/// <summary>
/// cmdUpdate_Click runs when the Update button is clicked
/// </summary>
/// <history>
/// [cnurse] 01/17/2005 documented
/// </history>
protected void cmdUpdate_Click(Object sender, EventArgs e)
{
try
{
string strAlias = txtAlias.Text;
if (!String.IsNullOrEmpty(strAlias))
{
if (strAlias.IndexOf("://") != -1)
{
strAlias = strAlias.Remove(0, strAlias.IndexOf("://") + 3);
}
if (strAlias.IndexOf("\\\\") != -1)
{
strAlias = strAlias.Remove(0, strAlias.IndexOf("\\\\") + 2);
}
PortalAliasController p = new PortalAliasController();
if (ViewState["PortalAliasID"] != null)
{
PortalAliasInfo objPortalAliasInfo = new PortalAliasInfo();
objPortalAliasInfo.PortalAliasID = Convert.ToInt32(ViewState["PortalAliasID"]);
objPortalAliasInfo.PortalID = Convert.ToInt32(ViewState["PortalID"]);
objPortalAliasInfo.HTTPAlias = strAlias;
try
{
p.UpdatePortalAliasInfo(objPortalAliasInfo);
}
catch
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("DuplicateAlias", this.LocalResourceFile), ModuleMessageType.RedError);
return;
}
}
else
{
PortalAliasInfo objPortalAliasInfo;
objPortalAliasInfo = p.GetPortalAlias(strAlias, Convert.ToInt32(ViewState["PortalAliasID"]));
if (objPortalAliasInfo == null)
{
objPortalAliasInfo = new PortalAliasInfo();
objPortalAliasInfo.PortalID = Convert.ToInt32(ViewState["PortalID"]);
objPortalAliasInfo.HTTPAlias = strAlias;
p.AddPortalAlias(objPortalAliasInfo);
}
else
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("DuplicateAlias", this.LocalResourceFile), ModuleMessageType.RedError);
return;
}
}
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("Success", this.LocalResourceFile), ModuleMessageType.GreenSuccess);
Response.Redirect(Convert.ToString(ViewState["UrlReferrer"]), true);
}
}
catch (Exception exc) //Module failed to load
{
Exceptions.ProcessModuleLoadException(this, exc);
}
}
protected string AddPortalAlias(string portalAlias, int portalID)
{
if (!String.IsNullOrEmpty(portalAlias))
{
if (portalAlias.IndexOf("://") != -1)
{
portalAlias = portalAlias.Remove(0, portalAlias.IndexOf("://") + 3);
}
var objPortalAliasController = new PortalAliasController();
var objPortalAlias = objPortalAliasController.GetPortalAlias(portalAlias, portalID);
if (objPortalAlias == null)
{
objPortalAlias = new PortalAliasInfo {
PortalID = portalID, HTTPAlias = portalAlias
};
objPortalAliasController.AddPortalAlias(objPortalAlias);
}
}
return(portalAlias);
}
public void OnBeginRequest(object s, EventArgs e)
{
var app = (HttpApplication)s;
var server = app.Server;
var request = app.Request;
var response = app.Response;
var requestedPath = app.Request.Url.AbsoluteUri;
if (RewriterUtils.OmitFromRewriteProcessing(request.Url.LocalPath))
{
return;
}
//'Carry out first time initialization tasks
Initialize.Init(app);
if (request.Url.LocalPath.ToLower().Contains("/install/install.aspx") ||
request.Url.LocalPath.ToLower().Contains("/install/upgradewizard.aspx") ||
request.Url.LocalPath.ToLower().Contains("/install/installwizard.aspx") ||
request.Url.LocalPath.ToLower().Contains("captcha.aspx") ||
request.Url.LocalPath.ToLower().Contains("scriptresource.axd") ||
request.Url.LocalPath.ToLower().Contains("webresource.axd") ||
request.Url.LocalPath.ToLower().Contains("dmxdav.axd")
)
{
return;
}
//URL validation
//check for ".." escape characters commonly used by hackers to traverse the folder tree on the server
//the application should always use the exact relative location of the resource it is requesting
var strURL = request.Url.AbsolutePath;
var strDoubleDecodeURL = server.UrlDecode(server.UrlDecode(request.RawUrl));
if (Regex.Match(strURL, "[\\\\/]\\.\\.[\\\\/]").Success || Regex.Match(strDoubleDecodeURL, "[\\\\/]\\.\\.[\\\\/]").Success)
{
DotNetNuke.Services.Exceptions.Exceptions.ProcessHttpException(request);
}
try
{
//fix for ASP.NET canonicalization issues http://support.microsoft.com/?kbid=887459
if ((request.Path.IndexOf("\\") >= 0 || Path.GetFullPath(request.PhysicalPath) != request.PhysicalPath))
{
DotNetNuke.Services.Exceptions.Exceptions.ProcessHttpException(request);
}
}
catch (Exception exc)
{
//DNN 5479
//request.physicalPath throws an exception when the path of the request exceeds 248 chars.
