private void processInsertions(ref string ret, HttpSessionData sessionData)
{
// <ISSID> to a hidden input containing the SSID
ret = ret.Replace("<ISSID>", "<input type='hidden' name='ssid' value='" + sessionData.Ssid + "'>");
// <SSID> to the SSID
ret = ret.Replace("<SSID>", sessionData.Ssid);
// <HREF(xyz)> to a link to xyz containing the SSID
for (int i = 2; i < ret.Length - 9; i++)
{
if (ret[i - 2] == '<' && ret[i - 1] == 'a' && ret.Substring(i, 6) == " HREF(")
{
for (int j = i + 7; j < ret.Length - 1; j++)
{
if (ret[j] == ')')
{
string href = ret.Substring(i + 6, (j + 1) - i - 7);
ret = ret.Remove(i, (j + 1) - i);
ret = ret.Insert(i, " href=\"#\" onclick=\"var f=document.createElement('form');f.setAttribute('method','POST');f.setAttribute('action','" + href +
"');f.setAttribute('enctype','application/x-www-form-urlencoded');var i=document.createElement('input');i.setAttribute('type','hidden');i.setAttribute('name','ssid');i.setAttribute('value','" + sessionData.Ssid +
"');f.appendChild(i);document.body.appendChild(f);f.submit();document.body.remove(f);\"");
i = j + 1;
break;
}
}
}
}
}
private string GetContents(HttpSessionData sessionData)
{
string ret = "";
try
{
ret = System.IO.File.ReadAllText(File);
ProcessData(((HttpSessionData)sessionData), ref ret);
if (ReplaceHrefs)
{
ProcessHrefs(ref ret, ((HttpSessionData)sessionData));
}
processInsertions(ref ret, ((HttpSessionData)sessionData));
}
catch (Exception e)
{
ret = Master.GetErrorMsg("Exception in PageFiller '" + URL + "'", "<b>An Error occured while processing the output</b><br>" + e.SafeToString());
}
return(ret);
}
/// <summary> /// the method which is called when the response is requested for this page /// </summary> /// <param name="sessionData">the current sessionData</param> /// <param name="output">the page to return</param> public abstract void ProcessData(HttpSessionData sessionData, ref string output);
private void ProcessHrefs(ref string ret, HttpSessionData sessionData)
{
// href="#" untouched
// href="somelink.html?123=bla" even with onclick="xyz" will contain the ssid in post
for (int i = 0; i < ret.Length - 1; i++)
{
if ((ret[i] == '<' && ret[i + 1] == 'a') || (i > 5 && ret.Substring(i - 6, 7) == "<button"))
{
int state = 0;
int hrefPos = -1, onclickPos = -1;
int linkStartPos = -1, onclickStartPos = -1;
int linkEndPos = -1, onclickEndPos = -1;
char stringEndChar = '\0';
// search for href
for (int j = i + 3; j < ret.Length - 5; j++)
{
if (state == 0 && j < ret.Length - 5 && ret.Substring(j, 4) == "href" && hrefPos == -1)
{
j += 3;
hrefPos = j;
state = 1;
}
else if (state == 1 && ret[j] == '=')
{
state = 2;
}
else if (state == 2 && (ret[j] == '\'' || ret[j] == '\"'))
{
state = 3;
stringEndChar = ret[j];
linkStartPos = j + 1;
if (j + 1 < ret.Length && ret[j + 1] == '#')
{
goto CONTINUE_SEARCH_FOR_LINK_TAG;
}
j++;
}
else if (state == 3 && j > linkStartPos + 1 && ret[j] == stringEndChar)
{
state = 0;
linkEndPos = j - 1;
}
else if (state == 0 && j < ret.Length - 5 && ret.Substring(j, 7) == "onclick" && onclickPos == -1)
{
state = -1;
j += 6;
}
else if (state == -1 && ret[j] == '=')
{
state = -2;
}
else if (state == -2 && (ret[j] == '\'' || ret[j] == '\"'))
{
stringEndChar = ret[j];
state = -3;
onclickStartPos = j + 1;
}
else if (state == -3 && ret[j] == stringEndChar)
{
onclickEndPos = j - 1;
state = 0;
}
else if (ret[j] == '>')
{
if (linkStartPos > -1 && linkEndPos > -1)
{
ret = ret.Remove(linkStartPos - 1, 1);
ret = ret.Insert(linkStartPos - 1, "\"");
ret = ret.Remove(linkEndPos + 1, 1);
ret = ret.Insert(linkEndPos + 1, "\"");
if (onclickStartPos > -1 && onclickEndPos > -1)
{
ret = ret.Remove(onclickStartPos - 1, 1);
ret = ret.Insert(onclickStartPos - 1, "\"");
ret = ret.Remove(onclickEndPos + 1, 1);
ret = ret.Insert(onclickEndPos + 1, "\"");
string hash = SessionContainer.GenerateUnusedHash();
string add = ";var f_"
+ hash + "=document.createElement('form');f_"
+ hash + ".setAttribute('method','POST');f_"
+ hash + ".setAttribute('action','"
+ ret.Substring(linkStartPos, linkEndPos - linkStartPos + 1) + "');f_"
+ hash + ".setAttribute('enctype','application/x-www-form-urlencoded');var i_"
+ hash + "=document.createElement('input');i_"
+ hash + ".setAttribute('type','hidden');i_"
+ hash + ".setAttribute('name','ssid');i_"
+ hash + ".setAttribute('value','"
+ sessionData.Ssid + "');f_"
+ hash + ".appendChild(i_"
+ hash + ");document.body.appendChild(f_"
+ hash + ");f_"
+ hash + ".submit();document.body.remove(f_"
+ hash + ");";
if (onclickStartPos > linkStartPos)
{
ret = ret.Insert(onclickEndPos + 1, add);
j += add.Length;
ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1);
ret = ret.Insert(linkStartPos, "#");
j -= (linkEndPos - 1);
}
else
{
ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1);
ret = ret.Insert(linkStartPos, "#");
j -= (linkEndPos - 1);
ret = ret.Insert(onclickEndPos + 1, add);
j += add.Length;
}
}
else
{
string add = "#\" onclick =\"var f=document.createElement('form');f.setAttribute('method','POST');f.setAttribute('action','"
+ ret.Substring(linkStartPos, linkEndPos - linkStartPos + 1)
+ "');f.setAttribute('enctype','application/x-www-form-urlencoded');var i=document.createElement('input');i.setAttribute('type','hidden');i.setAttribute('name','ssid');i.setAttribute('value','"
+ sessionData.Ssid
+ "');f.appendChild(i);document.body.appendChild(f);f.submit();document.body.remove(f);";
ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1);
j -= linkEndPos;
ret = ret.Insert(linkStartPos, add);
j += add.Length;
}
}
i = j;
goto CONTINUE_SEARCH_FOR_LINK_TAG;
}
}
CONTINUE_SEARCH_FOR_LINK_TAG :;
}
}
}
