public HttpResponseMessage CreateExample(ExampleInfo newExample) { try { newExample.CreatedOnDate = DateTime.Now; newExample.CreatedByUserId = UserInfo.UserID; newExample.LastUpdatedOnDate = DateTime.Now; newExample.LastUpdatedByUserId = UserInfo.UserID; newExample.ModuleId = ActiveModule.ModuleID; var security = new PortalSecurity(); newExample.Title = security.InputFilter(newExample.Title.Trim(), PortalSecurity.FilterFlag.NoMarkup); newExample.Description = security.InputFilter(newExample.Description.Trim(), PortalSecurity.FilterFlag.NoMarkup); ExampleDataAccess.CreateItem(newExample); var response = new ServiceResponse <string> { Content = Globals.RESPONSE_SUCCESS }; return(Request.CreateResponse(HttpStatusCode.OK, response.ObjectToJson())); } catch (Exception ex) { Exceptions.LogException(ex); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ERROR_MESSAGE)); } }
public HttpResponseMessage UpdateExample(ExampleInfo example) { try { var originalExample = ExampleDataAccess.GetItem(example.ExampleId, example.ModuleId); var updatesToProcess = ExampleHasUpdates(ref originalExample, ref example); if (updatesToProcess) { originalExample.LastUpdatedOnDate = DateTime.Now; originalExample.LastUpdatedByUserId = UserInfo.UserID; var security = new PortalSecurity(); originalExample.Title = security.InputFilter(originalExample.Title.Trim(), PortalSecurity.FilterFlag.NoMarkup); originalExample.Description = security.InputFilter(originalExample.Description.Trim(), PortalSecurity.FilterFlag.NoMarkup); ExampleDataAccess.UpdateItem(originalExample); } var savedExample = ExampleDataAccess.GetItem(originalExample.ExampleId, originalExample.ModuleId); var response = new ServiceResponse <ExampleInfo> { Content = savedExample }; return(Request.CreateResponse(HttpStatusCode.OK, response.ObjectToJson())); } catch (Exception ex) { Exceptions.LogException(ex); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ERROR_MESSAGE)); } }
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound) { if (_nameValueCollection == null) { return(string.Empty); } var value = _nameValueCollection[strPropertyName]; if (string.IsNullOrEmpty(strFormat)) { strFormat = string.Empty; } if (value != null) { var security = new PortalSecurity(); value = security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting); return(security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting)); } else { propertyNotFound = true; return(string.Empty); } }
/// <summary> /// Get Property out of NameValueCollection /// </summary> /// <param name="strPropertyName"></param> /// <param name="strFormat"></param> /// <param name="formatProvider"></param> /// <param name="AccessingUser"></param> /// <param name="AccessLevel"></param> /// <param name="PropertyNotFound"></param> /// <returns></returns> public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound) { if (NameValueCollection == null) { return(string.Empty); } var value = NameValueCollection[strPropertyName]; //string OutputFormat = null; //if (strFormat == string.Empty) //{ // OutputFormat = "g"; //} //else //{ // OutputFormat = string.Empty; //} if (value != null) { var Security = new PortalSecurity(); value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting); return(Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting)); } PropertyNotFound = true; return(string.Empty); }
/// ----------------------------------------------------------------------------- /// <summary> /// UpdateSettings saves the modified settings to the Database /// </summary> /// ----------------------------------------------------------------------------- public override void UpdateSettings() { try { var ctlModule = new ModuleController(); var sec = new PortalSecurity(); var overridePortalGuid = sec.InputFilter(txtPortalGuidOverride.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); var overrideTabId = sec.InputFilter(txtTabIdOverride.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); var overrideTabModuleId = sec.InputFilter(txtTabModuleIdOverride.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); /* * do I need to clear the cache???? */ PortalController.UpdatePortalSetting(PortalId, FeatureController.SETTING_PORTALGUID_OVERRIDE, overridePortalGuid); ctlModule.UpdateTabModuleSetting(TabModuleId, FeatureController.SETTING_TABID_OVERRIDE, overrideTabId); ctlModule.UpdateTabModuleSetting(TabModuleId, FeatureController.SETTING_TABMODULEID_OVERRIDE, overrideTabModuleId); // synchronize the module settings ModuleController.SynchronizeModule(ModuleId); } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException(this, exc); } }