//example to test: http://localhost/dotnetnuke_2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/default.aspx
DnnLog.Error("RawUrl:" + request.RawUrl + " / Referrer:" + request.UrlReferrer.AbsoluteUri, exc);
}
#if DEBUG
var timer = new System.Diagnostics.Stopwatch();
timer.Start();
app.Context.Items.Add("UrlRewrite:Timer", timer);
#endif
String domainName;
RewriteUrl(app, out domainName);
//blank DomainName indicates RewriteUrl couldn't locate a current portal
//reprocess url for portal alias if auto add is an option
if (domainName == "" && CanAutoAddPortalAlias())
{
domainName = Globals.GetDomainName(app.Request, true);
}
//from this point on we are dealing with a "standard" querystring ( ie. http://www.domain.com/default.aspx?tabid=## )
//if the portal/url was succesfully identified
var tabId = Null.NullInteger;
var portalId = Null.NullInteger;
string portalAlias = null;
PortalAliasInfo portalAliasInfo = null;
var parsingError = false;
// get TabId from querystring ( this is mandatory for maintaining portal context for child portals )
if (!string.IsNullOrEmpty(request.QueryString["tabid"]))
{
if (!Int32.TryParse(request.QueryString["tabid"], out tabId))
{
tabId = Null.NullInteger;
parsingError = true;
}
}
// get PortalId from querystring ( this is used for host menu options as well as child portal navigation )
if (!string.IsNullOrEmpty(request.QueryString["portalid"]))
{
if (!Int32.TryParse(request.QueryString["portalid"], out portalId))
{
portalId = Null.NullInteger;
parsingError = true;
}
}
if (parsingError)
{
//The tabId or PortalId are incorrectly formatted (potential DOS)
DotNetNuke.Services.Exceptions.Exceptions.ProcessHttpException(request);
}
try
{
//alias parameter can be used to switch portals
if (request.QueryString["alias"] != null)
{
// check if the alias is valid
var childAlias = request.QueryString["alias"];
if (!Globals.UsePortNumber())
{
childAlias = childAlias.Replace(":" + request.Url.Port, "");
}
if (PortalAliasController.GetPortalAliasInfo(childAlias) != null)
{
//check if the domain name contains the alias
if (childAlias.IndexOf(domainName, StringComparison.OrdinalIgnoreCase) == -1)
{
//redirect to the url defined in the alias
app.Response.AppendHeader("X-Redirect-Reason", "alias parameter");
response.Redirect(Globals.GetPortalDomainName(childAlias, request, true), true);
}
else //the alias is the same as the current domain
{
portalAlias = childAlias;
}
}
}
//PortalId identifies a portal when set
if (portalAlias == null)
{
if (portalId != Null.NullInteger)
{
portalAlias = PortalAliasController.GetPortalAliasByPortal(portalId, domainName);
}
}
//TabId uniquely identifies a Portal
if (portalAlias == null)
{
if (tabId != Null.NullInteger)
{
//get the alias from the tabid, but only if it is for a tab in that domain
portalAlias = PortalAliasController.GetPortalAliasByTab(tabId, domainName);
if (String.IsNullOrEmpty(portalAlias))
{
//if the TabId is not for the correct domain
//see if the correct domain can be found and redirect it
portalAliasInfo = PortalAliasController.GetPortalAliasInfo(domainName);
if (portalAliasInfo != null && !request.Url.LocalPath.ToLower().EndsWith("/linkclick.aspx"))
{
if (app.Request.Url.AbsoluteUri.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase))
{
strURL = "https://" + portalAliasInfo.HTTPAlias.Replace("*.", "");
}
else
{
strURL = "http://" + portalAliasInfo.HTTPAlias.Replace("*.", "");
}
if (strURL.IndexOf(domainName, StringComparison.InvariantCultureIgnoreCase) == -1)
{
strURL += app.Request.Url.PathAndQuery;
}
app.Response.AppendHeader("X-Redirect-Reason", "not correct domain");
response.Redirect(strURL, true);
}
}
}
}
//else use the domain name
if (String.IsNullOrEmpty(portalAlias))
{
portalAlias = domainName;
}
//using the DomainName above will find that alias that is the domainname portion of the Url
//ie. dotnetnuke.com will be found even if zzz.dotnetnuke.com was entered on the Url
portalAliasInfo = PortalAliasController.GetPortalAliasInfo(portalAlias);
if (portalAliasInfo != null)
