public HttpResponseMessage CreateExample(ExampleInfo newExample)
{
try
{
newExample.CreatedOnDate = DateTime.Now;
newExample.CreatedByUserId = UserInfo.UserID;
newExample.LastUpdatedOnDate = DateTime.Now;
newExample.LastUpdatedByUserId = UserInfo.UserID;
newExample.ModuleId = ActiveModule.ModuleID;
var security = new PortalSecurity();
newExample.Title = security.InputFilter(newExample.Title.Trim(), PortalSecurity.FilterFlag.NoMarkup);
newExample.Description = security.InputFilter(newExample.Description.Trim(), PortalSecurity.FilterFlag.NoMarkup);
ExampleDataAccess.CreateItem(newExample);
var response = new ServiceResponse <string> {
Content = Globals.RESPONSE_SUCCESS
};
return(Request.CreateResponse(HttpStatusCode.OK, response.ObjectToJson()));
}
catch (Exception ex)
{
Exceptions.LogException(ex);
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ERROR_MESSAGE));
}
}
public HttpResponseMessage UpdateExample(ExampleInfo example)
{
try
{
var originalExample = ExampleDataAccess.GetItem(example.ExampleId, example.ModuleId);
var updatesToProcess = ExampleHasUpdates(ref originalExample, ref example);
if (updatesToProcess)
{
originalExample.LastUpdatedOnDate = DateTime.Now;
originalExample.LastUpdatedByUserId = UserInfo.UserID;
var security = new PortalSecurity();
originalExample.Title = security.InputFilter(originalExample.Title.Trim(), PortalSecurity.FilterFlag.NoMarkup);
originalExample.Description = security.InputFilter(originalExample.Description.Trim(), PortalSecurity.FilterFlag.NoMarkup);
ExampleDataAccess.UpdateItem(originalExample);
}
var savedExample = ExampleDataAccess.GetItem(originalExample.ExampleId, originalExample.ModuleId);
var response = new ServiceResponse <ExampleInfo> {
Content = savedExample
};
return(Request.CreateResponse(HttpStatusCode.OK, response.ObjectToJson()));
}
catch (Exception ex)
{
Exceptions.LogException(ex);
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ERROR_MESSAGE));
}
}
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider,
UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound)
{
if (_nameValueCollection == null)
{
return(string.Empty);
}
var value = _nameValueCollection[strPropertyName];
if (string.IsNullOrEmpty(strFormat))
{
strFormat = string.Empty;
}
if (value != null)
{
var security = new PortalSecurity();
value = security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return(security.InputFilter(PropertyAccess.FormatString(value, strFormat),
PortalSecurity.FilterFlag.NoScripting));
}
else
{
propertyNotFound = true;
return(string.Empty);
}
}
/// <summary>
/// Get Property out of NameValueCollection
/// </summary>
/// <param name="strPropertyName"></param>
/// <param name="strFormat"></param>
/// <param name="formatProvider"></param>
/// <param name="AccessingUser"></param>
/// <param name="AccessLevel"></param>
/// <param name="PropertyNotFound"></param>
/// <returns></returns>
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound)
{
if (NameValueCollection == null)
{
return(string.Empty);
}
var value = NameValueCollection[strPropertyName];
//string OutputFormat = null;
//if (strFormat == string.Empty)
//{
// OutputFormat = "g";
//}
//else
//{
// OutputFormat = string.Empty;
//}
if (value != null)
{
var Security = new PortalSecurity();
value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return(Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting));
}
PropertyNotFound = true;
return(string.Empty);
}
/// -----------------------------------------------------------------------------
/// <summary>
/// UpdateSettings saves the modified settings to the Database
/// </summary>
/// -----------------------------------------------------------------------------
public override void UpdateSettings()
{
try
{
var ctlModule = new ModuleController();
var sec = new PortalSecurity();
var overridePortalGuid = sec.InputFilter(txtPortalGuidOverride.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
var overrideTabId = sec.InputFilter(txtTabIdOverride.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
var overrideTabModuleId = sec.InputFilter(txtTabModuleIdOverride.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
/*
* do I need to clear the cache????
*/
PortalController.UpdatePortalSetting(PortalId, FeatureController.SETTING_PORTALGUID_OVERRIDE, overridePortalGuid);
ctlModule.UpdateTabModuleSetting(TabModuleId, FeatureController.SETTING_TABID_OVERRIDE, overrideTabId);
ctlModule.UpdateTabModuleSetting(TabModuleId, FeatureController.SETTING_TABMODULEID_OVERRIDE, overrideTabModuleId);
// synchronize the module settings
ModuleController.SynchronizeModule(ModuleId);
}
catch (Exception exc) //Module failed to load
{
Exceptions.ProcessModuleLoadException(this, exc);
}
}
/// <summary>
/// Get Property out of NameValueCollection
/// </summary>
/// <param name="strPropertyName"></param>
/// <param name="strFormat"></param>
/// <param name="formatProvider"></param>
/// <param name="AccessingUser"></param>
/// <param name="AccessLevel"></param>
/// <param name="PropertyNotFound"></param>
/// <returns></returns>
public string GetProperty(string strPropertyName, string strFormat, System.Globalization.CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound)
{
if (NameValueCollection == null)
{
return(string.Empty);
}
string value = NameValueCollection[strPropertyName];
string OutputFormat = null;
if (strFormat == string.Empty)
{
OutputFormat = "g";
}
else
{
OutputFormat = string.Empty;
}
if (value != null)
{
PortalSecurity Security = new PortalSecurity();
value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return(Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting));
}
else
{
PropertyNotFound = true;
return(string.Empty);
}
}
public void SaveComment(CommentInfo comment)
{
var portalSecurity = new PortalSecurity();
if (!String.IsNullOrEmpty(comment.Comment))
{
comment.Comment = HttpUtility.HtmlDecode(portalSecurity.InputFilter(comment.Comment, PortalSecurity.FilterFlag.NoScripting));
comment.Comment = portalSecurity.InputFilter(comment.Comment, Security.PortalSecurity.FilterFlag.NoMarkup);
}
//TODO: enable once the profanity filter is working properly.
