public static void SaveAttributes(IAttributes attributes, SiteInfo siteInfo, List <TableStyleInfo> styleInfoList, NameValueCollection formCollection, List <string> dontAddAttributesLowercase)
{
if (dontAddAttributesLowercase == null)
{
dontAddAttributesLowercase = new List <string>();
}
foreach (var styleInfo in styleInfoList)
{
if (dontAddAttributesLowercase.Contains(styleInfo.AttributeName.ToLower()))
{
continue;
}
//var theValue = GetValueByForm(styleInfo, siteInfo, formCollection);
var theValue = formCollection[styleInfo.AttributeName] ?? string.Empty;
var inputType = styleInfo.InputType;
if (inputType == InputType.TextEditor)
{
theValue = ContentUtility.TextEditorContentEncode(siteInfo, theValue);
theValue = UEditorUtils.TranslateToStlElement(theValue);
}
if (inputType != InputType.TextEditor && inputType != InputType.Image && inputType != InputType.File && inputType != InputType.Video && styleInfo.AttributeName != ContentAttribute.LinkUrl)
{
theValue = AttackUtils.FilterSqlAndXss(theValue);
}
attributes.Set(styleInfo.AttributeName, theValue);
//TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, styleInfo.AttributeName, theValue);
if (styleInfo.Additional.IsFormatString)
{
var formatString = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatStrong"]);
var formatEm = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatEM"]);
var formatU = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatU"]);
var formatColor = formCollection[styleInfo.AttributeName + "_formatColor"];
var theFormatString = ContentUtility.GetTitleFormatString(formatString, formatEm, formatU, formatColor);
attributes.Set(ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName), theFormatString);
//TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName), theFormatString);
}
if (inputType == InputType.Image || inputType == InputType.File || inputType == InputType.Video)
{
var attributeName = ContentAttribute.GetExtendAttributeName(styleInfo.AttributeName);
attributes.Set(attributeName, formCollection[attributeName]);
//TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, attributeName, formCollection[attributeName]);
}
}
}
public IHttpActionResult Main()
{
try
{
var request = new AuthenticatedRequest();
var siteId = request.GetPostInt("siteId");
var pageChannelId = request.GetPostInt("pageChannelId");
if (pageChannelId == 0)
{
pageChannelId = siteId;
}
var pageContentId = request.GetPostInt("pageContentId");
var pageTemplateId = request.GetPostInt("pageTemplateId");
var isPageRefresh = request.GetPostBool("isPageRefresh");
var templateContent = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("templateContent"));
var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId"));
var channelId = request.GetPostInt("channelId");
if (channelId == 0)
{
channelId = pageChannelId;
}
var contentId = request.GetPostInt("contentId");
if (contentId == 0)
{
contentId = pageContentId;
}
var pageUrl = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl"));
var pageIndex = request.GetPostInt("pageNum");
if (pageIndex > 0)
{
pageIndex--;
}
var queryString = PageUtils.GetQueryStringFilterXss(PageUtils.UrlDecode(HttpContext.Current.Request.RawUrl));
queryString.Remove("siteId");
return(Ok(new
{
Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, pageTemplateId, isPageRefresh, templateContent, pageUrl, pageIndex, ajaxDivId, queryString, request.UserInfo)
}));
}
catch (Exception ex)
{
return(InternalServerError(ex));
}
}
public static string ParseRequestEntities(NameValueCollection queryString, string templateContent)
{
if (queryString != null && queryString.Count > 0)
{
foreach (string key in queryString.Keys)
{
var value = queryString[key];
value = WebUtility.UrlDecode(value);
value = AttackUtils.FilterSqlAndXss(value);
templateContent = StringUtils.ReplaceIgnoreCase(templateContent, $"{{Request.{key}}}", value);
}
}
return(RegexUtils.Replace("{Request.[^}]+}", templateContent, string.Empty));
}
private static NameValueCollection GetQueryStringFilterSqlAndXss(string url)
{
if (string.IsNullOrEmpty(url) || url.IndexOf("?", StringComparison.Ordinal) == -1)
{
return(new NameValueCollection());
}
var attributes = new NameValueCollection();
var querystring = url.Substring(url.IndexOf("?", StringComparison.Ordinal) + 1);
var originals = TranslateUtils.ToNameValueCollection(querystring);
foreach (string key in originals.Keys)
{
attributes[key] = AttackUtils.FilterSqlAndXss(originals[key]);
}
return(attributes);
}
public IHttpActionResult Main()
{
try
{
var request = new AuthRequest();
var siteId = request.GetPostInt("siteId");
var channelId = request.GetPostInt("channelId");
var contentId = request.GetPostInt("contentId");
var templateId = request.GetPostInt("templateId");
var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId"));
var pageUrl = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl"));
