Esempio n. 1
0
        private bool CanPerformProfilingAction(object sender)
        {
            if (GlobalSettings.DebugMode == false)
            {
                return(false);
            }

            //will not run in medium trust
            if (SystemUtilities.GetCurrentTrustLevel() < AspNetHostingPermissionLevel.High)
            {
                return(false);
            }

            var request = TryGetRequest(sender);

            if (request.Success == false || request.Result.Url.IsClientSideRequest())
            {
                return(false);
            }

            if (string.IsNullOrEmpty(request.Result.QueryString["umbDebug"]))
            {
                return(true);
            }

            if (request.Result.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath))
            {
                return(true);
            }

            return(true);
        }
 // this exists only for legacy reasons - we should just pass the server identity un-hashed
 public static string GetCurrentServerHash()
 {
     if (SystemUtilities.GetCurrentTrustLevel() != System.Web.AspNetHostingPermissionLevel.Unrestricted)
     {
         throw new NotSupportedException("FullTrust ASP.NET permission level is required.");
     }
     return(GetServerHash(NetworkHelper.MachineName, System.Web.HttpRuntime.AppDomainAppId));
 }
Esempio n. 3
0
 protected void Application_End(object sender, EventArgs e)
 {
     if (SystemUtilities.GetCurrentTrustLevel() == AspNetHostingPermissionLevel.Unrestricted)
     {
         LogHelper.Info <UmbracoApplication>("Application shutdown. Reason: " + HostingEnvironment.ShutdownReason);
     }
     OnApplicationEnd(sender, e);
 }
Esempio n. 4
0
        /// <summary>
        /// Handle the Init event o fthe UmbracoApplication which allows us to subscribe to the HttpApplication events
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        void UmbracoApplicationApplicationInit(object sender, EventArgs e)
        {
            var app = sender as HttpApplication;

            if (app == null)
            {
                return;
            }

            if (SystemUtilities.GetCurrentTrustLevel() < AspNetHostingPermissionLevel.High)
            {
                //If we don't have a high enough trust level we cannot bind to the events
                LogHelper.Info <WebProfiler>("Cannot start the WebProfiler since the application is running in Medium trust");
            }
            else
            {
                app.BeginRequest += UmbracoApplicationBeginRequest;
                app.EndRequest   += UmbracoApplicationEndRequest;
            }
        }
        private bool ShouldProfile(object sender)
        {
            if (GlobalSettings.DebugMode == false)
            {
                return(false);
            }

            //will not run in medium trust
            if (SystemUtilities.GetCurrentTrustLevel() < AspNetHostingPermissionLevel.High)
            {
                return(false);
            }

            var request = TryGetRequest(sender);

            if (request.Success == false || request.Result.Url.IsClientSideRequest())
            {
                return(false);
            }

            //if there is an umbDebug query string than profile it
            bool umbDebug;

            if (string.IsNullOrEmpty(request.Result.QueryString["umbDebug"]) == false && bool.TryParse(request.Result.QueryString["umbDebug"], out umbDebug))
            {
                return(true);
            }

            //if there is an umbDebug header than profile it
            if (string.IsNullOrEmpty(request.Result.Headers["X-UMB-DEBUG"]) == false && bool.TryParse(request.Result.Headers["X-UMB-DEBUG"], out umbDebug))
            {
                return(true);
            }

            //everything else is ok to profile
            return(false);
        }
Esempio n. 6
0
        public static string MacroContentByHttp(int pageId, Guid pageVersion, Hashtable attributes, IMacroService macroService)
        {
            // though... we only support FullTrust now?
            if (SystemUtilities.GetCurrentTrustLevel() != AspNetHostingPermissionLevel.Unrestricted)
            {
                return("<span style='color: red'>Cannot render macro content in the rich text editor when the application is running in a Partial Trust environment</span>");
            }

            var tempAlias = attributes["macroalias"]?.ToString() ?? attributes["macroAlias"].ToString();

            var m = macroService.GetByAlias(tempAlias);

            if (m == null)
            {
                return(string.Empty);
            }
            var macro = new MacroModel(m);

            if (macro.RenderInEditor == false)
            {
                return(ShowNoMacroContent(macro));
            }

            var querystring = $"umbPageId={pageId}&umbVersionId={pageVersion}";
            var ide         = attributes.GetEnumerator();

            while (ide.MoveNext())
            {
                querystring += $"&umb_{ide.Key}={HttpContext.Current.Server.UrlEncode((ide.Value ?? String.Empty).ToString())}";
            }

            // create a new 'HttpWebRequest' object to the mentioned URL.
            var useSsl         = Current.Configs.Global().UseHttps;
            var protocol       = useSsl ? "https" : "http";
            var currentRequest = HttpContext.Current.Request;
            var serverVars     = currentRequest.ServerVariables;
            var umbracoDir     = IOHelper.ResolveUrl(SystemDirectories.Umbraco);
            var url            = $"{protocol}://{serverVars["SERVER_NAME"]}:{serverVars["SERVER_PORT"]}{umbracoDir}/macroResultWrapper.aspx?{querystring}";

            var myHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);

            // allows for validation of SSL conversations (to bypass SSL errors in debug mode!)
            ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;

            // propagate the user's context
            // TODO: this is the worst thing ever.
            // also will not work if people decide to put their own custom auth system in place.
            var inCookie = currentRequest.Cookies[Current.Configs.Settings().Security.AuthCookieName];

            if (inCookie == null)
            {
                throw new NullReferenceException("No auth cookie found");
            }
            var cookie = new Cookie(inCookie.Name, inCookie.Value, inCookie.Path, serverVars["SERVER_NAME"]);

            myHttpWebRequest.CookieContainer = new CookieContainer();
            myHttpWebRequest.CookieContainer.Add(cookie);

            // assign the response object of 'HttpWebRequest' to a 'HttpWebResponse' variable.
            HttpWebResponse myHttpWebResponse = null;
            var             text = string.Empty;

            try
            {
                myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse();
                if (myHttpWebResponse.StatusCode == HttpStatusCode.OK)
                {
                    var streamResponse = myHttpWebResponse.GetResponseStream();
                    if (streamResponse == null)
                    {
                        throw new Exception("Internal error, no response stream.");
                    }
                    var streamRead = new StreamReader(streamResponse);
                    var readBuff   = new char[256];
                    var count      = streamRead.Read(readBuff, 0, 256);
                    while (count > 0)
                    {
                        var outputData = new string(readBuff, 0, count);
                        text += outputData;
                        count = streamRead.Read(readBuff, 0, 256);
                    }

                    streamResponse.Close();
                    streamRead.Close();

                    // find the content of a form
                    const string grabStart = "<!-- grab start -->";
                    const string grabEnd   = "<!-- grab end -->";

                    var grabStartPos = text.InvariantIndexOf(grabStart) + grabStart.Length;
                    var grabEndPos   = text.InvariantIndexOf(grabEnd) - grabStartPos;
                    text = text.Substring(grabStartPos, grabEndPos);
                }
                else
                {
                    text = ShowNoMacroContent(macro);
                }
            }
            catch (Exception)
            {
                text = ShowNoMacroContent(macro);
            }
            finally
            {
                // release the HttpWebResponse Resource.
                myHttpWebResponse?.Close();
            }

            return(text.Replace("\n", string.Empty).Replace("\r", string.Empty));
        }