//objCommentInfo.Comment = portalSecurity.Remove(objCommentInfo.Comment, DotNetNuke.Security.PortalSecurity.ConfigType.ListController, "ProfanityFilter", DotNetNuke.Security.PortalSecurity.FilterScope.PortalList);
if (comment.Comment != null && comment.Comment.Length > 2000)
{
comment.Comment = comment.Comment.Substring(0, 1999);
}
string xml = null;
if (comment.CommentXML != null)
{
xml = comment.CommentXML.OuterXml;
}
comment.CommentId = _dataService.Journal_Comment_Save(comment.JournalId, comment.CommentId, comment.UserId, comment.Comment, xml);
var newComment = GetComment(comment.CommentId);
comment.DateCreated = newComment.DateCreated;
comment.DateUpdated = newComment.DateUpdated;
}
/// <summary>
/// Handles the Click event of the cmdUpdate control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs" /> instance containing the event data.</param>
protected void cmdUpdate_Click(System.Object sender, System.EventArgs e)
{
try
{
// We do not allow for script or markup in the question
PortalSecurity objSecurity = new PortalSecurity();
string question = objSecurity.InputFilter(txtQuestionField.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup);
string answer = objSecurity.InputFilter(teAnswerField.Text, PortalSecurity.FilterFlag.NoScripting);
FAQsController faqsController = new FAQsController();
FAQsInfo faq;
int?newCatID = null;
if (drpCategory.SelectedValue != "-1")
{
newCatID = int.Parse(drpCategory.SelectedValue);
}
// Do we add of update? The Id will tell us
if (FaqId != -1)
{
faq = faqsController.GetFAQ(FaqId);
faq.CategoryId = newCatID;
faq.FaqHide = chkFaqHide.Checked;
faq.PublishDate = datepickerPublishDate.SelectedDate;
faq.ExpireDate = datepickerExpireDate.SelectedDate;
faq.Question = question;
faq.Answer = answer;
faq.DateModified = DateTime.Now;
faqsController.UpdateFAQ(faq);
}
else
{
faq = new FAQsInfo
{
ItemID = FaqId,
CategoryId = newCatID,
FaqHide = chkFaqHide.Checked,
PublishDate = datepickerPublishDate.SelectedDate,
ExpireDate = datepickerExpireDate.SelectedDate,
Question = question,
Answer = answer,
CreatedByUser = UserId.ToString(),
ViewCount = 0,
DateModified = DateTime.Now,
ModuleID = ModuleId,
CreatedDate = DateTime.Now
};
faqsController.AddFAQ(faq);
}
Response.Redirect(Globals.NavigateURL(), true);
}
catch (Exception exc) //Module failed to load
{
Exceptions.ProcessModuleLoadException(this, exc);
}
}
private void SaveHangout()
{
var ctlHangout = new DNNHangoutController();
var sec = new PortalSecurity();
HangoutInfo hangout = null;
// get an instance of the hangout (if necessary)
if (Hangout == null)
{
hangout = new HangoutInfo();
}
else
{
hangout = Hangout;
}
// populate the hangout with the user field values
hangout.Description = sec.InputFilter(txtDescription.Text.Trim(), PortalSecurity.FilterFlag.NoScripting);
hangout.Duration = int.Parse(sec.InputFilter(txtDuration.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup), NumberStyles.Integer);
hangout.HangoutAddress = sec.InputFilter(txtHangoutAddress.Text.Trim(), PortalSecurity.FilterFlag.NoScripting);
hangout.StartDate = txtStartDate.SelectedDate != null ? txtStartDate.SelectedDate.Value : DateTime.Now;
hangout.Title = sec.InputFilter(txtTitle.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
// determine the units to use
if (ddlDurationUnits.SelectedIndex == 0)
{
hangout.DurationUnits = DurationType.Minutes;
}
else
{
hangout.DurationUnits = DurationType.Hours;
}
var contentItemId = Null.NullInteger;
// update or create the hangout
if (HangoutId > Null.NullInteger)
{
// update hangout
contentItemId = ctlHangout.UpdateContentItem(TabId, ModuleId, hangout.ContentItemId, hangout);
}
else
{
// new hangout
contentItemId = ctlHangout.CreateContentItem(TabId, ModuleId, hangout);
}
if (contentItemId > Null.NullInteger)
{
// update the module settings to set the default Google Hangout to show on the first page load
var ctlModule = new ModuleController();
ctlModule.UpdateTabModuleSetting(TabModuleId, DNNHangoutController.SETTINGS_HANGOUT_ID, contentItemId.ToString());
ModuleController.SynchronizeModule(ModuleId);
}
}
/// <summary>
/// newUrl returns the new URL based on the new language.
