contains("/install/install.aspx") ||
                request.Url.LocalPath.ToLower().Contains("/install/upgradewizard.aspx") ||
                request.Url.LocalPath.ToLower().Contains("/install/installwizard.aspx") ||
                request.Url.LocalPath.ToLower().Contains("captcha.aspx") ||
                request.Url.LocalPath.ToLower().Contains("scriptresource.axd") ||
                request.Url.LocalPath.ToLower().Contains("webresource.axd") ||
                request.Url.LocalPath.ToLower().Contains("dmxdav.axd")
                )
            {
                return;
            }



            //URL validation
            //check for ".." escape characters commonly used by hackers to traverse the folder tree on the server
            //the application should always use the exact relative location of the resource it is requesting
            var strURL             = request.Url.AbsolutePath;
            var strDoubleDecodeURL = server.UrlDecode(server.UrlDecode(request.RawUrl));

            if (Regex.Match(strURL, "[\\\\/]\\.\\.[\\\\/]").Success || Regex.Match(strDoubleDecodeURL, "[\\\\/]\\.\\.[\\\\/]").Success)
            {
                DotNetNuke.Services.Exceptions.Exceptions.ProcessHttpException(request);
            }
            try
            {
                //fix for ASP.NET canonicalization issues http://support.microsoft.com/?kbid=887459
                if ((request.Path.IndexOf("\\") >= 0 || Path.GetFullPath(request.PhysicalPath) != request.PhysicalPath))
                {
                    DotNetNuke.Services.Exceptions.Exceptions.ProcessHttpException(request);
                }
            }
            catch (Exception exc)
            {
                //DNN 5479
                //request.physicalPath throws an exception when the path of the request exceeds 248 chars.
                //example to test: http://localhost/dotnetnuke_2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/default.aspx
                DnnLog.Error("RawUrl:" + request.RawUrl + " / Referrer:" + request.UrlReferrer.AbsoluteUri, exc);
            }
#if DEBUG
            var timer = new System.Diagnostics.Stopwatch();
            timer.Start();

            app.Context.Items.Add("UrlRewrite:Timer", timer);
#endif

            String domainName;
            RewriteUrl(app, out domainName);

            //blank DomainName indicates RewriteUrl couldn't locate a current portal
            //reprocess url for portal alias if auto add is an option
            if (domainName == "" && CanAutoAddPortalAlias())
            {
                domainName = Globals.GetDomainName(app.Request, true);
            }

            //from this point on we are dealing with a "standard" querystring ( ie. http://www.domain.com/default.aspx?tabid=## )
            //if the portal/url was succesfully identified

            var             tabId           = Null.NullInteger;
            var             portalId        = Null.NullInteger;
            string          portalAlias     = null;
            PortalAliasInfo portalAliasInfo = null;
            var             parsingError    = false;

            // get TabId from querystring ( this is mandatory for maintaining portal context for child portals )
            if (!string.IsNullOrEmpty(request.QueryString["tabid"]))
            {
                if (!Int32.TryParse(request.QueryString["tabid"], out tabId))
                {
                    tabId        = Null.NullInteger;
                    parsingError = true;
                }
            }

            // get PortalId from querystring ( this is used for host menu options as well as child portal navigation )
            if (!string.IsNullOrEmpty(request.QueryString["portalid"]))
            {
                if (!Int32.TryParse(request.QueryString["portalid"], out portalId))
                {
                    portalId     = Null.NullInteger;
                    parsingError = true;
                }
            }

            if (parsingError)
            {
                //The tabId or PortalId are incorrectly formatted (potential DOS)
                DotNetNuke.Services.Exceptions.Exceptions.ProcessHttpException(request);
            }


            try
            {
                //alias parameter can be used to switch portals
                if (request.QueryString["alias"] != null)
                {
                    // check if the alias is valid
                    var childAlias = request.QueryString["alias"];
                    if (!Globals.UsePortNumber())
                    {
                        childAlias = childAlias.Replace(":" + request.Url.Port, "");
                    }

                    if (PortalAliasController.GetPortalAliasInfo(childAlias) != null)
                    {
                        //check if the domain name contains the alias
                        if (childAlias.IndexOf(domainName, StringComparison.OrdinalIgnoreCase) == -1)
                        {
                            //redirect to the url defined in the alias
                            app.Response.AppendHeader("X-Redirect-Reason", "alias parameter");
                            response.Redirect(Globals.GetPortalDomainName(childAlias, request, true), true);
                        }
                        else //the alias is the same as the current domain
                        {
                            portalAlias = childAlias;
                        }
                    }
                }