/// <summary> /// Get Property out of NameValueCollection /// </summary> /// <param name="strPropertyName"></param> /// <param name="strFormat"></param> /// <param name="formatProvider"></param> /// <param name="AccessingUser"></param> /// <param name="AccessLevel"></param> /// <param name="PropertyNotFound"></param> /// <returns></returns> public string GetProperty(string strPropertyName, string strFormat, System.Globalization.CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound) { if (NameValueCollection == null) { return(string.Empty); } string value = NameValueCollection[strPropertyName]; string OutputFormat = null; if (strFormat == string.Empty) { OutputFormat = "g"; } else { OutputFormat = string.Empty; } if (value != null) { PortalSecurity Security = new PortalSecurity(); value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting); return(Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting)); } else { PropertyNotFound = true; return(string.Empty); } }
public void SaveComment(CommentInfo comment) { var portalSecurity = new PortalSecurity(); if (!String.IsNullOrEmpty(comment.Comment)) { comment.Comment = HttpUtility.HtmlDecode(portalSecurity.InputFilter(comment.Comment, PortalSecurity.FilterFlag.NoScripting)); comment.Comment = portalSecurity.InputFilter(comment.Comment, Security.PortalSecurity.FilterFlag.NoMarkup); } //TODO: enable once the profanity filter is working properly. //objCommentInfo.Comment = portalSecurity.Remove(objCommentInfo.Comment, DotNetNuke.Security.PortalSecurity.ConfigType.ListController, "ProfanityFilter", DotNetNuke.Security.PortalSecurity.FilterScope.PortalList); if (comment.Comment != null && comment.Comment.Length > 2000) { comment.Comment = comment.Comment.Substring(0, 1999); } string xml = null; if (comment.CommentXML != null) { xml = comment.CommentXML.OuterXml; } comment.CommentId = _dataService.Journal_Comment_Save(comment.JournalId, comment.CommentId, comment.UserId, comment.Comment, xml); var newComment = GetComment(comment.CommentId); comment.DateCreated = newComment.DateCreated; comment.DateUpdated = newComment.DateUpdated; }
/// <summary> /// Handles the Click event of the cmdUpdate control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs" /> instance containing the event data.</param> protected void cmdUpdate_Click(System.Object sender, System.EventArgs e) { try { // We do not allow for script or markup in the question PortalSecurity objSecurity = new PortalSecurity(); string question = objSecurity.InputFilter(txtQuestionField.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup); string answer = objSecurity.InputFilter(teAnswerField.Text, PortalSecurity.FilterFlag.NoScripting); FAQsController faqsController = new FAQsController(); FAQsInfo faq; int?newCatID = null; if (drpCategory.SelectedValue != "-1") { newCatID = int.Parse(drpCategory.SelectedValue); } // Do we add of update? The Id will tell us if (FaqId != -1) { faq = faqsController.GetFAQ(FaqId); faq.CategoryId = newCatID; faq.FaqHide = chkFaqHide.Checked; faq.PublishDate = datepickerPublishDate.SelectedDate; faq.ExpireDate = datepickerExpireDate.SelectedDate; faq.Question = question; faq.Answer = answer; faq.DateModified = DateTime.Now; faqsController.UpdateFAQ(faq); } else { faq = new FAQsInfo { ItemID = FaqId, CategoryId = newCatID, FaqHide = chkFaqHide.Checked, PublishDate = datepickerPublishDate.SelectedDate, ExpireDate = datepickerExpireDate.SelectedDate, Question = question, Answer = answer, CreatedByUser = UserId.ToString(), ViewCount = 0, DateModified = DateTime.Now, ModuleID = ModuleId, CreatedDate = DateTime.Now }; faqsController.AddFAQ(faq); } Response.Redirect(Globals.NavigateURL(), true); } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException(this, exc); } }
private void SaveHangout() { var ctlHangout = new DNNHangoutController(); var sec = new PortalSecurity(); HangoutInfo hangout = null; // get an instance of the hangout (if necessary) if (Hangout == null) { hangout = new HangoutInfo(); } else { hangout = Hangout; } // populate the hangout with the user field values hangout.Description = sec.InputFilter(txtDescription.Text.Trim(), PortalSecurity.FilterFlag.NoScripting); hangout.Duration = int.Parse(sec.InputFilter(txtDuration.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup), NumberStyles.Integer); hangout.HangoutAddress = sec.InputFilter(txtHangoutAddress.Text.Trim(), PortalSecurity.FilterFlag.NoScripting); hangout.StartDate = txtStartDate.SelectedDate != null ? txtStartDate.SelectedDate.Value : DateTime.Now; hangout.Title = sec.InputFilter(txtTitle.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); // determine the units to use if (ddlDurationUnits.SelectedIndex == 0) { hangout.DurationUnits = DurationType.Minutes; } else { hangout.DurationUnits = DurationType.Hours; } var contentItemId = Null.NullInteger; // update or create the hangout if (HangoutId > Null.NullInteger) { // update hangout contentItemId = ctlHangout.UpdateContentItem(TabId, ModuleId, hangout.ContentItemId, hangout); } else { // new hangout contentItemId = ctlHangout.CreateContentItem(TabId, ModuleId, hangout); } if (contentItemId > Null.NullInteger) { // update the module settings to set the default Google Hangout to show on the first page load var ctlModule = new ModuleController(); ctlModule.UpdateTabModuleSetting(TabModuleId, DNNHangoutController.SETTINGS_HANGOUT_ID, contentItemId.ToString()); ModuleController.SynchronizeModule(ModuleId); } }