/// Basically it is just a call to NavigateUrl, with stripped qs parameters
/// </summary>
/// <param name="newLanguage"></param>
/// <history>
/// [erikvb] 20070814 added
/// </history>
private string NewUrl(string newLanguage)
{
var objSecurity = new PortalSecurity();
Locale newLocale = LocaleController.Instance.GetLocale(newLanguage);
//Ensure that the current ActiveTab is the culture of the new language
int tabId = objPortal.ActiveTab.TabID;
bool islocalized = false;
TabInfo localizedTab = new TabController().GetTabByCulture(tabId, objPortal.PortalId, newLocale);
if (localizedTab != null)
{
islocalized = true;
tabId = localizedTab.TabID;
}
var rawQueryString = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl).Query;
return
(objSecurity.InputFilter(
Globals.NavigateURL(tabId, objPortal.ActiveTab.IsSuperTab, objPortal, HttpContext.Current.Request.QueryString["ctl"], newLanguage, GetQsParams(newLocale.Code, islocalized)) +
rawQueryString,
PortalSecurity.FilterFlag.NoScripting));
}
/// <summary>
/// Processes a post's body content prior to submission to the data store. It performs all content manipulation including security checks and returns it for saving to the data store.
/// </summary>
/// <param name="content"></param>
/// <returns>This will likely be updated w/ more content manipulation prior to save.</returns>
public static string ProcessSavePostBody(string content)
{
var cntSecurity = new PortalSecurity();
var cleanContent = cntSecurity.InputFilter(content, PortalSecurity.FilterFlag.NoScripting);
return(cleanContent);
}
private string ReformatForYouTube(string embedCode)
{
string strReturn = Server.HtmlDecode(embedCode);
if (Regex.IsMatch(strReturn, YOUTUBE_EMBED_MATCH, RegexOptions.IgnoreCase))
{
// this is an embed code
string strUrl = Regex.Match(embedCode, YOUTUBE_EMBED_MATCH, RegexOptions.IgnoreCase).Groups[1].Value;
if (!(Regex.IsMatch(strUrl, YOUTUBE_OPAQUE_MATCH, RegexOptions.IgnoreCase)))
{
strUrl = (strUrl.Contains("?")) ? string.Concat(strUrl, "&", YOUTUBE_OPAQUE) : string.Concat(strUrl, "?", YOUTUBE_OPAQUE);
}
strReturn = Regex.Replace(embedCode, YOUTUBE_EMBED_URL_MATCH, strUrl, RegexOptions.IgnoreCase);
}
else if (Regex.IsMatch(strReturn, YOUTUBE_MATCH, RegexOptions.IgnoreCase))
{
// this is a URL
if (!(Regex.IsMatch(strReturn, YOUTUBE_OPAQUE_MATCH, RegexOptions.IgnoreCase)))
{
strReturn = (strReturn.Contains("?")) ? string.Concat(strReturn, "&", YOUTUBE_OPAQUE) : string.Concat(strReturn, "?", YOUTUBE_OPAQUE);
}
}
var sec = new PortalSecurity();
return(sec.InputFilter(strReturn, PortalSecurity.FilterFlag.NoMarkup));
}
/// -----------------------------------------------------------------------------
/// <summary>
/// Page_Load runs when the control is loaded
/// </summary>
/// <history>
/// [cnurse] 11/11/2004 documented
/// [cnurse] 12/13/2004 Switched to using a DataGrid for Search Results
/// </history>
/// -----------------------------------------------------------------------------
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
dgResults.PageIndexChanged += dgResults_PageIndexChanged;
ctlPagingControl.PageChanged += ctlPagingControl_PageChanged;
var objSecurity = new PortalSecurity();
if (Request.Params["Search"] != null)
{
_SearchQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Search"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
}
if (!String.IsNullOrEmpty(_SearchQuery))
{
if (!Page.IsPostBack)
{
BindData();
}
}
else
{
if (IsEditable)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
ContainerControl.Visible = false;
}
}
}
public static string RemoveHTML(string sText)
{
if (string.IsNullOrEmpty(sText))
{
return(string.Empty);
}
sText = HttpUtility.HtmlDecode(sText);
sText = HttpUtility.UrlDecode(sText);
sText = sText.Trim();
if (string.IsNullOrEmpty(sText))
{
return(string.Empty);
}
PortalSecurity objPortalSecurity = new PortalSecurity();
sText = objPortalSecurity.InputFilter(sText, PortalSecurity.FilterFlag.NoScripting);
sText = FilterScripts(sText);
string strip = "/*,*/,alert,document.,window.,eval(,eval[,src=,rel=,href=,@import,vbscript,javascript,jscript,msgbox,<style";
foreach (string s in strip.Split(','))
{
if (sText.ToUpper().Contains(s.ToUpper()))
{
sText = sText.Replace(s.ToUpper(), string.Empty);
sText = sText.Replace(s, string.Empty);
}
}
string pattern = "<(.|\\n)*?>";
sText = Regex.Replace(sText, pattern, string.Empty, RegexOptions.IgnoreCase);
sText = HttpUtility.HtmlEncode(sText);
//sText = HttpUtility.UrlEncode(sText)
return(sText);
}
protected override void RenderAttributes(HtmlTextWriter writer)
{
StringWriter stringWriter = new StringWriter();
HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter);
base.RenderAttributes(htmlWriter);
string html = stringWriter.ToString();
// Locate and replace action attribute
int startPoint = html.IndexOf("action=\"");
if (startPoint >= 0) //does action exist?