                //PortalId identifies a portal when set
                if (portalAlias == null)
                {
                    if (portalId != Null.NullInteger)
                    {
                        portalAlias = PortalAliasController.GetPortalAliasByPortal(portalId, domainName);
                    }
                }

                //TabId uniquely identifies a Portal
                if (portalAlias == null)
                {
                    if (tabId != Null.NullInteger)
                    {
                        //get the alias from the tabid, but only if it is for a tab in that domain
                        portalAlias = PortalAliasController.GetPortalAliasByTab(tabId, domainName);
                        if (String.IsNullOrEmpty(portalAlias))
                        {
                            //if the TabId is not for the correct domain
                            //see if the correct domain can be found and redirect it
                            portalAliasInfo = PortalAliasController.GetPortalAliasInfo(domainName);
                            if (portalAliasInfo != null && !request.Url.LocalPath.ToLower().EndsWith("/linkclick.aspx"))
                            {
                                if (app.Request.Url.AbsoluteUri.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase))
                                {
                                    strURL = "https://" + portalAliasInfo.HTTPAlias.Replace("*.", "");
                                }
                                else
                                {
                                    strURL = "http://" + portalAliasInfo.HTTPAlias.Replace("*.", "");
                                }
                                if (strURL.IndexOf(domainName, StringComparison.InvariantCultureIgnoreCase) == -1)
                                {
                                    strURL += app.Request.Url.PathAndQuery;
                                }
                                app.Response.AppendHeader("X-Redirect-Reason", "not correct domain");
                                response.Redirect(strURL, true);
                            }
                        }
                    }
                }

                //else use the domain name
                if (String.IsNullOrEmpty(portalAlias))
                {
                    portalAlias = domainName;
                }
                //using the DomainName above will find that alias that is the domainname portion of the Url
                //ie. dotnetnuke.com will be found even if zzz.dotnetnuke.com was entered on the Url
                portalAliasInfo = PortalAliasController.GetPortalAliasInfo(portalAlias);
                if (portalAliasInfo != null)
                {
                    portalId = portalAliasInfo.PortalID;
                }

                //if the portalid is not known
                if (portalId == Null.NullInteger)
                {
                    bool autoAddPortalAlias = CanAutoAddPortalAlias();

                    if (!autoAddPortalAlias && !request.Url.LocalPath.EndsWith(Globals.glbDefaultPage, StringComparison.InvariantCultureIgnoreCase))
                    {
                        // allows requests for aspx pages in custom folder locations to be processed
                        return;
                    }

                    if (autoAddPortalAlias)
                    {
                        var portalAliasController = new PortalAliasController();
                        portalId = Host.HostPortalID;
                        //the domain name was not found so try using the host portal's first alias
                        if (portalId > Null.NullInteger)
                        {
                            portalAliasInfo           = new PortalAliasInfo();
                            portalAliasInfo.PortalID  = portalId;
                            portalAliasInfo.HTTPAlias = portalAlias;
                            portalAliasController.AddPortalAlias(portalAliasInfo);
                            app.Response.AppendHeader("X-Redirect-Reason", "auto add portalalis");
                            response.Redirect(app.Request.Url.ToString(), true);
                        }
                    }
                }
            }
            catch (ThreadAbortException exc)
            {
                //Do nothing if Thread is being aborted - there are two response.redirect calls in the Try block
                DnnLog.Debug(exc);
            }
            catch (Exception ex)
            {
                //500 Error - Redirect to ErrorPage
                DnnLog.Error(ex);

                strURL = "~/ErrorPage.aspx?status=500&error=" + server.UrlEncode(ex.Message);
                HttpContext.Current.Response.Clear();
                HttpContext.Current.Server.Transfer(strURL);
            }
            if (portalId != -1)
            {
                //load the PortalSettings into current context
                var portalSettings = new PortalSettings(tabId, portalAliasInfo);
                app.Context.Items.Add("PortalSettings", portalSettings);