/// <summary> /// newUrl returns the new URL based on the new language. /// Basically it is just a call to NavigateUrl, with stripped qs parameters /// </summary> /// <param name="newLanguage"></param> /// <history> /// [erikvb] 20070814 added /// </history> private string NewUrl(string newLanguage) { var objSecurity = new PortalSecurity(); Locale newLocale = LocaleController.Instance.GetLocale(newLanguage); //Ensure that the current ActiveTab is the culture of the new language int tabId = objPortal.ActiveTab.TabID; bool islocalized = false; TabInfo localizedTab = new TabController().GetTabByCulture(tabId, objPortal.PortalId, newLocale); if (localizedTab != null) { islocalized = true; tabId = localizedTab.TabID; } var rawQueryString = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl).Query; return (objSecurity.InputFilter( Globals.NavigateURL(tabId, objPortal.ActiveTab.IsSuperTab, objPortal, HttpContext.Current.Request.QueryString["ctl"], newLanguage, GetQsParams(newLocale.Code, islocalized)) + rawQueryString, PortalSecurity.FilterFlag.NoScripting)); }
/// <summary> /// Processes a post's body content prior to submission to the data store. It performs all content manipulation including security checks and returns it for saving to the data store. /// </summary> /// <param name="content"></param> /// <returns>This will likely be updated w/ more content manipulation prior to save.</returns> public static string ProcessSavePostBody(string content) { var cntSecurity = new PortalSecurity(); var cleanContent = cntSecurity.InputFilter(content, PortalSecurity.FilterFlag.NoScripting); return(cleanContent); }
private string ReformatForYouTube(string embedCode) { string strReturn = Server.HtmlDecode(embedCode); if (Regex.IsMatch(strReturn, YOUTUBE_EMBED_MATCH, RegexOptions.IgnoreCase)) { // this is an embed code string strUrl = Regex.Match(embedCode, YOUTUBE_EMBED_MATCH, RegexOptions.IgnoreCase).Groups[1].Value; if (!(Regex.IsMatch(strUrl, YOUTUBE_OPAQUE_MATCH, RegexOptions.IgnoreCase))) { strUrl = (strUrl.Contains("?")) ? string.Concat(strUrl, "&", YOUTUBE_OPAQUE) : string.Concat(strUrl, "?", YOUTUBE_OPAQUE); } strReturn = Regex.Replace(embedCode, YOUTUBE_EMBED_URL_MATCH, strUrl, RegexOptions.IgnoreCase); } else if (Regex.IsMatch(strReturn, YOUTUBE_MATCH, RegexOptions.IgnoreCase)) { // this is a URL if (!(Regex.IsMatch(strReturn, YOUTUBE_OPAQUE_MATCH, RegexOptions.IgnoreCase))) { strReturn = (strReturn.Contains("?")) ? string.Concat(strReturn, "&", YOUTUBE_OPAQUE) : string.Concat(strReturn, "?", YOUTUBE_OPAQUE); } } var sec = new PortalSecurity(); return(sec.InputFilter(strReturn, PortalSecurity.FilterFlag.NoMarkup)); }
/// ----------------------------------------------------------------------------- /// <summary> /// Page_Load runs when the control is loaded /// </summary> /// <history> /// [cnurse] 11/11/2004 documented /// [cnurse] 12/13/2004 Switched to using a DataGrid for Search Results /// </history> /// ----------------------------------------------------------------------------- protected override void OnLoad(EventArgs e) { base.OnLoad(e); dgResults.PageIndexChanged += dgResults_PageIndexChanged; ctlPagingControl.PageChanged += ctlPagingControl_PageChanged; var objSecurity = new PortalSecurity(); if (Request.Params["Search"] != null) { _SearchQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Search"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup)); } if (!String.IsNullOrEmpty(_SearchQuery)) { if (!Page.IsPostBack) { BindData(); } } else { if (IsEditable) { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); } else { ContainerControl.Visible = false; } } }
public static string RemoveHTML(string sText) { if (string.IsNullOrEmpty(sText)) { return(string.Empty); } sText = HttpUtility.HtmlDecode(sText); sText = HttpUtility.UrlDecode(sText); sText = sText.Trim(); if (string.IsNullOrEmpty(sText)) { return(string.Empty); } PortalSecurity objPortalSecurity = new PortalSecurity(); sText = objPortalSecurity.InputFilter(sText, PortalSecurity.FilterFlag.NoScripting); sText = FilterScripts(sText); string strip = "/*,*/,alert,document.,window.,eval(,eval[,src=,rel=,href=,@import,vbscript,javascript,jscript,msgbox,<style"; foreach (string s in strip.Split(',')) { if (sText.ToUpper().Contains(s.ToUpper())) { sText = sText.Replace(s.ToUpper(), string.Empty); sText = sText.Replace(s, string.Empty); } } string pattern = "<(.|\\n)*?>"; sText = Regex.Replace(sText, pattern, string.Empty, RegexOptions.IgnoreCase); sText = HttpUtility.HtmlEncode(sText); //sText = HttpUtility.UrlEncode(sText) return(sText); }