{
int endPoint = html.IndexOf("\"", startPoint + 8) + 1;
html = html.Remove(startPoint, endPoint - startPoint);
PortalSecurity objSecurity = new PortalSecurity();
html = html.Insert(startPoint, "action=\"" + objSecurity.InputFilter(HttpContext.Current.Request.RawUrl, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) + "\"");
}
//' Locate and replace id attribute
if (base.ID != null)
{
startPoint = html.IndexOf("id=\"");
if (startPoint >= 0) //does id exist?
{
int EndPoint = html.IndexOf("\"", startPoint + 4) + 1;
html = html.Remove(startPoint, EndPoint - startPoint);
html = html.Insert(startPoint, "id=\"" + base.ClientID + "\"");
}
}
writer.Write(html);
}
private static string GetFilteredValue(PortalSecurity objSecurity, string value)
{
return(objSecurity.InputFilter(
value,
PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets
| PortalSecurity.FilterFlag.NoMarkup));
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
var objSecurity = new PortalSecurity();
if ((Request.Params["Tag"] != null))
{
_tagQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Tag"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
}
if (_tagQuery.Length > 0)
{
// if (!Page.IsPostBack)
// {
BindData();
// }
}
else
{
if (IsEditable)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
ContainerControl.Visible = false;
}
}
}
private int ParsePriotityLevel(PortalSecurity security)
{
var priorityInput = security.InputFilter(txtCrmPriority.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
var priorityLevel = InjectionController.GetCrmPriority(priorityInput);
return((priorityLevel > Null.NullInteger) ? priorityLevel : Null.NullInteger);
}
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
//public attributes
if (!String.IsNullOrEmpty(CssClass))
{
titleLabel.CssClass = CssClass;
}
string moduleTitle = Null.NullString;
if (ModuleControl != null)
{
moduleTitle = Localization.LocalizeControlTitle(ModuleControl);
}
if (moduleTitle == Null.NullString)
{
moduleTitle = " ";
}
var ps = new PortalSecurity();
titleLabel.Text = ps.InputFilter(moduleTitle, PortalSecurity.FilterFlag.NoScripting);
titleLabel.EditEnabled = false;
titleToolbar.Visible = false;
if (CanEditModule() && PortalSettings.InlineEditorEnabled)
{
titleLabel.EditEnabled = true;
titleToolbar.Visible = true;
}
}
public static string FilterScripts(string text)
{
if (string.IsNullOrEmpty(text))
{
return(string.Empty);
}
PortalSecurity objPortalSecurity = new PortalSecurity();
try
{
text = objPortalSecurity.InputFilter(text, PortalSecurity.FilterFlag.NoScripting);
}
catch (Exception ex)
{
}
string pattern = "<script.*/*>|</script>|<[a-zA-Z][^>]*=['\"]+javascript:\\w+.*['\"]+>|<\\w+[^>]*\\son\\w+=.*[ /]*>";
text = Regex.Replace(text, pattern, string.Empty, RegexOptions.IgnoreCase);
string strip = "/*,*/,alert,document.,window.,eval(,eval[,@import,vbscript,javascript,jscript,msgbox";
foreach (string s in strip.Split(','))
{
if (text.ToUpper().Contains(s.ToUpper()))
{
text = text.Replace(s.ToUpper(), string.Empty);
text = text.Replace(s, string.Empty);
}
}
return(text);
}
public static string Clean(string input,
PortalSecurity.FilterFlag filterFlag = PortalSecurity.FilterFlag.NoMarkup)
{
var ps = new PortalSecurity();
return(ps.InputFilter(input, filterFlag));
}
/// <summary>
/// Register in the log if the email was sent
/// </summary>
/// <param name="message"></param>
private void LogResult(string message)
{
var portalSecurity = new PortalSecurity();
var objEventLog = new EventLogController();
var objEventLogInfo = new LogInfo();
objEventLogInfo.AddProperty("IP", _ipAddress);
objEventLogInfo.LogPortalID = PortalSettings.PortalId;
objEventLogInfo.LogPortalName = PortalSettings.PortalName;
objEventLogInfo.LogUserID = currentUser.UserID;
objEventLogInfo.LogUserName = portalSecurity.InputFilter(currentUser.Username,
PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup);
if (string.IsNullOrEmpty(message))
{
objEventLogInfo.LogTypeKey = "PASSWORD_SENT_SUCCESS";
}
else
{
objEventLogInfo.LogTypeKey = "PASSWORD_SENT_FAILURE";
objEventLogInfo.LogProperties.Add(new LogDetailInfo("Cause", message));
}
objEventLog.AddLog(objEventLogInfo);
}
private void LogResult(string message)
{
var portalSecurity = new PortalSecurity();
var log = new LogInfo
{
LogPortalID = PortalSettings.PortalId,
LogPortalName = PortalSettings.PortalName,
LogUserID = UserId,
LogUserName = portalSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup)
};
if (string.IsNullOrEmpty(message))
{
log.LogTypeKey = "PASSWORD_SENT_SUCCESS";
}
else
{
log.LogTypeKey = "PASSWORD_SENT_FAILURE";
log.LogProperties.Add(new LogDetailInfo("Cause", message));
}
log.AddProperty("IP", _ipAddress);
LogController.Instance.AddLog(log);
}