                // load PortalSettings and HostSettings dictionaries into current context
                // specifically for use in DotNetNuke.Web.Client, which can't reference DotNetNuke.dll to get settings the normal way
                app.Context.Items.Add("PortalSettingsDictionary", PortalController.GetPortalSettingsDictionary(portalId));
                app.Context.Items.Add("HostSettingsDictionary", HostController.Instance.GetSettingsDictionary());
#if DNN71
                if (portalSettings.PortalAliasMappingMode == PortalSettings.PortalAliasMapping.Redirect &&
                    portalAliasInfo != null && !portalAliasInfo.IsPrimary && !request.IsLocal)
                {
#else
                if (portalSettings.PortalAliasMappingMode == PortalSettings.PortalAliasMapping.Redirect &&
                    !String.IsNullOrEmpty(portalSettings.DefaultPortalAlias) &&
                    portalAliasInfo != null &&
                    portalAliasInfo.HTTPAlias != portalSettings.DefaultPortalAlias && !request.IsLocal)
                {
#endif

                    //Permanently Redirect
                    response.StatusCode = 301;

                    var redirectAlias = Globals.AddHTTP(portalSettings.DefaultPortalAlias);
                    var checkAlias    = Globals.AddHTTP(portalAliasInfo.HTTPAlias);
                    var redirectUrl   = redirectAlias + request.RawUrl;
                    if (redirectUrl.StartsWith(checkAlias, StringComparison.InvariantCultureIgnoreCase))
                    {
                        redirectUrl = redirectAlias + redirectUrl.Substring(checkAlias.Length);
                    }
                    app.Response.AppendHeader("X-Redirect-Reason", "alias redirect");
                    response.AppendHeader("Location", redirectUrl);
                }

                //manage page URL redirects - that reach here because they bypass the built-in navigation
                //ie Spiders, saved favorites, hand-crafted urls etc
                if (!String.IsNullOrEmpty(portalSettings.ActiveTab.Url) && request.QueryString["ctl"] == null && request.QueryString["fileticket"] == null)
                {
                    //Target Url
                    var redirectUrl = portalSettings.ActiveTab.FullUrl;
                    app.Response.AppendHeader("X-Redirect-Reason", "page url redirect");
                    if (portalSettings.ActiveTab.PermanentRedirect)
                    {
                        //Permanently Redirect

                        response.StatusCode = 301;
                        response.AppendHeader("Location", redirectUrl);
                    }
                    else
                    {
                        //Normal Redirect
                        response.Redirect(redirectUrl, true);
                    }
                }

                //manage secure connections
                if (request.Url.AbsolutePath.EndsWith(".aspx", StringComparison.InvariantCultureIgnoreCase))
                {
                    //request is for a standard page
                    strURL = "";
                    //if SSL is enabled
                    if (portalSettings.SSLEnabled)
                    {
                        //if page is secure and connection is not secure orelse ssloffload is enabled and server value exists
                        if ((portalSettings.ActiveTab.IsSecure && !request.IsSecureConnection) && (IsSSLOffloadEnabled(request) == false))
                        {
                            //switch to secure connection
                            strURL = requestedPath.Replace("http://", "https://");
                            strURL = FormatDomain(strURL, portalSettings.STDURL, portalSettings.SSLURL);
                        }
                    }
                    //if SSL is enforced
                    if (portalSettings.SSLEnforced)
                    {
                        //if page is not secure and connection is secure
                        if ((!portalSettings.ActiveTab.IsSecure && request.IsSecureConnection))
                        {
                            //check if connection has already been forced to secure orelse ssloffload is disabled
                            if (request.QueryString["ssl"] == null)
                            {
                                strURL = requestedPath.Replace("https://", "http://");
                                strURL = FormatDomain(strURL, portalSettings.SSLURL, portalSettings.STDURL);
                            }
                        }
                    }

