/// <summary>
/// Saves the and continue.
/// </summary>
private void SaveAndContinue()
{
SharedEnum.CrudOperation crudOperation = SharedEnum.CrudOperation.Insert;
try
{
DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity();
this.SaveTopic(
HttpUtility.HtmlDecode(
objSec.InputFilter(objSec.InputFilter(this.teContent.Text, PortalSecurity.FilterFlag.NoMarkup), PortalSecurity.FilterFlag.NoScripting)),
this.AllowDiscuss.Checked,
this.AllowRating.Checked,
objSec.InputFilter(WikiMarkup.DecodeTitle(this.txtTitle.Text.Trim()), PortalSecurity.FilterFlag.NoMarkup),
objSec.InputFilter(this.txtDescription.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup),
objSec.InputFilter(this.txtKeywords.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup),
out crudOperation);
}
catch (TopicValidationException exc)
{
switch (exc.CrudError)
{
case DotNetNuke.Wiki.BusinessObjects.TopicBO.TopicError.DUPLICATENAME:
this.Messages.ShowWarning(Localization.GetString("WarningDUPLICATENAME", this.LocalResourceFile));
break;
default:
throw exc;
}
}
this.PostTopicToDNNJournal(crudOperation);
}
public void SaveComment(CommentInfo comment)
{
var portalSecurity = new PortalSecurity();
if (!String.IsNullOrEmpty(comment.Comment))
{
comment.Comment = HttpUtility.HtmlDecode(portalSecurity.InputFilter(comment.Comment, PortalSecurity.FilterFlag.NoScripting));
comment.Comment = portalSecurity.InputFilter(comment.Comment, Security.PortalSecurity.FilterFlag.NoMarkup);
}
//TODO: enable once the profanity filter is working properly.
//objCommentInfo.Comment = portalSecurity.Remove(objCommentInfo.Comment, DotNetNuke.Security.PortalSecurity.ConfigType.ListController, "ProfanityFilter", DotNetNuke.Security.PortalSecurity.FilterScope.PortalList);
if (comment.Comment != null && comment.Comment.Length > 2000)
{
comment.Comment = comment.Comment.Substring(0, 1999);
}
string xml = null;
if (comment.CommentXML != null)
{
xml = comment.CommentXML.OuterXml;
}
comment.CommentId = _dataService.Journal_Comment_Save(comment.JournalId, comment.CommentId, comment.UserId, comment.Comment, xml);
var newComment = GetComment(comment.CommentId);
comment.DateCreated = newComment.DateCreated;
comment.DateUpdated = newComment.DateUpdated;
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
var objSecurity = new PortalSecurity();
if ((Request.Params["Tag"] != null))
{
_tagQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Tag"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
}
if (_tagQuery.Length > 0)
{
// if (!Page.IsPostBack)
// {
BindData();
// }
}
else
{
if (IsEditable)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
ContainerControl.Visible = false;
}
}
}
protected override void RenderAttributes(HtmlTextWriter writer)
{
StringWriter stringWriter = new StringWriter();
HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter);
base.RenderAttributes(htmlWriter);
string html = stringWriter.ToString();
// Locate and replace action attribute
int startPoint = html.IndexOf("action=\"");
if (startPoint >= 0) //does action exist?
{
int endPoint = html.IndexOf("\"", startPoint + 8) + 1;
html = html.Remove(startPoint, endPoint - startPoint);
PortalSecurity objSecurity = new PortalSecurity();
html = html.Insert(startPoint, "action=\"" + objSecurity.InputFilter(HttpContext.Current.Request.RawUrl, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) + "\"");
}
//' Locate and replace id attribute
if (base.ID != null)
{
startPoint = html.IndexOf("id=\"");
if (startPoint >= 0) //does id exist?
{
int EndPoint = html.IndexOf("\"", startPoint + 4) + 1;
html = html.Remove(startPoint, EndPoint - startPoint);
html = html.Insert(startPoint, "id=\"" + base.ClientID + "\"");
}
}
writer.Write(html);
}
public static string FilterScripts(string text)
{
if (string.IsNullOrEmpty(text))
{
return string.Empty;
}
PortalSecurity objPortalSecurity = new PortalSecurity();
try
{
text = objPortalSecurity.InputFilter(text, PortalSecurity.FilterFlag.NoScripting);
}
catch (Exception ex)
{
}
string pattern = "<script.*/*>|</script>|<[a-zA-Z][^>]*=['\"]+javascript:\\w+.*['\"]+>|<\\w+[^>]*\\son\\w+=.*[ /]*>";
text = Regex.Replace(text, pattern, string.Empty, RegexOptions.IgnoreCase);
string strip = "/*,*/,alert,document.,window.,eval(,eval[,@import,vbscript,javascript,jscript,msgbox";
foreach (string s in strip.Split(','))
{
if (text.ToUpper().Contains(s.ToUpper()))
{
text = text.Replace(s.ToUpper(), string.Empty);
text = text.Replace(s, string.Empty);
}
}
return text;
}
private static string GetFilteredValue(PortalSecurity objSecurity, string value)
{
return objSecurity.InputFilter(
value,
PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets
| PortalSecurity.FilterFlag.NoMarkup);
}
/// <summary>
/// Handles the Click event of the SubmitButton control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event
/// data.</param>
private void SubmitButton_Click(object sender, System.EventArgs e)
{
using (UnitOfWork uOw = new UnitOfWork())
{
var commentBo = new CommentBO(uOw);
string commentText = this.txtComment.Text;
DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity();
if (commentText.Length > this.CommentsMaxLength)
{
commentText = commentText.Substring(0, this.CommentsMaxLength);
}
////4.8.3 has better control for NoMarkup
var comment = new Comment
{
ParentId = this.ParentId,
Name = objSec.InputFilter(this.txtName.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
Email = objSec.InputFilter(this.txtEmail.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
CommentText = objSec.InputFilter(commentText, PortalSecurity.FilterFlag.NoMarkup),
Ip = objSec.InputFilter(this.Context.Request.ServerVariables["REMOTE_ADDR"], DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
EmailNotify = this.chkSubscribeToNotifications.Checked,
Datetime = DateTime.Now
};
comment = commentBo.Add(comment);
////send the notification
var topic = new TopicBO(uOw).Get(this.ParentId);
DNNUtils.SendNotifications(uOw, topic, comment.Name, comment.Email, comment.CommentText, comment.Ip);
this.mSuccessValue = comment.CommentId > 0;
if (this.mSuccessValue)
{
this.txtName.Text = string.Empty;
this.txtEmail.Text = string.Empty;
this.txtComment.Text = string.Empty;