/// -----------------------------------------------------------------------------
/// <summary>
/// UpdateSettings saves the modified settings to the Database
/// </summary>
/// -----------------------------------------------------------------------------
public override void UpdateSettings()
{
try
{
var ctlModule = new ModuleController();
var sec = new PortalSecurity();
var template = sec.InputFilter(txtTemplate.Text.Trim(), PortalSecurity.FilterFlag.NoSQL);
if (chkTemplateScope.Checked)
{
ctlModule.UpdateTabModuleSetting(TabModuleId, DNNHangoutController.SETTINGS_TEMPLATE, template);
}
else
{
ctlModule.UpdateModuleSetting(ModuleId, DNNHangoutController.SETTINGS_TEMPLATE, template);
}
// clear any cached hangouts
DataCache.ClearCache("WillStrohl.DNNHangout");
// synchronize the module settings
ModuleController.SynchronizeModule(ModuleId);
}
catch (Exception exc) //Module failed to load
{
Exceptions.ProcessModuleLoadException(this, exc);
}
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
PortalSettings portalSettings = PortalController.GetCurrentPortalSettings();
if (portalSettings != null && !String.IsNullOrEmpty(portalSettings.LogoFile))
{
IFileInfo fileInfo = FileManager.Instance.GetFile(portalSettings.PortalId, portalSettings.LogoFile);
if (fileInfo != null)
{
headerImage.ImageUrl = FileManager.Instance.GetUrl(fileInfo);
}
}
headerImage.Visible = !string.IsNullOrEmpty(headerImage.ImageUrl);
string localizedMessage;
var security = new PortalSecurity();
string status = security.InputFilter(Request.QueryString["status"],
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoMarkup);
if (!string.IsNullOrEmpty(status))
{
ManageError(status);
}
else
{
//get the last server error
var exc = Server.GetLastError();
try
{
if (Request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx"))
{
ErrorPlaceHolder.Controls.Add(new LiteralControl(HttpUtility.HtmlEncode(exc.ToString())));
}
else
{
var lex = new PageLoadException(exc.Message, exc);
Exceptions.LogException(lex);
localizedMessage = Localization.Localization.GetString("Error.Text", Localization.Localization.GlobalResourceFile);
ErrorPlaceHolder.Controls.Add(new ErrorContainer(portalSettings, localizedMessage, lex).Container);
}
}
catch
{
//No exception was found...you shouldn't end up here
//unless you go to this aspx page URL directly
localizedMessage = Localization.Localization.GetString("UnhandledError.Text", Localization.Localization.GlobalResourceFile);
ErrorPlaceHolder.Controls.Add(new LiteralControl(localizedMessage));
}
Response.StatusCode = 500;
}
localizedMessage = Localization.Localization.GetString("Return.Text", Localization.Localization.GlobalResourceFile);
hypReturn.Text = string.Format("<img src=\"{0}/images/lt.gif\" border=\"0\" /> {1}", Globals.ApplicationPath, localizedMessage);
}
protected void cmdUpdate_Click(object sender, EventArgs e)
{
try
{
if (Page.IsValid)
{
PortalSecurity security = new PortalSecurity();
ReviewInfo review = new ReviewInfo();
review = ((ReviewInfo)CBO.InitializeObject(review, typeof(ReviewInfo)));
review.ReviewID = _nav.ReviewID;
review.PortalID = PortalId;
review.ProductID = _nav.ProductID;
review.Rating = int.Parse(cmbRating.SelectedValue);
review.Comments = security.InputFilter(txtComments.Text, PortalSecurity.FilterFlag.NoMarkup);
review.Authorized = chkAuthorized.Checked;
string userName = txtUserName.Text;
if (!string.IsNullOrEmpty(userName))
{
review.UserName = security.InputFilter(userName, PortalSecurity.FilterFlag.NoMarkup);
}
else
{
review.UserName = Localization.GetString("Anonymous.Text", LocalResourceFile);
}
review.CreatedDate = DateTime.Now;
ReviewController controller = new ReviewController();
if (_nav.ReviewID == 0)
{
controller.AddReview(review);
}
else
{
controller.UpdateReview(review);
}
InvokeEditComplete();
}
}
catch (Exception ex)
{
Exceptions.ProcessModuleLoadException(this, ex);
}
}
/// <summary>
/// Handles the Click event of the cmdUpdate control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs" /> instance containing the event data.</param>
protected void cmdUpdate_Click(Object sender, EventArgs e)
{
FAQsController faqsController = new FAQsController();
CategoryInfo categoryItem = new CategoryInfo();
PortalSecurity objSecurity = new PortalSecurity();
int parentCategoryId = Convert.ToInt32(drpParentCategory.SelectedValue);
if (parentCategoryId < 0)
{
parentCategoryId = 0;
}
// We do not allow for script or markup
categoryItem.FaqCategoryParentId = parentCategoryId;
categoryItem.FaqCategoryName = objSecurity.InputFilter(txtCategoryName.Text, PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting);
categoryItem.FaqCategoryDescription = objSecurity.InputFilter(txtCategoryDescription.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup);
categoryItem.ModuleId = ModuleId;