{
portalId = portalAliasInfo.PortalID;
}
//if the portalid is not known
if (portalId == Null.NullInteger)
{
bool autoAddPortalAlias = CanAutoAddPortalAlias();
if (!autoAddPortalAlias && !request.Url.LocalPath.EndsWith(Globals.glbDefaultPage, StringComparison.InvariantCultureIgnoreCase))
{
// allows requests for aspx pages in custom folder locations to be processed
return;
}
if (autoAddPortalAlias)
{
var portalAliasController = new PortalAliasController();
portalId = Host.HostPortalID;
//the domain name was not found so try using the host portal's first alias
if (portalId > Null.NullInteger)
{
portalAliasInfo = new PortalAliasInfo();
portalAliasInfo.PortalID = portalId;
portalAliasInfo.HTTPAlias = portalAlias;
portalAliasController.AddPortalAlias(portalAliasInfo);
app.Response.AppendHeader("X-Redirect-Reason", "auto add portalalis");
response.Redirect(app.Request.Url.ToString(), true);
}
}
}
}
catch (ThreadAbortException exc)
{
//Do nothing if Thread is being aborted - there are two response.redirect calls in the Try block
DnnLog.Debug(exc);
}
catch (Exception ex)
{
//500 Error - Redirect to ErrorPage
DnnLog.Error(ex);
strURL = "~/ErrorPage.aspx?status=500&error=" + server.UrlEncode(ex.Message);
HttpContext.Current.Response.Clear();
HttpContext.Current.Server.Transfer(strURL);
}
if (portalId != -1)
{
//load the PortalSettings into current context
var portalSettings = new PortalSettings(tabId, portalAliasInfo);
app.Context.Items.Add("PortalSettings", portalSettings);
// load PortalSettings and HostSettings dictionaries into current context
// specifically for use in DotNetNuke.Web.Client, which can't reference DotNetNuke.dll to get settings the normal way
app.Context.Items.Add("PortalSettingsDictionary", PortalController.GetPortalSettingsDictionary(portalId));
app.Context.Items.Add("HostSettingsDictionary", HostController.Instance.GetSettingsDictionary());
#if DNN71
if (portalSettings.PortalAliasMappingMode == PortalSettings.PortalAliasMapping.Redirect &&
portalAliasInfo != null && !portalAliasInfo.IsPrimary && !request.IsLocal)
{
#else
if (portalSettings.PortalAliasMappingMode == PortalSettings.PortalAliasMapping.Redirect &&
!String.IsNullOrEmpty(portalSettings.DefaultPortalAlias) &&
portalAliasInfo != null &&
portalAliasInfo.HTTPAlias != portalSettings.DefaultPortalAlias && !request.IsLocal)
{
#endif
//Permanently Redirect
response.StatusCode = 301;
var redirectAlias = Globals.AddHTTP(portalSettings.DefaultPortalAlias);
var checkAlias = Globals.AddHTTP(portalAliasInfo.HTTPAlias);
var redirectUrl = redirectAlias + request.RawUrl;
if (redirectUrl.StartsWith(checkAlias, StringComparison.InvariantCultureIgnoreCase))
{
redirectUrl = redirectAlias + redirectUrl.Substring(checkAlias.Length);
}
app.Response.AppendHeader("X-Redirect-Reason", "alias redirect");
response.AppendHeader("Location", redirectUrl);
}
//manage page URL redirects - that reach here because they bypass the built-in navigation
//ie Spiders, saved favorites, hand-crafted urls etc
if (!String.IsNullOrEmpty(portalSettings.ActiveTab.Url) && request.QueryString["ctl"] == null && request.QueryString["fileticket"] == null)
{
//Target Url
var redirectUrl = portalSettings.ActiveTab.FullUrl;
app.Response.AppendHeader("X-Redirect-Reason", "page url redirect");
if (portalSettings.ActiveTab.PermanentRedirect)
{
//Permanently Redirect
response.StatusCode = 301;
response.AppendHeader("Location", redirectUrl);
}
else
{
//Normal Redirect
response.Redirect(redirectUrl, true);
}
}
//manage secure connections
if (request.Url.AbsolutePath.EndsWith(".aspx", StringComparison.InvariantCultureIgnoreCase))
{
//request is for a standard page
strURL = "";
//if SSL is enabled
if (portalSettings.SSLEnabled)
{
//if page is secure and connection is not secure orelse ssloffload is enabled and server value exists
if ((portalSettings.ActiveTab.IsSecure && !request.IsSecureConnection) && (IsSSLOffloadEnabled(request) == false))
{
//switch to secure connection
strURL = requestedPath.Replace("http://", "https://");