this.Context.Cache.Remove("WikiComments" + this.ParentId.ToString());
if (this.PostSubmitted != null)
{
this.PostSubmitted(this);
}
}
}
}
public static string StripHTMLTags(string Text, bool RetainWhiteSpace)
{
DotNetNuke.Security.PortalSecurity ps = new DotNetNuke.Security.PortalSecurity();
Text = ps.InputFilter(Text, PortalSecurity.FilterFlag.NoScripting);
Text = Regex.Replace(Text, "<(.|\\n)*?>", " ");
if (!RetainWhiteSpace)
{
Text = Regex.Replace(Text, "\\s{2,}", " ").Trim();
}
return(Text);
}
public void Html_Source_Tag_Should_Not_Be_Allowed(string html, string expectedOutput,
DotNetNuke.Security.PortalSecurity.FilterFlag markup)
{
//Arrange
var portalSecurity = new DotNetNuke.Security.PortalSecurity();
//Act
var filterOutput = portalSecurity.InputFilter(html, markup);
//Assert
Assert.AreEqual(filterOutput, expectedOutput);
}
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider,
UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound)
{
if (_nameValueCollection == null)
return string.Empty;
var value = _nameValueCollection[strPropertyName];
if (string.IsNullOrEmpty(strFormat)) strFormat = string.Empty;
if (value != null)
{
var security = new PortalSecurity();
value = security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return security.InputFilter(PropertyAccess.FormatString(value, strFormat),
PortalSecurity.FilterFlag.NoScripting);
}
else
{
propertyNotFound = true;
return string.Empty;
}
}
private void SaveMetadata()
{
var security = new DotNetNuke.Security.PortalSecurity();
var ctlRole = new RoleController();
var role = ctlRole.GetRole(GroupId, PortalId);
var settingKey = security.InputFilter(txtSettingKey.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
var settingValue = security.InputFilter(txtSettingValue.Text.Trim(), PortalSecurity.FilterFlag.NoScripting);
if (role.Settings.ContainsKey(settingKey))
{
// update the existing key
role.Settings[settingKey] = settingValue;
}
else
{
// add a new key
role.Settings.Add(settingKey, settingValue);
}
TestableRoleController.Instance.UpdateRoleSettings(role, true);
}
public string[] GetTagsCompletionList(string prefixText, int count, string contextKey)
{
var objSecurity = new PortalSecurity();
DataTable dt = Tag.GetTagsByString(objSecurity.InputFilter(HttpUtility.UrlDecode(prefixText), PortalSecurity.FilterFlag.NoSQL), Convert.ToInt32(contextKey, CultureInfo.InvariantCulture));
var returnTags = new string[dt.Rows.Count];
foreach (DataRow dr in dt.Rows)
{
returnTags[0] = dr["name"].ToString();
}
return returnTags;
}
/// <summary>
/// Get Property out of NameValueCollection
/// </summary>
/// <param name="strPropertyName"></param>
/// <param name="strFormat"></param>
/// <param name="formatProvider"></param>
/// <param name="AccessingUser"></param>
/// <param name="AccessLevel"></param>
/// <param name="PropertyNotFound"></param>
/// <returns></returns>
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound)
{
if (NameValueCollection == null)
return string.Empty;
var value = NameValueCollection[strPropertyName];
//string OutputFormat = null;
//if (strFormat == string.Empty)
//{
// OutputFormat = "g";
//}
//else
//{
// OutputFormat = string.Empty;
//}
if (value != null)
{
var Security = new PortalSecurity();
value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting);
}
PropertyNotFound = true;
return string.Empty;
}
public static string NewUrl(PortalSettings portalSettings, string newLanguage)
{
var objSecurity = new PortalSecurity();
var newLocale = LocaleController.Instance.GetLocale(newLanguage);
//Ensure that the current ActiveTab is the culture of the new language
var tabId = portalSettings.ActiveTab.TabID;
var islocalized = false;
var localizedTab = TabController.Instance.GetTabByCulture(tabId, portalSettings.PortalId, newLocale);
if (localizedTab != null)
{
islocalized = true;
if (localizedTab.IsDeleted || !TabPermissionController.CanViewPage(localizedTab))
{
var localizedPortal = PortalController.Instance.GetPortal(portalSettings.PortalId, newLocale.Code);
tabId = localizedPortal.HomeTabId;
}
else
{
var fullurl = string.Empty;
switch (localizedTab.TabType)
{
case TabType.Normal:
//normal tab
tabId = localizedTab.TabID;
break;
case TabType.Tab:
//alternate tab url
fullurl = TestableGlobals.Instance.NavigateURL(Convert.ToInt32(localizedTab.Url));
break;
case TabType.File:
//file url
fullurl = TestableGlobals.Instance.LinkClick(localizedTab.Url, localizedTab.TabID, Null.NullInteger);
break;
case TabType.Url:
//external url
fullurl = localizedTab.Url;
break;
}
if (!string.IsNullOrEmpty(fullurl))
{
return objSecurity.InputFilter(fullurl, PortalSecurity.FilterFlag.NoScripting);
}
}
}
var rawQueryString = string.Empty;
if (DotNetNuke.Entities.Host.Host.UseFriendlyUrls)
{
// Remove returnurl from query parameters to prevent that the language is changed back after the user has logged in
// Example: Accessing protected page /de-de/Page1 redirects to /de-DE/Login?returnurl=%2f%2fde-de%2fPage1 and changing language to en-us on the login page
// using the language links won't change the language in the returnurl parameter and the user will be redirected to the de-de version after logging in
// Assumption: Loosing the returnurl information is better than confusing the user by switching the language back after the login
var queryParams = HttpUtility.ParseQueryString(new Uri(string.Concat(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority), HttpContext.Current.Request.RawUrl)).Query);
queryParams.Remove("returnurl");
var queryString = queryParams.ToString();
if (queryString.Length > 0) rawQueryString = string.Concat("?", queryString);
}
return
objSecurity.InputFilter(
TestableGlobals.Instance.NavigateURL(tabId, portalSettings.ActiveTab.IsSuperTab, portalSettings, HttpContext.Current.Request.QueryString["ctl"], newLanguage, GetQsParams(portalSettings, newLocale.Code, islocalized)) +
rawQueryString,
PortalSecurity.FilterFlag.NoScripting);
}
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
//public attributes
if (!String.IsNullOrEmpty(CssClass))
{
titleLabel.CssClass = CssClass;
}
string moduleTitle = Null.NullString;
if (ModuleControl != null)
{
moduleTitle = Localization.LocalizeControlTitle(ModuleControl);