var testType = AttackUtils.FilterSqlAndXss(request.GetPostString("testType"));
//var testValue = PageUtils.FilterSqlAndXss(request.GetPostString("testValue"));
//var testOperate = PageUtils.FilterSqlAndXss(request.GetPostString("testOperate"));
var successTemplate = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("successTemplate"));
var failureTemplate = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("failureTemplate"));
var isSuccess = false;
if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsUserLoggin))
{
isSuccess = request.IsUserLoggin;
}
else if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsAdministratorLoggin))
{
isSuccess = request.IsAdminLoggin;
}
else if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsUserOrAdministratorLoggin))
{
isSuccess = request.IsUserLoggin || request.IsAdminLoggin;
}
return(Ok(new
{
Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, templateId, false, isSuccess ? successTemplate : failureTemplate, pageUrl, 0, ajaxDivId, null, request.UserInfo)
}));
}
catch (Exception ex)
{
return(InternalServerError(ex));
}
}
public IHttpActionResult Main()
{
PageInfo pageInfo = null;
var template = string.Empty;
try
{
var request = new RequestImpl();
var form = GetPostCollection(request);
var isAllSites = request.GetPostBool(StlSearch.IsAllSites.ToLower());
var siteName = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteName.ToLower()));
var siteDir = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteDir.ToLower()));
var siteIds = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.SiteIds.ToLower()));
var channelIndex = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelIndex.ToLower()));
var channelName = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelName.ToLower()));
var channelIds = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.ChannelIds.ToLower()));
var type = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Type.ToLower()));
var word = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Word.ToLower()));
var dateAttribute = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateAttribute.ToLower()));
var dateFrom = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateFrom.ToLower()));
var dateTo = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.DateTo.ToLower()));
var since = AttackUtils.FilterSqlAndXss(request.GetPostString(StlSearch.Since.ToLower()));
var pageNum = request.GetPostInt(StlSearch.PageNum.ToLower());
var isHighlight = request.GetPostBool(StlSearch.IsHighlight.ToLower());
var siteId = request.GetPostInt("siteid");
var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxdivid"));
template = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("template"));
var pageIndex = request.GetPostInt("page", 1) - 1;
var templateInfo = new TemplateInfo(0, siteId, string.Empty, TemplateType.FileTemplate, string.Empty, string.Empty, string.Empty, ECharset.utf_8, false);
var siteInfo = SiteManager.GetSiteInfo(siteId);
pageInfo = new PageInfo(siteId, 0, siteInfo, templateInfo, new Dictionary <string, object>())
{
UserInfo = request.UserInfo
};
var contextInfo = new ContextInfo(pageInfo);
var contentBuilder = new StringBuilder(StlRequestEntities.ParseRequestEntities(form, template));
var stlLabelList = StlParserUtility.GetStlLabelList(contentBuilder.ToString());
if (StlParserUtility.IsStlElementExists(StlPageContents.ElementName, stlLabelList))
{
var stlElement = StlParserUtility.GetStlElement(StlPageContents.ElementName, stlLabelList);
var stlPageContentsElement = stlElement;
var stlPageContentsElementReplaceString = stlElement;
var whereString = DataProvider.ContentDao.GetWhereStringByStlSearch(isAllSites, siteName, siteDir, siteIds, channelIndex, channelName, channelIds, type, word, dateAttribute, dateFrom, dateTo, since, siteId, ApiRouteActionsSearch.ExlcudeAttributeNames, form);
var stlPageContents = new StlPageContents(stlPageContentsElement, pageInfo, contextInfo, pageNum, siteInfo.TableName, whereString);
var pageCount = stlPageContents.GetPageCount(out var totalNum);
if (totalNum == 0)
{
return(NotFound());
}
for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++)
{
if (currentPageIndex != pageIndex)
{
continue;
}
var pageHtml = stlPageContents.Parse(totalNum, currentPageIndex, pageCount, false);
var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageContentsElementReplaceString, pageHtml));
StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum);
if (isHighlight && !string.IsNullOrEmpty(word))
{
var pagedContents = pagedBuilder.ToString();
pagedBuilder = new StringBuilder();
pagedBuilder.Append(RegexUtils.Replace(
$"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents,
$"<span style='color:#cc0000'>{word}</span>"));
}
Parser.Parse(pageInfo, contextInfo, pagedBuilder, string.Empty, false);