protected override void RenderAttributes(HtmlTextWriter writer) { StringWriter stringWriter = new StringWriter(); HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter); base.RenderAttributes(htmlWriter); string html = stringWriter.ToString(); // Locate and replace action attribute int startPoint = html.IndexOf("action=\""); if (startPoint >= 0) //does action exist? { int endPoint = html.IndexOf("\"", startPoint + 8) + 1; html = html.Remove(startPoint, endPoint - startPoint); PortalSecurity objSecurity = new PortalSecurity(); html = html.Insert(startPoint, "action=\"" + objSecurity.InputFilter(HttpContext.Current.Request.RawUrl, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) + "\""); } //' Locate and replace id attribute if (base.ID != null) { startPoint = html.IndexOf("id=\""); if (startPoint >= 0) //does id exist? { int EndPoint = html.IndexOf("\"", startPoint + 4) + 1; html = html.Remove(startPoint, EndPoint - startPoint); html = html.Insert(startPoint, "id=\"" + base.ClientID + "\""); } } writer.Write(html); }
private static string GetFilteredValue(PortalSecurity objSecurity, string value) { return(objSecurity.InputFilter( value, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup)); }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); var objSecurity = new PortalSecurity(); if ((Request.Params["Tag"] != null)) { _tagQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Tag"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup)); } if (_tagQuery.Length > 0) { // if (!Page.IsPostBack) // { BindData(); // } } else { if (IsEditable) { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); } else { ContainerControl.Visible = false; } } }
private int ParsePriotityLevel(PortalSecurity security) { var priorityInput = security.InputFilter(txtCrmPriority.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); var priorityLevel = InjectionController.GetCrmPriority(priorityInput); return((priorityLevel > Null.NullInteger) ? priorityLevel : Null.NullInteger); }
protected override void OnPreRender(EventArgs e) { base.OnPreRender(e); //public attributes if (!String.IsNullOrEmpty(CssClass)) { titleLabel.CssClass = CssClass; } string moduleTitle = Null.NullString; if (ModuleControl != null) { moduleTitle = Localization.LocalizeControlTitle(ModuleControl); } if (moduleTitle == Null.NullString) { moduleTitle = " "; } var ps = new PortalSecurity(); titleLabel.Text = ps.InputFilter(moduleTitle, PortalSecurity.FilterFlag.NoScripting); titleLabel.EditEnabled = false; titleToolbar.Visible = false; if (CanEditModule() && PortalSettings.InlineEditorEnabled) { titleLabel.EditEnabled = true; titleToolbar.Visible = true; } }
public static string FilterScripts(string text) { if (string.IsNullOrEmpty(text)) { return(string.Empty); } PortalSecurity objPortalSecurity = new PortalSecurity(); try { text = objPortalSecurity.InputFilter(text, PortalSecurity.FilterFlag.NoScripting); } catch (Exception ex) { } string pattern = "<script.*/*>|</script>|<[a-zA-Z][^>]*=['\"]+javascript:\\w+.*['\"]+>|<\\w+[^>]*\\son\\w+=.*[ /]*>"; text = Regex.Replace(text, pattern, string.Empty, RegexOptions.IgnoreCase); string strip = "/*,*/,alert,document.,window.,eval(,eval[,@import,vbscript,javascript,jscript,msgbox"; foreach (string s in strip.Split(',')) { if (text.ToUpper().Contains(s.ToUpper())) { text = text.Replace(s.ToUpper(), string.Empty); text = text.Replace(s, string.Empty); } } return(text); }
public static string Clean(string input, PortalSecurity.FilterFlag filterFlag = PortalSecurity.FilterFlag.NoMarkup) { var ps = new PortalSecurity(); return(ps.InputFilter(input, filterFlag)); }
/// <summary> /// Register in the log if the email was sent /// </summary> /// <param name="message"></param> private void LogResult(string message) { var portalSecurity = new PortalSecurity(); var objEventLog = new EventLogController(); var objEventLogInfo = new LogInfo(); objEventLogInfo.AddProperty("IP", _ipAddress); objEventLogInfo.LogPortalID = PortalSettings.PortalId; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = currentUser.UserID; objEventLogInfo.LogUserName = portalSecurity.InputFilter(currentUser.Username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); if (string.IsNullOrEmpty(message)) { objEventLogInfo.LogTypeKey = "PASSWORD_SENT_SUCCESS"; } else { objEventLogInfo.LogTypeKey = "PASSWORD_SENT_FAILURE"; objEventLogInfo.LogProperties.Add(new LogDetailInfo("Cause", message)); } objEventLog.AddLog(objEventLogInfo); }