try
{
RadTreeNode node = treeCategories.SelectedNode;
if (node != null)
{
categoryItem.FaqCategoryId = Convert.ToInt32(node.Value);
CategoryInfo originalCategoryItem = faqsController.GetCategory(categoryItem.FaqCategoryId);
categoryItem.ViewOrder = originalCategoryItem.ViewOrder;
faqsController.UpdateCategory(categoryItem);
}
else
{
categoryItem.ViewOrder = 999;
faqsController.AddCategory(categoryItem);
}
faqsController.ReorderCategory(categoryItem.FaqCategoryParentId, ModuleId);
Response.Redirect(Request.RawUrl);
}
catch (Exception exc) //Module failed to load
{
Exceptions.ProcessModuleLoadException(this, exc);
}
}
protected virtual void RenderViewMode(System.Web.UI.HtmlTextWriter writer)
{
string propValue = this.Page.Server.HtmlDecode(Convert.ToString(this.Value));
ControlStyle.AddAttributesToRender(writer);
writer.RenderBeginTag(HtmlTextWriterTag.Span);
PortalSecurity security = new PortalSecurity();
writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoScripting));
writer.RenderEndTag();
}
/// <Summary>
/// RenderViewMode renders the View (readonly) mode of the control
/// </Summary>
/// <Param name="writer">A HtmlTextWriter.</Param>
protected virtual void RenderViewMode(HtmlTextWriter writer)
{
string propValue = Convert.ToString(this.Value);
ControlStyle.AddAttributesToRender(writer);
writer.RenderBeginTag(HtmlTextWriterTag.Span);
PortalSecurity security = new PortalSecurity();
writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting));
writer.RenderEndTag();
}
private void UpdateTitle(object source, DNNLabelEditEventArgs e)
{
if (CanEditModule())
{
ModuleInfo moduleInfo = ModuleController.Instance.GetModule(ModuleControl.ModuleContext.ModuleId, ModuleControl.ModuleContext.TabId, false);
var ps = new PortalSecurity();
var mt = ps.InputFilter(e.Text, PortalSecurity.FilterFlag.NoScripting);
moduleInfo.ModuleTitle = mt;
ModuleController.Instance.UpdateModule(moduleInfo);
}
}
private static void AddEventLog(int portalId, string username, int userId, string portalName, string Ip, UserLoginStatus loginStatus)
{
Services.Log.EventLog.EventLogController objEventLog = new Services.Log.EventLog.EventLogController();
Services.Log.EventLog.LogInfo objEventLogInfo = new Services.Log.EventLog.LogInfo();
PortalSecurity objSecurity = new PortalSecurity();
objEventLogInfo.AddProperty("IP", Ip);
objEventLogInfo.LogPortalID = portalId;
objEventLogInfo.LogPortalName = portalName;
objEventLogInfo.LogUserName = objSecurity.InputFilter(username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup);
objEventLogInfo.LogUserID = userId;
objEventLogInfo.LogTypeKey = loginStatus.ToString();
objEventLog.AddLog(objEventLogInfo);
}
/// <summary>
/// UpdateUser persists a user to the Data Store
/// </summary>
/// <remarks>
/// </remarks>
/// <param name="user">The user to persist to the Data Store.</param>
/// <history>
/// [cnurse] 12/13/2005 created
/// </history>
public override void UpdateUser( UserInfo user )
{
PortalSecurity objSecurity = new PortalSecurity();
string firstName = objSecurity.InputFilter( user.FirstName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
string lastName = objSecurity.InputFilter( user.LastName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
string email = objSecurity.InputFilter( user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
string displayName = objSecurity.InputFilter( user.DisplayName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
bool updatePassword = user.Membership.UpdatePassword;
bool isApproved = user.Membership.Approved;
if( displayName == "" )
{
displayName = firstName + " " + lastName;
}
//Persist the DNN User to the Database
dataProvider.UpdateUser( user.UserID, user.PortalID, firstName, lastName, email, displayName, updatePassword, isApproved );
//Persist the Membership to the Data Store
UpdateUserMembership( user );
//Persist the Profile to the Data Store
ProfileController.UpdateUserProfile( user );
}
/// <summary>
/// CreateDNNUser persists the DNN User information to the Database
/// </summary>
/// <remarks>
/// </remarks>
/// <param name="user">The user to persist to the Data Store.</param>
/// <returns>The UserId of the newly created user.</returns>
/// <history>
/// [cnurse] 12/13/2005 created
/// </history>
private UserCreateStatus CreateDNNUser( ref UserInfo user )
{
PortalSecurity objSecurity = new PortalSecurity();
string userName = objSecurity.InputFilter( user.Username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
string email = objSecurity.InputFilter( user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
string lastName = objSecurity.InputFilter( user.LastName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