}
if (moduleTitle == Null.NullString)
{
moduleTitle = " ";
}
var ps = new PortalSecurity();
titleLabel.Text = ps.InputFilter(moduleTitle,PortalSecurity.FilterFlag.NoScripting);
titleLabel.EditEnabled = false;
titleToolbar.Visible = false;
if (CanEditModule() && PortalSettings.InlineEditorEnabled)
{
titleLabel.EditEnabled = true;
titleToolbar.Visible = true;
}
}
public static string GetRichValue(ProfilePropertyDefinition property, string formatString, CultureInfo formatProvider)
{
string result = "";
if (!String.IsNullOrEmpty(property.PropertyValue) || DisplayDataType(property).ToLower() == "image")
{
switch (DisplayDataType(property).ToLower())
{
case "truefalse":
result = PropertyAccess.Boolean2LocalizedYesNo(Convert.ToBoolean(property.PropertyValue), formatProvider);
break;
case "date":
case "datetime":
if (formatString == string.Empty)
{
formatString = "g";
}
result = DateTime.Parse(property.PropertyValue, CultureInfo.InvariantCulture).ToString(formatString, formatProvider);
break;
case "integer":
if (formatString == string.Empty)
{
formatString = "g";
}
result = int.Parse(property.PropertyValue).ToString(formatString, formatProvider);
break;
case "page":
var tabCtrl = new TabController();
int tabid;
if (int.TryParse(property.PropertyValue, out tabid))
{
TabInfo tab = tabCtrl.GetTab(tabid, Null.NullInteger, false);
if (tab != null)
{
result = string.Format("<a href='{0}'>{1}</a>", Globals.NavigateURL(tabid), tab.LocalizedTabName);
}
}
break;
case "image":
//File is stored as a FileID
int fileID;
if (Int32.TryParse(property.PropertyValue, out fileID) && fileID > 0)
{
result = Globals.LinkClick(String.Format("fileid={0}", fileID), Null.NullInteger, Null.NullInteger);
}
else
{
result = IconController.IconURL("Spacer","1X1");
}
break;
case "richtext":
var objSecurity = new PortalSecurity();
result = PropertyAccess.FormatString(objSecurity.InputFilter(HttpUtility.HtmlDecode(property.PropertyValue), PortalSecurity.FilterFlag.NoScripting), formatString);
break;
default:
result = HttpUtility.HtmlEncode(PropertyAccess.FormatString(property.PropertyValue, formatString));
break;
}
}
return result;
}
/// <summary>
/// Handles cmdSaveEntry.Click
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
/// <remarks>
/// Using "CommandName" property of cmdSaveEntry to determine action to take (ListUpdate/AddEntry/AddList)
/// </remarks>
protected void OnSaveEntryClick(object sender, EventArgs e)
{
String entryValue;
String entryText;
if (UserInfo.IsSuperUser)
{
entryValue = txtEntryValue.Text;
entryText = txtEntryText.Text;
}
else
{
var ps = new PortalSecurity();
entryValue = ps.InputFilter(txtEntryValue.Text, PortalSecurity.FilterFlag.NoScripting);
entryText = ps.InputFilter(txtEntryText.Text, PortalSecurity.FilterFlag.NoScripting);
}
var listController = new ListController();
var entry = new ListEntryInfo();
{
entry.DefinitionID = Null.NullInteger;
entry.PortalID = ListPortalID;
entry.ListName = txtEntryName.Text;
entry.Value = entryValue;
entry.Text = entryText;
}
if (Page.IsValid)
{
Mode = "ListEntries";
switch (cmdSaveEntry.CommandName.ToLower())
{
case "update":
entry.ParentKey = SelectedList.ParentKey;
entry.EntryID = Int16.Parse(txtEntryID.Text);
bool canUpdate = true;
foreach (var curEntry in listController.GetListEntryInfoItems(SelectedList.Name, entry.ParentKey, entry.PortalID))
{
if (entry.EntryID != curEntry.EntryID) //not the same item we are trying to update
{
if (entry.Value == curEntry.Value && entry.Text == curEntry.Text)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
canUpdate = false;
break;
}
}
}
if (canUpdate)
{
listController.UpdateListEntry(entry);
DataBind();
}
break;
case "saveentry":
if (SelectedList != null)
{
entry.ParentKey = SelectedList.ParentKey;
entry.ParentID = SelectedList.ParentID;
entry.Level = SelectedList.Level;
}
if (chkEnableSortOrder.Checked)
{
entry.SortOrder = 1;
}
else
{
entry.SortOrder = 0;
}
if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
DataBind();
break;
case "savelist":
if (ddlSelectParent.SelectedIndex != -1)
{
int parentID = Int32.Parse(ddlSelectParent.SelectedItem.Value);
ListEntryInfo parentEntry = listController.GetListEntryInfo(parentID);
entry.ParentID = parentID;
entry.DefinitionID = parentEntry.DefinitionID;
entry.Level = parentEntry.Level + 1;
entry.ParentKey = parentEntry.Key;
}
if (chkEnableSortOrder.Checked)
{
entry.SortOrder = 1;
}
else
{
entry.SortOrder = 0;
}
if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
SelectedKey = entry.ParentKey.Replace(":", ".") + ":" + entry.ListName;
Response.Redirect(Globals.NavigateURL(TabId, "", "Key=" + SelectedKey));
}
break;
}
}
}
/// -----------------------------------------------------------------------------
/// <summary>
/// Page_Load runs when the control is loaded
/// </summary>
/// <history>
/// [cnurse] 11/11/2004 documented
/// [cnurse] 12/13/2004 Switched to using a DataGrid for Search Results
/// </history>
/// -----------------------------------------------------------------------------
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
dgResults.PageIndexChanged += dgResults_PageIndexChanged;
ctlPagingControl.PageChanged += ctlPagingControl_PageChanged;
var objSecurity = new PortalSecurity();
if (Request.Params["Search"] != null)
{
_SearchQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Search"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
}
if (!String.IsNullOrEmpty(_SearchQuery))
{
if (!Page.IsPostBack)
{
BindData();
}
}
else
{
if (IsEditable)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
ContainerControl.Visible = false;
}
}
}
private void SaveMetadata()
{
var security = new DotNetNuke.Security.PortalSecurity();
var ctlRole = new RoleController();
var role = ctlRole.GetRole(GroupId, PortalId);
var settingKey = security.InputFilter(txtSettingKey.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
var settingValue = security.InputFilter(txtSettingValue.Text.Trim(), PortalSecurity.FilterFlag.NoScripting);
if (role.Settings.ContainsKey(settingKey))
{
// update the existing key
role.Settings[settingKey] = settingValue;
}
else
{
// add a new key
role.Settings.Add(settingKey, settingValue);
}
TestableRoleController.Instance.UpdateRoleSettings(role, true);
