/// <summary> /// 过滤get方式参数(url中参数) /// </summary> protected void FilterGetArgs(HttpApplication application) { System.Text.StringBuilder msg = new System.Text.StringBuilder(); if (application != null) { String requestUrl = application.Context.Request.Url.AbsoluteUri; msg.Append("FilterGetArgs\r\n"); msg.Append(requestUrl + "\r\n"); if (requestUrl.IndexOf("?") > 0) { NameValueCollection queryCollection = application.Context.Request.QueryString; String queryString = application.Context.Request.Url.Query; msg.Append(queryString + "\r\n"); queryString = HttpUtility.UrlDecode(queryString); msg.Append(queryString + "\r\n"); if (FilterUtility.IsHasExceptionTags(queryString)) { String redirectUrl, queryParams = String.Empty; redirectUrl = requestUrl.Substring(0, requestUrl.IndexOf("?")); foreach (String key in queryCollection.Keys) { if (String.IsNullOrEmpty(key)) { continue; } if (FilterUtility.IsHasExceptionTags(key)) { continue; } String keyValue = queryCollection[key]; keyValue = FilterUtility.FilterExceptionTags(keyValue); queryParams += String.Format("{0}={1}&", key, HttpUtility.UrlEncode(keyValue)); } if (!String.IsNullOrEmpty(queryParams)) { redirectUrl += "?" + queryParams.TrimEnd(new char[] { '&' }); } application.Context.Response.Redirect(redirectUrl); } } } log(msg.ToString()); }
/// <summary> /// 过滤post表单中参数 /// </summary> protected void FilterPostArgs(HttpApplication application) { System.Text.StringBuilder msg = new System.Text.StringBuilder(); msg.Append("FilterPostArgs\r\n"); if (application != null) { NameValueCollection formCollection = application.Context.Request.Form; foreach (String key in formCollection.Keys) { if (FilterUtility.IsHasExceptionTags(key)) { application.Context.Response.Redirect("ErrorInfo.aspx?ErroInfo=" + HttpUtility.UrlEncode("提交表单中含有非法字符")); } String keyValue = formCollection[key]; if (FilterUtility.IsHasExceptionTags(keyValue)) { application.Context.Response.Redirect("ErrorInfo.aspx?ErroInfo=" + HttpUtility.UrlEncode("提交表单中含有非法字符")); } } } log(msg.ToString()); }