                    //if a protocol switch is necessary
                    if (!String.IsNullOrEmpty(strURL))
                    {
                        if (strURL.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase))
                        {
                            //redirect to secure connection
                            app.Response.AppendHeader("X-Redirect-Reason", "redirect to secure");
                            response.Redirect(strURL, true);
                        }
                        else //when switching to an unsecure page, use a clientside redirector to avoid the browser security warning
                        {
                            response.Clear();
                            //add a refresh header to the response
                            response.AddHeader("Refresh", "0;URL=" + strURL);
                            //add the clientside javascript redirection script
                            response.Write("<html><head><title></title>");
                            response.Write("<!-- <script language=\"javascript\">window.location.replace(\"" + strURL + "\")</script> -->");
                            response.Write("</head><body></body></html>");
                            //send the response
                            response.End();
                        }
                    }
                }
            }
            else
            {
                //alias does not exist in database
                //and all attempts to find another have failed
                //this should only happen if the HostPortal does not have any aliases
                //404 Error - Redirect to ErrorPage
                strURL = "~/ErrorPage.aspx?status=404&error=" + domainName;
                HttpContext.Current.Response.Clear();
                HttpContext.Current.Server.Transfer(strURL);
            }

            if (app.Context.Items["FirstRequest"] != null)
            {
                app.Context.Items.Remove("FirstRequest");

                //Process any messages in the EventQueue for the Application_Start_FirstRequest event
                EventQueueController.ProcessMessages("Application_Start_FirstRequest");
            }
#if DEBUG
            app.Response.AddHeader("X-OpenUrlRewriter-OnBeginRequest", timer.Elapsed.TotalMilliseconds.ToString());
#endif
        }
        protected void SaveAlias(object source, CommandEventArgs e)
        {
            var    controller = new PortalAliasController();
            bool   isChild    = false;
            string childPath  = string.Empty;
            string message    = string.Empty;

            //Get the index of the row to save
            int index = dgPortalAlias.EditItemIndex;

            var portalAlias = (PortalAliasInfo)Aliases[index];
            var ctlAlias    = (TextBox)dgPortalAlias.Items[index].Cells[1].FindControl("txtHTTPAlias");
            var chkChild    = (CheckBox)dgPortalAlias.Items[index].Cells[2].FindControl("chkChild");

            string strAlias = ctlAlias.Text.Trim();

            if (string.IsNullOrEmpty(strAlias))
            {
                message = Localization.GetString("InvalidAlias", LocalResourceFile);
            }
            else
            {
                if (strAlias.IndexOf("://") != -1)
                {
                    strAlias = strAlias.Remove(0, strAlias.IndexOf("://") + 3);
                }
                if (strAlias.IndexOf("\\\\") != -1)
                {
                    strAlias = strAlias.Remove(0, strAlias.IndexOf("\\\\") + 2);
                }

                isChild = (chkChild != null && chkChild.Checked);

                //Validate Alias
                if (!PortalAliasController.ValidateAlias(strAlias, false))
                {
                    message = Localization.GetString("InvalidAlias", LocalResourceFile);
                }

                //Validate Child Folder Name
                if (isChild)
                {
                    childPath = strAlias.Substring(strAlias.LastIndexOf("/") + 1);
                    if (!PortalAliasController.ValidateAlias(childPath, true))
                    {
                        message = Localization.GetString("InvalidAlias", LocalResourceFile);
                    }
                }
            }

            if (string.IsNullOrEmpty(message) && isChild)
            {
                //Attempt to create child folder
                string childPhysicalPath = Server.MapPath(childPath);

                if (Directory.Exists(childPhysicalPath))
                {
                    message = Localization.GetString("ChildExists", LocalResourceFile);
                }
                else
                {
                    message = PortalController.CreateChildPortalFolder(childPhysicalPath);
                }
            }

            if (string.IsNullOrEmpty(message))
            {
                portalAlias.HTTPAlias = strAlias;
                if (AddMode)
                {
                    controller.AddPortalAlias(portalAlias);
                }
                else
                {
                    controller.UpdatePortalAliasInfo(portalAlias);
                }

                //Reset Edit Index
                lblError.Visible            = false;
                dgPortalAlias.EditItemIndex = -1;
                _Aliases = null;
            }
            else
            {
                lblError.Text    = message;
                lblError.Visible = true;
            }

            BindAliases();
        }