}
/// -----------------------------------------------------------------------------
/// <summary>
/// RenderViewMode renders the View (readonly) mode of the control
/// </summary>
/// <param name="writer">A HtmlTextWriter.</param>
/// <history>
/// [cnurse] 02/27/2006 created
/// </history>
/// -----------------------------------------------------------------------------
protected virtual void RenderViewMode(HtmlTextWriter writer)
{
string propValue = Page.Server.HtmlDecode(Convert.ToString(Value));
ControlStyle.AddAttributesToRender(writer);
writer.RenderBeginTag(HtmlTextWriterTag.Span);
var security = new PortalSecurity();
writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoScripting));
writer.RenderEndTag();
}
private void LogResult(string message)
{
var portalSecurity = new PortalSecurity();
var objEventLog = new EventLogController();
var objEventLogInfo = new LogInfo();
objEventLogInfo.LogPortalID = PortalSettings.PortalId;
objEventLogInfo.LogPortalName = PortalSettings.PortalName;
objEventLogInfo.LogUserID = UserId;
objEventLogInfo.LogUserName = portalSecurity.InputFilter(User.Username,
PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup);
if (string.IsNullOrEmpty(message))
{
objEventLogInfo.LogTypeKey = "PASSWORD_SENT_SUCCESS";
}
else
{
objEventLogInfo.LogTypeKey = "PASSWORD_SENT_FAILURE";
objEventLogInfo.LogProperties.Add(new LogDetailInfo("Cause", message));
}
objEventLog.AddLog(objEventLogInfo);
}
/// <summary>
/// cmdSendPassword_Click runs when the Password Reminder button is clicked
/// </summary>
/// <remarks>
/// </remarks>
/// <history>
/// [cnurse] 03/21/2006 Created
/// </history>
protected void cmdSendPassword_Click( Object sender, EventArgs e )
{
string strMessage = Null.NullString;
bool canSend = true;
if( ( UseCaptcha && ctlCaptcha.IsValid ) || ( ! UseCaptcha ) )
{
if( txtUsername.Text.Trim() != "" )
{
PortalSecurity objSecurity = new PortalSecurity();
UserInfo objUser = UserController.GetUserByName( PortalSettings.PortalId, txtUsername.Text, false );
if( objUser != null )
{
if( MembershipProviderConfig.PasswordRetrievalEnabled )
{
try
{
objUser.Membership.Password = UserController.GetPassword( ref objUser, txtAnswer.Text );
}
catch( Exception )
{
canSend = false;
strMessage = Localization.GetString( "PasswordRetrievalError", this.LocalResourceFile );
}
}
else
{
canSend = false;
strMessage = Localization.GetString( "PasswordRetrievalDisabled", this.LocalResourceFile );
}
if( canSend )
{
try
{
Mail.SendMail( objUser, MessageType.PasswordReminder, PortalSettings );
strMessage = Localization.GetString( "PasswordSent", this.LocalResourceFile );
}
catch( Exception )
{
canSend = false;
}
}
}
else
{
strMessage = Localization.GetString( "UsernameError", this.LocalResourceFile );
canSend = false;
}
if( canSend )
{
EventLogController objEventLog = new EventLogController();
LogInfo objEventLogInfo = new LogInfo();
objEventLogInfo.AddProperty( "IP", ipAddress );
objEventLogInfo.LogPortalID = PortalSettings.PortalId;
objEventLogInfo.LogPortalName = PortalSettings.PortalName;
objEventLogInfo.LogUserID = UserId;
objEventLogInfo.LogUserName = objSecurity.InputFilter( txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
objEventLogInfo.LogTypeKey = "PASSWORD_SENT_SUCCESS";
objEventLog.AddLog( objEventLogInfo );
UI.Skins.Skin.AddModuleMessage( this, strMessage, ModuleMessageType.GreenSuccess );
}
else
{
EventLogController objEventLog = new EventLogController();
LogInfo objEventLogInfo = new LogInfo();
objEventLogInfo.AddProperty( "IP", ipAddress );
objEventLogInfo.LogPortalID = PortalSettings.PortalId;
objEventLogInfo.LogPortalName = PortalSettings.PortalName;
objEventLogInfo.LogUserID = UserId;
objEventLogInfo.LogUserName = objSecurity.InputFilter( txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup );
objEventLogInfo.LogTypeKey = "PASSWORD_SENT_FAILURE";
objEventLog.AddLog( objEventLogInfo );
UI.Skins.Skin.AddModuleMessage( this, strMessage, ModuleMessageType.RedError );
}
}
else
{
strMessage = Localization.GetString( "EnterUsername", this.LocalResourceFile );
UI.Skins.Skin.AddModuleMessage( this, strMessage, ModuleMessageType.RedError );
}
}
}
private void SaveSettings()
{
var ctlRole = new RoleController();
RoleInfo role = ctlRole.GetRole(GroupId, PortalId);
var sec = new PortalSecurity();
role.RoleName = sec.InputFilter(txtGroupName.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
SaveSetting(ref role, FeatureController.KEY_COUNTRY, cboCountry.SelectedValue);
SaveSetting(ref role, FeatureController.KEY_COUNTRYFULL, cboCountry.SelectedItem.Text);
SaveSetting(ref role, FeatureController.KEY_REGION, sec.InputFilter(ParseRegionSaveSetting(), PortalSecurity.FilterFlag.NoMarkup));
if (role.Settings[FeatureController.KEY_REGION] == cboRegion.SelectedValue)
{
SaveSetting(ref role, FeatureController.KEY_REGIONFULL, cboRegion.SelectedItem.Text);
}
else
{
SaveSetting(ref role, FeatureController.KEY_REGIONFULL, sec.InputFilter(txtRegion.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
}
SaveSetting(ref role, FeatureController.KEY_CITY, sec.InputFilter(txtCity.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_DEFAULTLANGUAGE, cboDefaultLanguage.SelectedValue);
SaveSetting(ref role, FeatureController.KEY_WEBSITEURL, sec.InputFilter(txtWebsiteUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_FACEBOOKURL, sec.InputFilter(txtFacebookUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_TWITTERURL, sec.InputFilter(txtTwitterUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_LINKEDINURL, sec.InputFilter(txtLinkedInUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_GOOGLEPLUSURL, sec.InputFilter(txtGooglePlusUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_MEETUPURL, sec.InputFilter(txtMeetUpUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
SaveSetting(ref role, FeatureController.KEY_YOUTUBEURL, sec.InputFilter(txtYouTubeUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup));
// update the role to save the name change
ctlRole.UpdateRole(role);
// save the settings
TestableRoleController.Instance.UpdateRoleSettings(role, true);
}
/// <summary>
/// newUrl returns the new URL based on the new language.