private void LogResult(string message) { var portalSecurity = new PortalSecurity(); var log = new LogInfo { LogPortalID = PortalSettings.PortalId, LogPortalName = PortalSettings.PortalName, LogUserID = UserId, LogUserName = portalSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) }; if (string.IsNullOrEmpty(message)) { log.LogTypeKey = "PASSWORD_SENT_SUCCESS"; } else { log.LogTypeKey = "PASSWORD_SENT_FAILURE"; log.LogProperties.Add(new LogDetailInfo("Cause", message)); } log.AddProperty("IP", _ipAddress); LogController.Instance.AddLog(log); }
/// ----------------------------------------------------------------------------- /// <summary> /// UpdateSettings saves the modified settings to the Database /// </summary> /// ----------------------------------------------------------------------------- public override void UpdateSettings() { try { var ctlModule = new ModuleController(); var sec = new PortalSecurity(); var template = sec.InputFilter(txtTemplate.Text.Trim(), PortalSecurity.FilterFlag.NoSQL); if (chkTemplateScope.Checked) { ctlModule.UpdateTabModuleSetting(TabModuleId, DNNHangoutController.SETTINGS_TEMPLATE, template); } else { ctlModule.UpdateModuleSetting(ModuleId, DNNHangoutController.SETTINGS_TEMPLATE, template); } // clear any cached hangouts DataCache.ClearCache("WillStrohl.DNNHangout"); // synchronize the module settings ModuleController.SynchronizeModule(ModuleId); } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException(this, exc); } }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); PortalSettings portalSettings = PortalController.GetCurrentPortalSettings(); if (portalSettings != null && !String.IsNullOrEmpty(portalSettings.LogoFile)) { IFileInfo fileInfo = FileManager.Instance.GetFile(portalSettings.PortalId, portalSettings.LogoFile); if (fileInfo != null) { headerImage.ImageUrl = FileManager.Instance.GetUrl(fileInfo); } } headerImage.Visible = !string.IsNullOrEmpty(headerImage.ImageUrl); string localizedMessage; var security = new PortalSecurity(); string status = security.InputFilter(Request.QueryString["status"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup); if (!string.IsNullOrEmpty(status)) { ManageError(status); } else { //get the last server error var exc = Server.GetLastError(); try { if (Request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx")) { ErrorPlaceHolder.Controls.Add(new LiteralControl(HttpUtility.HtmlEncode(exc.ToString()))); } else { var lex = new PageLoadException(exc.Message, exc); Exceptions.LogException(lex); localizedMessage = Localization.Localization.GetString("Error.Text", Localization.Localization.GlobalResourceFile); ErrorPlaceHolder.Controls.Add(new ErrorContainer(portalSettings, localizedMessage, lex).Container); } } catch { //No exception was found...you shouldn't end up here //unless you go to this aspx page URL directly localizedMessage = Localization.Localization.GetString("UnhandledError.Text", Localization.Localization.GlobalResourceFile); ErrorPlaceHolder.Controls.Add(new LiteralControl(localizedMessage)); } Response.StatusCode = 500; } localizedMessage = Localization.Localization.GetString("Return.Text", Localization.Localization.GlobalResourceFile); hypReturn.Text = string.Format("<img src=\"{0}/images/lt.gif\" border=\"0\" /> {1}", Globals.ApplicationPath, localizedMessage); }
protected void cmdUpdate_Click(object sender, EventArgs e) { try { if (Page.IsValid) { PortalSecurity security = new PortalSecurity(); ReviewInfo review = new ReviewInfo(); review = ((ReviewInfo)CBO.InitializeObject(review, typeof(ReviewInfo))); review.ReviewID = _nav.ReviewID; review.PortalID = PortalId; review.ProductID = _nav.ProductID; review.Rating = int.Parse(cmbRating.SelectedValue); review.Comments = security.InputFilter(txtComments.Text, PortalSecurity.FilterFlag.NoMarkup); review.Authorized = chkAuthorized.Checked; string userName = txtUserName.Text; if (!string.IsNullOrEmpty(userName)) { review.UserName = security.InputFilter(userName, PortalSecurity.FilterFlag.NoMarkup); } else { review.UserName = Localization.GetString("Anonymous.Text", LocalResourceFile); } review.CreatedDate = DateTime.Now; ReviewController controller = new ReviewController(); if (_nav.ReviewID == 0) { controller.AddReview(review); } else { controller.UpdateReview(review); } InvokeEditComplete(); } } catch (Exception ex) { Exceptions.ProcessModuleLoadException(this, ex); } }