strURL = FormatDomain(strURL, portalSettings.STDURL, portalSettings.SSLURL);
}
}
//if SSL is enforced
if (portalSettings.SSLEnforced)
{
//if page is not secure and connection is secure
if ((!portalSettings.ActiveTab.IsSecure && request.IsSecureConnection))
{
//check if connection has already been forced to secure orelse ssloffload is disabled
if (request.QueryString["ssl"] == null)
{
strURL = requestedPath.Replace("https://", "http://");
strURL = FormatDomain(strURL, portalSettings.SSLURL, portalSettings.STDURL);
}
}
}
//if a protocol switch is necessary
if (!String.IsNullOrEmpty(strURL))
{
if (strURL.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase))
{
//redirect to secure connection
app.Response.AppendHeader("X-Redirect-Reason", "redirect to secure");
response.Redirect(strURL, true);
}
else //when switching to an unsecure page, use a clientside redirector to avoid the browser security warning
{
response.Clear();
//add a refresh header to the response
response.AddHeader("Refresh", "0;URL=" + strURL);
//add the clientside javascript redirection script
response.Write("<html><head><title></title>");
response.Write("<!-- <script language=\"javascript\">window.location.replace(\"" + strURL + "\")</script> -->");
response.Write("</head><body></body></html>");
//send the response
response.End();
}
}
}
}
else
{
//alias does not exist in database
//and all attempts to find another have failed
//this should only happen if the HostPortal does not have any aliases
//404 Error - Redirect to ErrorPage
strURL = "~/ErrorPage.aspx?status=404&error=" + domainName;
HttpContext.Current.Response.Clear();
HttpContext.Current.Server.Transfer(strURL);
}
if (app.Context.Items["FirstRequest"] != null)
{
app.Context.Items.Remove("FirstRequest");
//Process any messages in the EventQueue for the Application_Start_FirstRequest event
EventQueueController.ProcessMessages("Application_Start_FirstRequest");
}
#if DEBUG
app.Response.AddHeader("X-OpenUrlRewriter-OnBeginRequest", timer.Elapsed.TotalMilliseconds.ToString());
#endif
}
protected void SaveAlias(object source, CommandEventArgs e)
{
var controller = new PortalAliasController();
bool isChild = false;
string childPath = string.Empty;
string message = string.Empty;
//Get the index of the row to save
int index = dgPortalAlias.EditItemIndex;
var portalAlias = (PortalAliasInfo)Aliases[index];
var ctlAlias = (TextBox)dgPortalAlias.Items[index].Cells[1].FindControl("txtHTTPAlias");
var chkChild = (CheckBox)dgPortalAlias.Items[index].Cells[2].FindControl("chkChild");
string strAlias = ctlAlias.Text.Trim();
if (string.IsNullOrEmpty(strAlias))
{
message = Localization.GetString("InvalidAlias", LocalResourceFile);
}
else
{
if (strAlias.IndexOf("://") != -1)
{
strAlias = strAlias.Remove(0, strAlias.IndexOf("://") + 3);
}
if (strAlias.IndexOf("\\\\") != -1)
{
strAlias = strAlias.Remove(0, strAlias.IndexOf("\\\\") + 2);
}
isChild = (chkChild != null && chkChild.Checked);
//Validate Alias
if (!PortalAliasController.ValidateAlias(strAlias, false))
{
message = Localization.GetString("InvalidAlias", LocalResourceFile);
}
//Validate Child Folder Name
if (isChild)
{
childPath = strAlias.Substring(strAlias.LastIndexOf("/") + 1);
if (!PortalAliasController.ValidateAlias(childPath, true))
{
message = Localization.GetString("InvalidAlias", LocalResourceFile);
}
}
}
if (string.IsNullOrEmpty(message) && isChild)
{
//Attempt to create child folder
string childPhysicalPath = Server.MapPath(childPath);
if (Directory.Exists(childPhysicalPath))
{
message = Localization.GetString("ChildExists", LocalResourceFile);
}
else
{
message = PortalController.CreateChildPortalFolder(childPhysicalPath);
}
}
if (string.IsNullOrEmpty(message))
{
portalAlias.HTTPAlias = strAlias;
if (AddMode)
{
controller.AddPortalAlias(portalAlias);
}
else
{
controller.UpdatePortalAliasInfo(portalAlias);
}
//Reset Edit Index
lblError.Visible = false;
dgPortalAlias.EditItemIndex = -1;
_Aliases = null;
}
else
{
lblError.Text = message;
lblError.Visible = true;
}
BindAliases();
}