/// Basically it is just a call to NavigateUrl, with stripped qs parameters
/// </summary>
/// <param name="newLanguage"></param>
/// <history>
/// [erikvb] 20070814 added
/// </history>
private string NewUrl(string newLanguage)
{
var objSecurity = new PortalSecurity();
Locale newLocale = LocaleController.Instance.GetLocale(newLanguage);
//Ensure that the current ActiveTab is the culture of the new language
int tabId = objPortal.ActiveTab.TabID;
bool islocalized = false;
TabInfo localizedTab = TabController.Instance.GetTabByCulture(tabId, objPortal.PortalId, newLocale);
if (localizedTab != null)
{
islocalized = true;
if (localizedTab.IsDeleted || !TabPermissionController.CanViewPage(localizedTab))
{
PortalInfo localizedPortal = PortalController.Instance.GetPortal(objPortal.PortalId, newLocale.Code);
tabId = localizedPortal.HomeTabId;
}
else
{
string fullurl = "";
switch (localizedTab.TabType)
{
case TabType.Normal:
//normal tab
tabId = localizedTab.TabID;
break;
case TabType.Tab:
//alternate tab url
fullurl = TestableGlobals.Instance.NavigateURL(Convert.ToInt32(localizedTab.Url));
break;
case TabType.File:
//file url
fullurl = TestableGlobals.Instance.LinkClick(localizedTab.Url, localizedTab.TabID, Null.NullInteger);
break;
case TabType.Url:
//external url
fullurl = localizedTab.Url;
break;
}
if (!string.IsNullOrEmpty(fullurl))
{
return objSecurity.InputFilter(fullurl, PortalSecurity.FilterFlag.NoScripting);
}
}
}
// on localised pages most of the querystring parameters have no sense and generate duplicate urls for the same content
// because we are on a other tab with other modules (example : ?returntab=/en-US/about)
string rawQueryString = "";
if (DotNetNuke.Entities.Host.Host.UseFriendlyUrls && !islocalized )
{
rawQueryString = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl).Query;
}
return
objSecurity.InputFilter(
TestableGlobals.Instance.NavigateURL(tabId, objPortal.ActiveTab.IsSuperTab, objPortal, HttpContext.Current.Request.QueryString["ctl"], newLanguage, GetQsParams(newLocale.Code, islocalized)) +
rawQueryString,
PortalSecurity.FilterFlag.NoScripting);
}
// Journal Items
public void SaveJournalItem(JournalItem journalItem, int tabId, int moduleId)
{
if (journalItem.UserId < 1)
{
throw new ArgumentException("journalItem.UserId must be for a real user");
}
UserInfo currentUser = UserController.GetUserById(journalItem.PortalId, journalItem.UserId);
if (currentUser == null)
{
throw new Exception("Unable to locate the current user");
}
string xml = null;
var portalSecurity = new PortalSecurity();
if (!String.IsNullOrEmpty(journalItem.Title))
{
journalItem.Title = portalSecurity.InputFilter(journalItem.Title, PortalSecurity.FilterFlag.NoMarkup);
}
if (!String.IsNullOrEmpty(journalItem.Summary))
{
journalItem.Summary = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Summary, PortalSecurity.FilterFlag.NoScripting));
}
if (!String.IsNullOrEmpty(journalItem.Body))
{
journalItem.Body = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Body, PortalSecurity.FilterFlag.NoScripting));
}
if (!String.IsNullOrEmpty(journalItem.Body))
{
var xDoc = new XmlDocument();
XmlElement xnode = xDoc.CreateElement("items");
XmlElement xnode2 = xDoc.CreateElement("item");
xnode2.AppendChild(CreateElement(xDoc, "id", "-1"));
xnode2.AppendChild(CreateCDataElement(xDoc, "body", journalItem.Body));
xnode.AppendChild(xnode2);
xDoc.AppendChild(xnode);
XmlDeclaration xDec = xDoc.CreateXmlDeclaration("1.0", null, null);
xDec.Encoding = "UTF-16";
xDec.Standalone = "yes";
XmlElement root = xDoc.DocumentElement;
xDoc.InsertBefore(xDec, root);
journalItem.JournalXML = xDoc;
xml = journalItem.JournalXML.OuterXml;
}
if (journalItem.ItemData != null)
{
if (!String.IsNullOrEmpty(journalItem.ItemData.Title))
{
journalItem.ItemData.Title = portalSecurity.InputFilter(journalItem.ItemData.Title, PortalSecurity.FilterFlag.NoMarkup);
}
if (!String.IsNullOrEmpty(journalItem.ItemData.Description))
{
journalItem.ItemData.Description = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.ItemData.Description, PortalSecurity.FilterFlag.NoScripting));
}
if (!String.IsNullOrEmpty(journalItem.ItemData.Url))
{
journalItem.ItemData.Url = portalSecurity.InputFilter(journalItem.ItemData.Url, PortalSecurity.FilterFlag.NoScripting);
}
if (!String.IsNullOrEmpty(journalItem.ItemData.ImageUrl))
{
journalItem.ItemData.ImageUrl = portalSecurity.InputFilter(journalItem.ItemData.ImageUrl, PortalSecurity.FilterFlag.NoScripting);
}
}
string journalData = journalItem.ItemData.ToJson();
if (journalData == "null")
{
journalData = null;
}
PrepareSecuritySet(journalItem, currentUser);
journalItem.JournalId = _dataService.Journal_Save(journalItem.PortalId,
journalItem.UserId,
journalItem.ProfileId,
journalItem.SocialGroupId,
journalItem.JournalId,
journalItem.JournalTypeId,
journalItem.Title,
journalItem.Summary,
journalItem.Body,
journalData,
xml,
journalItem.ObjectKey,
journalItem.AccessKey,
journalItem.SecuritySet,
journalItem.CommentsDisabled,
journalItem.CommentsHidden);
var updatedJournalItem = GetJournalItem(journalItem.PortalId, journalItem.UserId, journalItem.JournalId);
journalItem.DateCreated = updatedJournalItem.DateCreated;
journalItem.DateUpdated = updatedJournalItem.DateUpdated;
var cnt = new Content();
if (journalItem.ContentItemId > 0)
{
cnt.UpdateContentItem(journalItem, tabId, moduleId);
_dataService.Journal_UpdateContentItemId(journalItem.JournalId, journalItem.ContentItemId);
}
else
{
ContentItem ci = cnt.CreateContentItem(journalItem, tabId, moduleId);
_dataService.Journal_UpdateContentItemId(journalItem.JournalId, ci.ContentItemId);
journalItem.ContentItemId = ci.ContentItemId;
}
if (journalItem.SocialGroupId > 0)
{
try
{
UpdateGroupStats(journalItem.PortalId, journalItem.SocialGroupId);
}
catch (Exception exc)
{
Exceptions.Exceptions.LogException(exc);
}
}
}
/// <summary>
/// Processes a post's body content prior to submission to the data store. It performs all content manipulation including security checks and returns it for saving to the data store.