/// <summary> /// Handles the Click event of the cmdUpdate control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs" /> instance containing the event data.</param> protected void cmdUpdate_Click(Object sender, EventArgs e) { FAQsController faqsController = new FAQsController(); CategoryInfo categoryItem = new CategoryInfo(); PortalSecurity objSecurity = new PortalSecurity(); int parentCategoryId = Convert.ToInt32(drpParentCategory.SelectedValue); if (parentCategoryId < 0) { parentCategoryId = 0; } // We do not allow for script or markup categoryItem.FaqCategoryParentId = parentCategoryId; categoryItem.FaqCategoryName = objSecurity.InputFilter(txtCategoryName.Text, PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting); categoryItem.FaqCategoryDescription = objSecurity.InputFilter(txtCategoryDescription.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup); categoryItem.ModuleId = ModuleId; try { RadTreeNode node = treeCategories.SelectedNode; if (node != null) { categoryItem.FaqCategoryId = Convert.ToInt32(node.Value); CategoryInfo originalCategoryItem = faqsController.GetCategory(categoryItem.FaqCategoryId); categoryItem.ViewOrder = originalCategoryItem.ViewOrder; faqsController.UpdateCategory(categoryItem); } else { categoryItem.ViewOrder = 999; faqsController.AddCategory(categoryItem); } faqsController.ReorderCategory(categoryItem.FaqCategoryParentId, ModuleId); Response.Redirect(Request.RawUrl); } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException(this, exc); } }
protected virtual void RenderViewMode(System.Web.UI.HtmlTextWriter writer) { string propValue = this.Page.Server.HtmlDecode(Convert.ToString(this.Value)); ControlStyle.AddAttributesToRender(writer); writer.RenderBeginTag(HtmlTextWriterTag.Span); PortalSecurity security = new PortalSecurity(); writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoScripting)); writer.RenderEndTag(); }
/// <Summary> /// RenderViewMode renders the View (readonly) mode of the control /// </Summary> /// <Param name="writer">A HtmlTextWriter.</Param> protected virtual void RenderViewMode(HtmlTextWriter writer) { string propValue = Convert.ToString(this.Value); ControlStyle.AddAttributesToRender(writer); writer.RenderBeginTag(HtmlTextWriterTag.Span); PortalSecurity security = new PortalSecurity(); writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting)); writer.RenderEndTag(); }
private void UpdateTitle(object source, DNNLabelEditEventArgs e) { if (CanEditModule()) { ModuleInfo moduleInfo = ModuleController.Instance.GetModule(ModuleControl.ModuleContext.ModuleId, ModuleControl.ModuleContext.TabId, false); var ps = new PortalSecurity(); var mt = ps.InputFilter(e.Text, PortalSecurity.FilterFlag.NoScripting); moduleInfo.ModuleTitle = mt; ModuleController.Instance.UpdateModule(moduleInfo); } }
private static void AddEventLog(int portalId, string username, int userId, string portalName, string Ip, UserLoginStatus loginStatus) { Services.Log.EventLog.EventLogController objEventLog = new Services.Log.EventLog.EventLogController(); Services.Log.EventLog.LogInfo objEventLogInfo = new Services.Log.EventLog.LogInfo(); PortalSecurity objSecurity = new PortalSecurity(); objEventLogInfo.AddProperty("IP", Ip); objEventLogInfo.LogPortalID = portalId; objEventLogInfo.LogPortalName = portalName; objEventLogInfo.LogUserName = objSecurity.InputFilter(username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); objEventLogInfo.LogUserID = userId; objEventLogInfo.LogTypeKey = loginStatus.ToString(); objEventLog.AddLog(objEventLogInfo); }
/// <summary> /// UpdateUser persists a user to the Data Store /// </summary> /// <remarks> /// </remarks> /// <param name="user">The user to persist to the Data Store.</param> /// <history> /// [cnurse] 12/13/2005 created /// </history> public override void UpdateUser( UserInfo user ) { PortalSecurity objSecurity = new PortalSecurity(); string firstName = objSecurity.InputFilter( user.FirstName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); string lastName = objSecurity.InputFilter( user.LastName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); string email = objSecurity.InputFilter( user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); string displayName = objSecurity.InputFilter( user.DisplayName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); bool updatePassword = user.Membership.UpdatePassword; bool isApproved = user.Membership.Approved; if( displayName == "" ) { displayName = firstName + " " + lastName; } //Persist the DNN User to the Database dataProvider.UpdateUser( user.UserID, user.PortalID, firstName, lastName, email, displayName, updatePassword, isApproved ); //Persist the Membership to the Data Store UpdateUserMembership( user ); //Persist the Profile to the Data Store ProfileController.UpdateUserProfile( user ); }