string firstName = objSecurity.InputFilter( user.FirstName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
UserCreateStatus createStatus = UserCreateStatus.Success;
string displayName = objSecurity.InputFilter( user.DisplayName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
bool updatePassword = user.Membership.UpdatePassword;
bool isApproved = user.Membership.Approved;
try
{
user.UserID = Convert.ToInt32( dataProvider.AddUser( user.PortalID, userName, firstName, lastName, user.AffiliateID, user.IsSuperUser, email, displayName, updatePassword, isApproved ) );
}
catch( Exception ex )
{
//Clear User (duplicate User information)
user = null;
createStatus = UserCreateStatus.ProviderError;
}
return createStatus;
}
protected virtual void RenderViewMode(System.Web.UI.HtmlTextWriter writer)
{
string propValue = this.Page.Server.HtmlDecode(Convert.ToString(this.Value));
ControlStyle.AddAttributesToRender(writer);
writer.RenderBeginTag(HtmlTextWriterTag.Span);
PortalSecurity security = new PortalSecurity();
writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoScripting));
writer.RenderEndTag();
}
/// <summary>
/// UpdateUserMembership persists a user's Membership to the Data Store
/// </summary>
/// <remarks>
/// </remarks>
/// <param name="user">The user to persist to the Data Store.</param>
/// <history>
/// [cnurse] 12/13/2005 created
/// </history>
private void UpdateUserMembership( UserInfo user )
{
PortalSecurity objSecurity = new PortalSecurity();
string email = objSecurity.InputFilter( user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
//Persist the Membership Properties to the AspNet Data Store
MembershipUser objMembershipUser;
objMembershipUser = System.Web.Security.Membership.GetUser( user.Username );
objMembershipUser.Email = email;
objMembershipUser.LastActivityDate = DateTime.Now;
objMembershipUser.IsApproved = user.Membership.Approved;
System.Web.Security.Membership.UpdateUser( objMembershipUser );
}
/// -----------------------------------------------------------------------------
/// <summary>
/// UpdateUser persists a user to the Data Store
/// </summary>
/// <remarks>
/// </remarks>
/// <param name="user">The user to persist to the Data Store.</param>
/// -----------------------------------------------------------------------------
public override void UpdateUser(UserInfo user)
{
var objSecurity = new PortalSecurity();
string firstName = objSecurity.InputFilter(user.FirstName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string lastName = objSecurity.InputFilter(user.LastName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string email = objSecurity.InputFilter(user.Email,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string displayName = objSecurity.InputFilter(user.DisplayName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
if (displayName.Contains("<"))
{
displayName = HttpUtility.HtmlEncode(displayName);
}
bool updatePassword = user.Membership.UpdatePassword;
bool isApproved = user.Membership.Approved;
if (String.IsNullOrEmpty(displayName))
{
displayName = firstName + " " + lastName;
}
//Persist the Membership to the Data Store
UpdateUserMembership(user);
//Persist the DNN User to the Database
_dataProvider.UpdateUser(user.UserID,
user.PortalID,
firstName,
lastName,
user.IsSuperUser,
email,
displayName,
user.VanityUrl,
updatePassword,
isApproved,
false,
user.LastIPAddress,
user.PasswordResetToken,
user.PasswordResetExpiration,
user.IsDeleted,
UserController.Instance.GetCurrentUserInfo().UserID);
//Persist the Profile to the Data Store
ProfileController.UpdateUserProfile(user);
}
private UserCreateStatus CreateDNNUser(ref UserInfo user)
{
var objSecurity = new PortalSecurity();
string userName = objSecurity.InputFilter(user.Username,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string email = objSecurity.InputFilter(user.Email,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string lastName = objSecurity.InputFilter(user.LastName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string firstName = objSecurity.InputFilter(user.FirstName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
var createStatus = UserCreateStatus.Success;
string displayName = objSecurity.InputFilter(user.DisplayName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
if (displayName.Contains("<"))
{
displayName = HttpUtility.HtmlEncode(displayName);
}
bool updatePassword = user.Membership.UpdatePassword;
bool isApproved = user.Membership.Approved;
try
{
user.UserID =
Convert.ToInt32(_dataProvider.AddUser(user.PortalID,
userName,
firstName,
lastName,
user.AffiliateID,
user.IsSuperUser,
email,
displayName,
updatePassword,
isApproved,
UserController.Instance.GetCurrentUserInfo().UserID));
}
catch (Exception ex)
{
//Clear User (duplicate User information)