/// </summary>
/// <param name="content"></param>
/// <returns>This will likely be updated w/ more content manipulation prior to save.</returns>
public static string ProcessSavePostBody(string content)
{
var cntSecurity = new PortalSecurity();
var cleanContent = cntSecurity.InputFilter(content, PortalSecurity.FilterFlag.NoScripting);
return (cleanContent);
}
public void UpdateJournalItem(JournalItem journalItem, int tabId, int moduleId)
{
if (journalItem.UserId < 1)
{
throw new ArgumentException("journalItem.UserId must be for a real user");
}
UserInfo currentUser = UserController.GetUserById(journalItem.PortalId, journalItem.UserId);
if (currentUser == null)
{
throw new Exception("Unable to locate the current user");
}
string xml = null;
var portalSecurity = new PortalSecurity();
if (!String.IsNullOrEmpty(journalItem.Title))
{
journalItem.Title = portalSecurity.InputFilter(journalItem.Title, PortalSecurity.FilterFlag.NoMarkup);
}
if (!String.IsNullOrEmpty(journalItem.Summary))
{
journalItem.Summary = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Summary, PortalSecurity.FilterFlag.NoScripting));
}
if (!String.IsNullOrEmpty(journalItem.Body))
{
journalItem.Body = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Body, PortalSecurity.FilterFlag.NoScripting));
}
if (!String.IsNullOrEmpty(journalItem.Body))
{
var xDoc = new XmlDocument();
XmlElement xnode = xDoc.CreateElement("items");
XmlElement xnode2 = xDoc.CreateElement("item");
xnode2.AppendChild(CreateElement(xDoc, "id", "-1"));
xnode2.AppendChild(CreateCDataElement(xDoc, "body", journalItem.Body));
xnode.AppendChild(xnode2);
xDoc.AppendChild(xnode);
XmlDeclaration xDec = xDoc.CreateXmlDeclaration("1.0", null, null);
xDec.Encoding = "UTF-16";
xDec.Standalone = "yes";
XmlElement root = xDoc.DocumentElement;
xDoc.InsertBefore(xDec, root);
journalItem.JournalXML = xDoc;
xml = journalItem.JournalXML.OuterXml;
}
if (journalItem.ItemData != null)
{
if (!String.IsNullOrEmpty(journalItem.ItemData.Title))
{
journalItem.ItemData.Title = portalSecurity.InputFilter(journalItem.ItemData.Title, PortalSecurity.FilterFlag.NoMarkup);
}
if (!String.IsNullOrEmpty(journalItem.ItemData.Description))
{
journalItem.ItemData.Description = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.ItemData.Description, PortalSecurity.FilterFlag.NoScripting));
}
if (!String.IsNullOrEmpty(journalItem.ItemData.Url))
{
journalItem.ItemData.Url = portalSecurity.InputFilter(journalItem.ItemData.Url, PortalSecurity.FilterFlag.NoScripting);
}
if (!String.IsNullOrEmpty(journalItem.ItemData.ImageUrl))
{
journalItem.ItemData.ImageUrl = portalSecurity.InputFilter(journalItem.ItemData.ImageUrl, PortalSecurity.FilterFlag.NoScripting);
}
}
string journalData = journalItem.ItemData.ToJson();
if (journalData == "null")
{
journalData = null;
}
if (String.IsNullOrEmpty(journalItem.SecuritySet))
{
journalItem.SecuritySet = "E,";
}
else if (!journalItem.SecuritySet.EndsWith(","))
{
journalItem.SecuritySet += ",";
}
if (journalItem.SecuritySet == "F,")
{
journalItem.SecuritySet = "F" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ",";
journalItem.SecuritySet += "P" + journalItem.ProfileId.ToString(CultureInfo.InvariantCulture) + ",";
}
if (journalItem.SecuritySet == "U,")
{
journalItem.SecuritySet += "U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ",";
}
if (journalItem.ProfileId > 0 && journalItem.UserId != journalItem.ProfileId)
{
journalItem.SecuritySet += "P" + journalItem.ProfileId.ToString(CultureInfo.InvariantCulture) + ",";
journalItem.SecuritySet += "U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ",";
}
if (!journalItem.SecuritySet.Contains("U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture)))
{
journalItem.SecuritySet += "U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ",";
}
if (journalItem.SocialGroupId > 0)
{
JournalItem item = journalItem;
RoleInfo role = RoleController.Instance.GetRole(journalItem.PortalId, r => r.SecurityMode != SecurityMode.SecurityRole && r.RoleID == item.SocialGroupId);
if (role != null)
{
if (currentUser.IsInRole(role.RoleName))
{
journalItem.SecuritySet += "R" + journalItem.SocialGroupId.ToString(CultureInfo.InvariantCulture) + ",";
if (!role.IsPublic)
{
journalItem.SecuritySet = journalItem.SecuritySet.Replace("E,", String.Empty);
}
}
}
}
journalItem.JournalId = _dataService.Journal_Update(journalItem.PortalId,
journalItem.UserId,
journalItem.ProfileId,
journalItem.SocialGroupId,
journalItem.JournalId,
journalItem.JournalTypeId,
journalItem.Title,
journalItem.Summary,
journalItem.Body,
journalData,
xml,
journalItem.ObjectKey,
journalItem.AccessKey,
journalItem.SecuritySet,
journalItem.CommentsDisabled,
journalItem.CommentsHidden);
var updatedJournalItem = GetJournalItem(journalItem.PortalId, journalItem.UserId, journalItem.JournalId);