/// <summary> /// CreateDNNUser persists the DNN User information to the Database /// </summary> /// <remarks> /// </remarks> /// <param name="user">The user to persist to the Data Store.</param> /// <returns>The UserId of the newly created user.</returns> /// <history> /// [cnurse] 12/13/2005 created /// </history> private UserCreateStatus CreateDNNUser( ref UserInfo user ) { PortalSecurity objSecurity = new PortalSecurity(); string userName = objSecurity.InputFilter( user.Username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); string email = objSecurity.InputFilter( user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); string lastName = objSecurity.InputFilter( user.LastName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); string firstName = objSecurity.InputFilter( user.FirstName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); UserCreateStatus createStatus = UserCreateStatus.Success; string displayName = objSecurity.InputFilter( user.DisplayName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); bool updatePassword = user.Membership.UpdatePassword; bool isApproved = user.Membership.Approved; try { user.UserID = Convert.ToInt32( dataProvider.AddUser( user.PortalID, userName, firstName, lastName, user.AffiliateID, user.IsSuperUser, email, displayName, updatePassword, isApproved ) ); } catch( Exception ex ) { //Clear User (duplicate User information) user = null; createStatus = UserCreateStatus.ProviderError; } return createStatus; }
protected virtual void RenderViewMode(System.Web.UI.HtmlTextWriter writer) { string propValue = this.Page.Server.HtmlDecode(Convert.ToString(this.Value)); ControlStyle.AddAttributesToRender(writer); writer.RenderBeginTag(HtmlTextWriterTag.Span); PortalSecurity security = new PortalSecurity(); writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoScripting)); writer.RenderEndTag(); }
/// <summary> /// UpdateUserMembership persists a user's Membership to the Data Store /// </summary> /// <remarks> /// </remarks> /// <param name="user">The user to persist to the Data Store.</param> /// <history> /// [cnurse] 12/13/2005 created /// </history> private void UpdateUserMembership( UserInfo user ) { PortalSecurity objSecurity = new PortalSecurity(); string email = objSecurity.InputFilter( user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); //Persist the Membership Properties to the AspNet Data Store MembershipUser objMembershipUser; objMembershipUser = System.Web.Security.Membership.GetUser( user.Username ); objMembershipUser.Email = email; objMembershipUser.LastActivityDate = DateTime.Now; objMembershipUser.IsApproved = user.Membership.Approved; System.Web.Security.Membership.UpdateUser( objMembershipUser ); }
/// ----------------------------------------------------------------------------- /// <summary> /// UpdateUser persists a user to the Data Store /// </summary> /// <remarks> /// </remarks> /// <param name="user">The user to persist to the Data Store.</param> /// ----------------------------------------------------------------------------- public override void UpdateUser(UserInfo user) { var objSecurity = new PortalSecurity(); string firstName = objSecurity.InputFilter(user.FirstName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string lastName = objSecurity.InputFilter(user.LastName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string email = objSecurity.InputFilter(user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string displayName = objSecurity.InputFilter(user.DisplayName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); if (displayName.Contains("<")) { displayName = HttpUtility.HtmlEncode(displayName); } bool updatePassword = user.Membership.UpdatePassword; bool isApproved = user.Membership.Approved; if (String.IsNullOrEmpty(displayName)) { displayName = firstName + " " + lastName; } //Persist the Membership to the Data Store UpdateUserMembership(user); //Persist the DNN User to the Database _dataProvider.UpdateUser(user.UserID, user.PortalID, firstName, lastName, user.IsSuperUser, email, displayName, user.VanityUrl, updatePassword, isApproved, false, user.LastIPAddress, user.PasswordResetToken, user.PasswordResetExpiration, user.IsDeleted, UserController.Instance.GetCurrentUserInfo().UserID); //Persist the Profile to the Data Store ProfileController.UpdateUserProfile(user); }
private UserCreateStatus CreateDNNUser(ref UserInfo user) { var objSecurity = new PortalSecurity(); string userName = objSecurity.InputFilter(user.Username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string email = objSecurity.InputFilter(user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string lastName = objSecurity.InputFilter(user.LastName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string firstName = objSecurity.InputFilter(user.FirstName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); var createStatus = UserCreateStatus.Success; string displayName = objSecurity.InputFilter(user.DisplayName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); if (displayName.Contains("<")) { displayName = HttpUtility.HtmlEncode(displayName); } bool updatePassword = user.Membership.UpdatePassword; bool isApproved = user.Membership.Approved; try { user.UserID = Convert.ToInt32(_dataProvider.AddUser(user.PortalID, userName, firstName, lastName, user.AffiliateID, user.IsSuperUser, email, displayName, updatePassword, isApproved, UserController.Instance.GetCurrentUserInfo().UserID)); } catch (Exception ex) { //Clear User (duplicate User information) Exceptions.LogException(ex); user = null; createStatus = UserCreateStatus.ProviderError; } return createStatus; }
