public override void SaveDataFields(MvcPostValue MvcPost, MvcResult result) { //wangxg 19.8 string val = ""; foreach (var item in MvcPost.BizObject.DataItems) { val += item.Value.V; } string msg = ""; bool isInject = new DongZheng.H3.WebApi.Controllers.XssAttribute().IsContainXSSCharacter(val, out msg); if (isInject) { result.Successful = false; result.Errors.Add("检测到SQL敏感字符"); return; } isInject = new DongZheng.H3.WebApi.Controllers.SqlInjectAttribute().IsSqlInjectCharacter(val, out msg); if (isInject) { result.Successful = false; result.Errors.Add("检测到XSS敏感字符"); return; } // 保存后,后台执行事件 base.SaveDataFields(MvcPost, result); }
/// <summary> /// 保存表单数据到引擎中 /// </summary> /// <param name="Args"></param> public override void SaveDataFields(MvcPostValue MvcPost, MvcResult result) { try { MvcDataItem type = new MvcDataItem(); MvcPost.BizObject.DataItems.TryGetValue("APPLICANT_TYPE", out type); var dataJson = JsonConvert.SerializeObject(MvcPost.BizObject.DataItems); var r = JsonConvert.DeserializeObject <List <System.Collections.Generic.Dictionary <object, object> > >(JsonConvert.SerializeObject(type.V)); if (r.Count() > 0) { var name = r[0]["NAME1"] + string.Empty; string msg = ""; bool isInject = new DongZheng.H3.WebApi.Controllers.XssAttribute().IsContainXSSCharacter(name, out msg); if (isInject) { result.Successful = false; result.Errors.Add("检测到SQL敏感字符"); return; } isInject = new DongZheng.H3.WebApi.Controllers.SqlInjectAttribute().IsSqlInjectCharacter(name, out msg); if (isInject) { result.Successful = false; result.Errors.Add("检测到XSS敏感字符"); return; } } } catch (Exception ex) { } // 保存后,后台执行事件 base.SaveDataFields(MvcPost, result); string Command = Request["Command"] + string.Empty; //1.判断是否成功保存 if (result.Successful && Command.ToLower() == MvcController.Button_Submit) { var version = 1; var tokenId = 1; var fields = this.ActionContext.Schema.Fields; var sheetDataType = this.ActionContext.SheetDataType; var clientActivity = (H3.WorkflowTemplate.ClientActivity) this.ActionContext.ActivityTemplate; var context = this.ActionContext.Engine.InstanceManager.GetInstanceContext(this.ActionContext.InstanceId); if (context != null) { var tokens = context.GetTokens("Activity2", Instance.TokenState.Unspecified).OrderByDescending(p => p.CreatedTime); version = tokens.Count() == 0 ? 1 : tokens.Count(); tokenId = tokens.Count() == 0 ? 1 : tokens.FirstOrDefault().TokenId; } var instanceId = this.ActionContext.InstanceId; //2.记录数据变动日志 Task.Run(() => { var trackResult = new DataLogger().DataTrack(MvcPost, fields, sheetDataType, clientActivity); string sql = "insert into H3.c_fidatatrack(objectid,instanceid,verson,activitycode,datatrack,tokenid,createdtime) values('" + Guid.NewGuid().ToString() + "','" + instanceId + "','" + version + "','Activity2',:content,'" + tokenId + "',to_date('" + DateTime.Now + "','yyyy/mm/dd HH24:MI:SS'))"; try { var i = 0; string connectionCode = "Engine"; var dbObject = AppUtility.Engine.SettingManager.GetBizDbConnectionConfig(connectionCode); OracleConnection connection = new OracleConnection(dbObject.DbConnectionString); connection.Open(); OracleCommand Cmd = new OracleCommand(sql, connection); OracleParameter Temp = new OracleParameter("content", OracleType.NClob); Temp.Direction = ParameterDirection.Input; Temp.Value = trackResult; Cmd.Parameters.Add(Temp); i = Cmd.ExecuteNonQuery(); connection.Close(); } catch (Exception ex) { AppUtility.Engine.LogWriter.Write("保存风控报告数据异常:" + ex.ToString()); } }).GetAwaiter(); } }