journalItem.DateCreated = updatedJournalItem.DateCreated;
journalItem.DateUpdated = updatedJournalItem.DateUpdated;
var cnt = new Content();
if (journalItem.ContentItemId > 0)
{
cnt.UpdateContentItem(journalItem, tabId, moduleId);
_dataService.Journal_UpdateContentItemId(journalItem.JournalId, journalItem.ContentItemId);
}
else
{
ContentItem ci = cnt.CreateContentItem(journalItem, tabId, moduleId);
_dataService.Journal_UpdateContentItemId(journalItem.JournalId, ci.ContentItemId);
journalItem.ContentItemId = ci.ContentItemId;
}
if (journalItem.SocialGroupId > 0)
{
try
{
UpdateGroupStats(journalItem.PortalId, journalItem.SocialGroupId);
}
catch (Exception exc)
{
Exceptions.Exceptions.LogException(exc);
}
}
}
/// <Summary>
/// RenderViewMode renders the View (readonly) mode of the control
/// </Summary>
/// <Param name="writer">A HtmlTextWriter.</Param>
protected virtual void RenderViewMode( HtmlTextWriter writer )
{
string propValue = Convert.ToString(this.Value);
ControlStyle.AddAttributesToRender(writer);
writer.RenderBeginTag(HtmlTextWriterTag.Span);
PortalSecurity security = new PortalSecurity();
writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting));
writer.RenderEndTag();
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
PortalSettings portalSettings = PortalController.GetCurrentPortalSettings();
if (portalSettings != null && !String.IsNullOrEmpty(portalSettings.LogoFile))
{
IFileInfo fileInfo = FileManager.Instance.GetFile(portalSettings.PortalId, portalSettings.LogoFile);
if (fileInfo != null)
{
headerImage.ImageUrl = FileManager.Instance.GetUrl(fileInfo);
}
}
headerImage.Visible = !string.IsNullOrEmpty(headerImage.ImageUrl);
string localizedMessage;
var security = new PortalSecurity();
string status = security.InputFilter(Request.QueryString["status"],
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoMarkup);
if (!string.IsNullOrEmpty(status))
ManageError(status);
else
{
//get the last server error
var exc = Server.GetLastError();
try
{
if (Request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx"))
{
ErrorPlaceHolder.Controls.Add(new LiteralControl(HttpUtility.HtmlEncode(exc.ToString())));
}
else
{
var lex = new PageLoadException(exc.Message, exc);
Exceptions.LogException(lex);
localizedMessage = Localization.Localization.GetString("Error.Text", Localization.Localization.GlobalResourceFile);
ErrorPlaceHolder.Controls.Add(new ErrorContainer(portalSettings, localizedMessage, lex).Container);
}
}
catch
{
//No exception was found...you shouldn't end up here
//unless you go to this aspx page URL directly
localizedMessage = Localization.Localization.GetString("UnhandledError.Text", Localization.Localization.GlobalResourceFile);
ErrorPlaceHolder.Controls.Add(new LiteralControl(localizedMessage));
}
Response.StatusCode = 500;
}
localizedMessage = Localization.Localization.GetString("Return.Text", Localization.Localization.GlobalResourceFile);
hypReturn.Text = localizedMessage;
}
internal virtual string InputFilter(string input)
{
var ps = new PortalSecurity();
return ps.InputFilter(input, PortalSecurity.FilterFlag.NoProfanity);
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
PortalSettings portalSettings = PortalController.GetCurrentPortalSettings();
if (portalSettings != null && !String.IsNullOrEmpty(portalSettings.LogoFile))
{
IFileInfo fileInfo = FileManager.Instance.GetFile(portalSettings.PortalId, portalSettings.LogoFile);
if (fileInfo != null)
{
headerImage.ImageUrl = FileManager.Instance.GetUrl(fileInfo);
}
}
headerImage.Visible = !string.IsNullOrEmpty(headerImage.ImageUrl);
string strLocalizedMessage = Null.NullString;
PortalSecurity objSecurity = new PortalSecurity();
string status = objSecurity.InputFilter(Request.QueryString["status"],
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoMarkup);
if (!string.IsNullOrEmpty(status))
ManageError(status);
else
{
//get the last server error
Exception exc = Server.GetLastError();
try
{
if (Request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx"))
ErrorPlaceHolder.Controls.Add(new LiteralControl(HttpUtility.HtmlEncode(exc.ToString())));
else
{
PageLoadException lex = new PageLoadException(exc.Message, exc);
//process this error using the Exception Management Application Block
Exceptions.LogException(lex);
//add to a placeholder and place on page
strLocalizedMessage = Localization.Localization.GetString("Error.Text",
Localization.Localization.
GlobalResourceFile);
ErrorPlaceHolder.Controls.Add(
new ErrorContainer(portalSettings, strLocalizedMessage, lex).Container);
}
} catch
{
//No exception was found...you shouldn't end up here
//unless you go to this aspx page URL directly
strLocalizedMessage = Localization.Localization.GetString("UnhandledError.Text",
Localization.Localization.