return(Ok(pagedBuilder.ToString()));
}
}
else if (StlParserUtility.IsStlElementExists(StlPageSqlContents.ElementName, stlLabelList))
{
var stlElement = StlParserUtility.GetStlElement(StlPageSqlContents.ElementName, stlLabelList);
var stlPageSqlContents = new StlPageSqlContents(stlElement, pageInfo, contextInfo);
var pageCount = stlPageSqlContents.GetPageCount(out var totalNum);
if (totalNum == 0)
{
return(NotFound());
}
for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++)
{
if (currentPageIndex != pageIndex)
{
continue;
}
var pageHtml = stlPageSqlContents.Parse(totalNum, currentPageIndex, pageCount, false);
var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlElement, pageHtml));
StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum);
if (isHighlight && !string.IsNullOrEmpty(word))
{
var pagedContents = pagedBuilder.ToString();
pagedBuilder = new StringBuilder();
pagedBuilder.Append(RegexUtils.Replace(
$"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents,
$"<span style='color:#cc0000'>{word}</span>"));
}
Parser.Parse(pageInfo, contextInfo, pagedBuilder, string.Empty, false);
return(Ok(pagedBuilder.ToString()));
}
}
Parser.Parse(pageInfo, contextInfo, contentBuilder, string.Empty, false);
return(Ok(contentBuilder.ToString()));
}
catch (Exception ex)
{
var message = LogUtils.AddStlErrorLog(pageInfo, StlSearch.ElementName, template, ex);
return(BadRequest(message));
}
}
public void Page_Load(object sender, EventArgs e)
{
if (IsForbidden)
{
return;
}
PageUtils.CheckRequestParameter("siteId", "channelId", "ReturnUrl");
_channelId = AuthRequest.GetQueryInt("channelId");
ReturnUrl = StringUtils.ValueFromUrl(AttackUtils.FilterSqlAndXss(AuthRequest.GetQueryString("ReturnUrl")));
//if (!base.HasChannelPermissions(this.channelId, AppManager.CMS.Permission.Channel.ChannelAdd))
//{
// PageUtils.RedirectToErrorPage("您没有添加栏目的权限!");
// return;
//}
var parentNodeInfo = ChannelManager.GetChannelInfo(SiteId, _channelId);
if (parentNodeInfo.Additional.IsChannelAddable == false)
{
PageUtils.RedirectToErrorPage("此栏目不能添加子栏目!");
return;
}
CacAttributes.SiteInfo = SiteInfo;
CacAttributes.ChannelId = _channelId;
if (!IsPostBack)
{
ChannelManager.AddListItems(DdlParentChannelId.Items, SiteInfo, true, true, AuthRequest.AdminPermissionsImpl);
ControlUtils.SelectSingleItem(DdlParentChannelId, _channelId.ToString());
DdlContentModelPluginId.Items.Add(new ListItem("<默认>", string.Empty));
var contentTables = PluginContentManager.GetContentModelPlugins();
foreach (var contentTable in contentTables)
{
DdlContentModelPluginId.Items.Add(new ListItem(contentTable.Title, contentTable.Id));
}
ControlUtils.SelectSingleItem(DdlContentModelPluginId, parentNodeInfo.ContentModelPluginId);
var plugins = PluginContentManager.GetAllContentRelatedPlugins(false);
if (plugins.Count > 0)
{
foreach (var pluginMetadata in plugins)
{
CblContentRelatedPluginIds.Items.Add(new ListItem(pluginMetadata.Title, pluginMetadata.Id));
}
}
else
{
PhContentRelatedPluginIds.Visible = false;
}
CacAttributes.Attributes = new AttributesImpl();
TbImageUrl.Attributes.Add("onchange", GetShowImageScript("preview_NavigationPicPath", SiteInfo.Additional.WebUrl));
var showPopWinString = ModalFilePathRule.GetOpenWindowString(SiteId, _channelId, true, TbChannelFilePathRule.ClientID);
BtnCreateChannelRule.Attributes.Add("onclick", showPopWinString);
showPopWinString = ModalFilePathRule.GetOpenWindowString(SiteId, _channelId, false, TbContentFilePathRule.ClientID);
BtnCreateContentRule.Attributes.Add("onclick", showPopWinString);
showPopWinString = ModalSelectImage.GetOpenWindowString(SiteInfo, TbImageUrl.ClientID);
BtnSelectImage.Attributes.Add("onclick", showPopWinString);
showPopWinString = ModalUploadImage.GetOpenWindowString(SiteId, TbImageUrl.ClientID);
BtnUploadImage.Attributes.Add("onclick", showPopWinString);
ELinkTypeUtils.AddListItems(DdlLinkType);
ETaxisTypeUtils.AddListItemsForChannelEdit(DdlTaxisType);
ControlUtils.SelectSingleItem(DdlTaxisType, ETaxisTypeUtils.GetValue(ETaxisType.OrderByTaxisDesc));
ControlUtils.AddListControlItems(CblNodeGroupNameCollection, ChannelGroupManager.GetGroupNameList(SiteId));
//CblNodeGroupNameCollection.DataSource = DataProvider.ChannelGroupDao.GetDataSource(SiteId);
DdlChannelTemplateId.DataSource = DataProvider.TemplateDao.GetDataSourceByType(SiteId, TemplateType.ChannelTemplate);
DdlContentTemplateId.DataSource = DataProvider.TemplateDao.GetDataSourceByType(SiteId, TemplateType.ContentTemplate);
DataBind();
DdlChannelTemplateId.Items.Insert(0, new ListItem("<默认>", "0"));
DdlChannelTemplateId.Items[0].Selected = true;
DdlContentTemplateId.Items.Insert(0, new ListItem("<默认>", "0"));
DdlContentTemplateId.Items[0].Selected = true;
TbContent.SetParameters(SiteInfo, ChannelAttribute.Content, string.Empty);
}
else
{
CacAttributes.Attributes = new AttributesImpl(Request.Form);
}
}