Exceptions.LogException(ex);
user = null;
createStatus = UserCreateStatus.ProviderError;
}
return createStatus;
}
private static UserCreateStatus CreateMemberhipUser(UserInfo user)
{
var portalSecurity = new PortalSecurity();
string userName = portalSecurity.InputFilter(user.Username,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
string email = portalSecurity.InputFilter(user.Email,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
MembershipCreateStatus status;
if (MembershipProviderConfig.RequiresQuestionAndAnswer)
{
System.Web.Security.Membership.CreateUser(userName,
user.Membership.Password,
email,
user.Membership.PasswordQuestion,
user.Membership.PasswordAnswer,
true,
out status);
}
else
{
System.Web.Security.Membership.CreateUser(userName,
user.Membership.Password,
email,
null,
null,
true,
out status);
}
var createStatus = UserCreateStatus.Success;
switch (status)
{
case MembershipCreateStatus.DuplicateEmail:
createStatus = UserCreateStatus.DuplicateEmail;
break;
case MembershipCreateStatus.DuplicateProviderUserKey:
createStatus = UserCreateStatus.DuplicateProviderUserKey;
break;
case MembershipCreateStatus.DuplicateUserName:
createStatus = UserCreateStatus.DuplicateUserName;
break;
case MembershipCreateStatus.InvalidAnswer:
createStatus = UserCreateStatus.InvalidAnswer;
break;
case MembershipCreateStatus.InvalidEmail:
createStatus = UserCreateStatus.InvalidEmail;
break;
case MembershipCreateStatus.InvalidPassword:
createStatus = UserCreateStatus.InvalidPassword;
break;
case MembershipCreateStatus.InvalidProviderUserKey:
createStatus = UserCreateStatus.InvalidProviderUserKey;
break;
case MembershipCreateStatus.InvalidQuestion:
createStatus = UserCreateStatus.InvalidQuestion;
break;
case MembershipCreateStatus.InvalidUserName:
createStatus = UserCreateStatus.InvalidUserName;
break;
case MembershipCreateStatus.ProviderError:
createStatus = UserCreateStatus.ProviderError;
break;
case MembershipCreateStatus.UserRejected:
createStatus = UserCreateStatus.UserRejected;
break;
}
return createStatus;
}
/// -----------------------------------------------------------------------------
/// <summary>
/// UpdateUserProfile persists a user's Profile to the Data Store
/// </summary>
/// <remarks>
/// </remarks>
/// <param name="user">The user to persist to the Data Store.</param>
/// -----------------------------------------------------------------------------
public override void UpdateUserProfile(UserInfo user)
{
ProfilePropertyDefinitionCollection properties = user.Profile.ProfileProperties;
//Ensure old and new TimeZone properties are in synch
var newTimeZone = properties["PreferredTimeZone"];
var oldTimeZone = properties["TimeZone"];
if (oldTimeZone != null && newTimeZone != null)
{ //preference given to new property, if new is changed then old should be updated as well.
if (newTimeZone.IsDirty && !string.IsNullOrEmpty(newTimeZone.PropertyValue))
{
var timeZoneInfo = TimeZoneInfo.FindSystemTimeZoneById(newTimeZone.PropertyValue);
if (timeZoneInfo != null)
oldTimeZone.PropertyValue = timeZoneInfo.BaseUtcOffset.TotalMinutes.ToString(CultureInfo.InvariantCulture);
}
//however if old is changed, we need to update new as well
else if (oldTimeZone.IsDirty)
{
int oldOffset;
int.TryParse(oldTimeZone.PropertyValue, out oldOffset);
newTimeZone.PropertyValue = Localization.ConvertLegacyTimeZoneOffsetToTimeZoneInfo(oldOffset).Id;
}
}
foreach (ProfilePropertyDefinition profProperty in properties)
{
if ((profProperty.PropertyValue != null) && (profProperty.IsDirty))
{
var objSecurity = new PortalSecurity();
string propertyValue = objSecurity.InputFilter(profProperty.PropertyValue, PortalSecurity.FilterFlag.NoScripting);
_dataProvider.UpdateProfileProperty(Null.NullInteger, user.UserID, profProperty.PropertyDefinitionId,
propertyValue, (int) profProperty.ProfileVisibility.VisibilityMode,
profProperty.ProfileVisibility.ExtendedVisibilityString(), DateTime.Now);
var objEventLog = new EventLogController();
objEventLog.AddLog(user, PortalController.GetCurrentPortalSettings(), UserController.GetCurrentUserInfo().UserID, "", "USERPROFILE_UPDATED");
}
}
}
private static void UpdateUserMembership(UserInfo user)
{
var portalSecurity = new PortalSecurity();
string email = portalSecurity.InputFilter(user.Email,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
//Persist the Membership Properties to the AspNet Data Store
MembershipUser membershipUser = System.Web.Security.Membership.GetUser(user.Username);
membershipUser.Email = email;
membershipUser.LastActivityDate = DateTime.Now;
if (user.IsSuperUser)
{
membershipUser.IsApproved = user.Membership.Approved;
}
System.Web.Security.Membership.UpdateUser(membershipUser);
DataCache.RemoveCache(GetCacheKey(user.Username));
}