GlobalResourceFile);
ErrorPlaceHolder.Controls.Add(new LiteralControl(strLocalizedMessage));
}
}
strLocalizedMessage = Localization.Localization.GetString("Return.Text",
Localization.Localization.GlobalResourceFile);
hypReturn.Text = "<img src=\"" + Globals.ApplicationPath + "/images/lt.gif\" border=\"0\" /> " +
strLocalizedMessage;
}
private void LogResult(string message)
{
var portalSecurity = new PortalSecurity();
var log = new LogInfo
{
LogPortalID = PortalSettings.PortalId,
LogPortalName = PortalSettings.PortalName,
LogUserID = UserId,
LogUserName = portalSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup)
};
if (string.IsNullOrEmpty(message))
{
log.LogTypeKey = "PASSWORD_SENT_SUCCESS";
}
else
{
log.LogTypeKey = "PASSWORD_SENT_FAILURE";
log.LogProperties.Add(new LogDetailInfo("Cause", message));
}
log.AddProperty("IP", _ipAddress);
LogController.Instance.AddLog(log);
}
/// <summary>
/// newUrl returns the new URL based on the new language.
/// Basically it is just a call to NavigateUrl, with stripped qs parameters
/// </summary>
/// <param name="newLanguage"></param>
/// <history>
/// [erikvb] 20070814 added
/// </history>
private string newUrl(string newLanguage)
{
var objSecurity = new PortalSecurity();
Locale newLocale = LocaleController.Instance.GetLocale(newLanguage);
//Ensure that the current ActiveTab is the culture of the new language
int tabId = objPortal.ActiveTab.TabID;
bool islocalized = false;
TabInfo localizedTab = new TabController().GetTabByCulture(tabId, objPortal.PortalId, newLocale);
if (localizedTab != null)
{
islocalized = true;
tabId = localizedTab.TabID;
}
return
objSecurity.InputFilter(
Globals.NavigateURL(tabId, objPortal.ActiveTab.IsSuperTab, objPortal, HttpContext.Current.Request.QueryString["ctl"], newLanguage, getQSParams(newLocale.Code, islocalized)),
PortalSecurity.FilterFlag.NoScripting);
}
private static void UpgradeToVersion721()
{
try
{
//the username maybe html encode when register in 7.1.2, it will caught unicode charactors changed, need use InputFilter to correct the value.
var portalSecurity = new PortalSecurity();
using (var reader = DataProvider.Instance().ExecuteSQL("SELECT UserID, Username FROM {databaseOwner}[{objectQualifier}Users] WHERE Username LIKE '%&%'"))
{
while (reader.Read())
{
var userId = Convert.ToInt32(reader["UserID"]);
var userName = reader["Username"].ToString();
if (userName != HttpUtility.HtmlDecode(userName))
{
userName = HttpUtility.HtmlDecode(userName);
userName = portalSecurity.InputFilter(userName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
UserController.ChangeUsername(userId, userName);
}
}
}
}
catch (Exception ex)
{
Logger.Error(ex);
}
AddManageUsersModulePermissions();
}
/// <summary>
/// cmdResetPassword_Click runs when the password reset button is clicked
/// </summary>
/// <remarks>
/// </remarks>
/// <history>
/// [JT] 04/13/2006 Created
/// </history>
protected void cmdResetPassword_Click(Object sender, EventArgs e)
{
string strMessage = Null.NullString;
ModuleMessageType moduleMessageType = ModuleMessageType.GreenSuccess;
bool canReset = true;
string answer = String.Empty;
if ((UseCaptcha && ctlCaptcha.IsValid) || (!UseCaptcha))
{
// No point in continuing if the user has not entered a username.
if (!String.IsNullOrEmpty(txtUsername.Text.Trim()))
{
PortalSecurity objSecurity = new PortalSecurity();
UserInfo objUser = UserController.GetUserByName(PortalSettings.PortalId, txtUsername.Text.Trim(), false);
if (objUser != null)
{
if (MembershipProviderConfig.RequiresQuestionAndAnswer)
{
// This is a simple check to see if this is our first or second pass through this event method.
if (User.UserID != objUser.UserID)
{
User = objUser;
canReset = false;
// Check to see if the user had enter an email and password question.
if (!String.IsNullOrEmpty(User.Membership.Email.Trim()) && !String.IsNullOrEmpty(User.Membership.PasswordQuestion.Trim()))
{
tblQA.Visible = true;
lblQuestion.Text = User.Membership.PasswordQuestion;
txtAnswer.Text = String.Empty;
strMessage = Localization.GetString("RequiresQAndAEnabled", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.YellowWarning;
}
else
{
strMessage = Localization.GetString("MissingEmailOrQuestion", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.RedError;
}
}
else
{
answer = txtAnswer.Text.Trim();
if (String.IsNullOrEmpty(answer))
{
canReset = false;
strMessage = Localization.GetString("EnterAnswer", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.RedError;
}
}
}
}
else
{
canReset = false;
ResetControl();
strMessage = Localization.GetString("UsernameError", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.YellowWarning;
}
if (canReset)
{
try
{
//UserController.ResetPassword(objUser, answer);
//Mail.SendMail(User, MessageType.PasswordReminder, PortalSettings);
strMessage = Localization.GetString("PasswordSent", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.GreenSuccess;
EventLogController objEventLog = new EventLogController();
LogInfo objEventLogInfo = new LogInfo();
objEventLogInfo.AddProperty("IP", ipAddress);
objEventLogInfo.LogPortalID = PortalSettings.PortalId;
objEventLogInfo.LogPortalName = PortalSettings.PortalName;
objEventLogInfo.LogUserID = UserId;
objEventLogInfo.LogUserName = objSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup);
objEventLogInfo.LogTypeKey = "PASSWORD_RESET_SUCCESS";
objEventLog.AddLog(objEventLogInfo);
}
catch (Exception)
{
strMessage = Localization.GetString("PasswordResetError", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.RedError;
EventLogController objEventLog = new EventLogController();
LogInfo objEventLogInfo = new LogInfo();
objEventLogInfo.AddProperty("IP", ipAddress);
objEventLogInfo.LogPortalID = PortalSettings.PortalId;
objEventLogInfo.LogPortalName = PortalSettings.PortalName;
objEventLogInfo.LogUserID = UserId;
objEventLogInfo.LogUserName = objSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup);
objEventLogInfo.LogTypeKey = "PASSWORD_RESET_FAILURE";
objEventLog.AddLog(objEventLogInfo);
}
}
}
else
{
ResetControl();
strMessage = Localization.GetString("EnterUsername", this.LocalResourceFile);
moduleMessageType = ModuleMessageType.RedError;
}
UI.Skins.Skin.AddModuleMessage(this, strMessage, moduleMessageType);
}
}