private static UserCreateStatus CreateMemberhipUser(UserInfo user) { var portalSecurity = new PortalSecurity(); string userName = portalSecurity.InputFilter(user.Username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); string email = portalSecurity.InputFilter(user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); MembershipCreateStatus status; if (MembershipProviderConfig.RequiresQuestionAndAnswer) { System.Web.Security.Membership.CreateUser(userName, user.Membership.Password, email, user.Membership.PasswordQuestion, user.Membership.PasswordAnswer, true, out status); } else { System.Web.Security.Membership.CreateUser(userName, user.Membership.Password, email, null, null, true, out status); } var createStatus = UserCreateStatus.Success; switch (status) { case MembershipCreateStatus.DuplicateEmail: createStatus = UserCreateStatus.DuplicateEmail; break; case MembershipCreateStatus.DuplicateProviderUserKey: createStatus = UserCreateStatus.DuplicateProviderUserKey; break; case MembershipCreateStatus.DuplicateUserName: createStatus = UserCreateStatus.DuplicateUserName; break; case MembershipCreateStatus.InvalidAnswer: createStatus = UserCreateStatus.InvalidAnswer; break; case MembershipCreateStatus.InvalidEmail: createStatus = UserCreateStatus.InvalidEmail; break; case MembershipCreateStatus.InvalidPassword: createStatus = UserCreateStatus.InvalidPassword; break; case MembershipCreateStatus.InvalidProviderUserKey: createStatus = UserCreateStatus.InvalidProviderUserKey; break; case MembershipCreateStatus.InvalidQuestion: createStatus = UserCreateStatus.InvalidQuestion; break; case MembershipCreateStatus.InvalidUserName: createStatus = UserCreateStatus.InvalidUserName; break; case MembershipCreateStatus.ProviderError: createStatus = UserCreateStatus.ProviderError; break; case MembershipCreateStatus.UserRejected: createStatus = UserCreateStatus.UserRejected; break; } return createStatus; }
/// ----------------------------------------------------------------------------- /// <summary> /// UpdateUserProfile persists a user's Profile to the Data Store /// </summary> /// <remarks> /// </remarks> /// <param name="user">The user to persist to the Data Store.</param> /// ----------------------------------------------------------------------------- public override void UpdateUserProfile(UserInfo user) { ProfilePropertyDefinitionCollection properties = user.Profile.ProfileProperties; //Ensure old and new TimeZone properties are in synch var newTimeZone = properties["PreferredTimeZone"]; var oldTimeZone = properties["TimeZone"]; if (oldTimeZone != null && newTimeZone != null) { //preference given to new property, if new is changed then old should be updated as well. if (newTimeZone.IsDirty && !string.IsNullOrEmpty(newTimeZone.PropertyValue)) { var timeZoneInfo = TimeZoneInfo.FindSystemTimeZoneById(newTimeZone.PropertyValue); if (timeZoneInfo != null) oldTimeZone.PropertyValue = timeZoneInfo.BaseUtcOffset.TotalMinutes.ToString(CultureInfo.InvariantCulture); } //however if old is changed, we need to update new as well else if (oldTimeZone.IsDirty) { int oldOffset; int.TryParse(oldTimeZone.PropertyValue, out oldOffset); newTimeZone.PropertyValue = Localization.ConvertLegacyTimeZoneOffsetToTimeZoneInfo(oldOffset).Id; } } foreach (ProfilePropertyDefinition profProperty in properties) { if ((profProperty.PropertyValue != null) && (profProperty.IsDirty)) { var objSecurity = new PortalSecurity(); string propertyValue = objSecurity.InputFilter(profProperty.PropertyValue, PortalSecurity.FilterFlag.NoScripting); _dataProvider.UpdateProfileProperty(Null.NullInteger, user.UserID, profProperty.PropertyDefinitionId, propertyValue, (int) profProperty.ProfileVisibility.VisibilityMode, profProperty.ProfileVisibility.ExtendedVisibilityString(), DateTime.Now); var objEventLog = new EventLogController(); objEventLog.AddLog(user, PortalController.GetCurrentPortalSettings(), UserController.GetCurrentUserInfo().UserID, "", "USERPROFILE_UPDATED"); } } }
private static void UpdateUserMembership(UserInfo user) { var portalSecurity = new PortalSecurity(); string email = portalSecurity.InputFilter(user.Email, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); //Persist the Membership Properties to the AspNet Data Store MembershipUser membershipUser = System.Web.Security.Membership.GetUser(user.Username); membershipUser.Email = email; membershipUser.LastActivityDate = DateTime.Now; if (user.IsSuperUser) { membershipUser.IsApproved = user.Membership.Approved; } System.Web.Security.Membership.UpdateUser(membershipUser); DataCache.RemoveCache(GetCacheKey(user.Username)); }