public ActionResult SignIn(LoginViewModel login)
{
if (!ModelState.IsValid)
{
return(JsonValidationError());
}
var result = _authenticationService.Login(Sanitizer.GetSafeHtmlFragment(login.Username), Sanitizer.GetSafeHtmlFragment(login.Password), true);
if (result == null)
{
ModelState.AddModelError("", "Invalid Password!");
return(JsonValidationError());
}
else
{
//returnURL needs to be decoded
string decodedUrl = string.Empty;
string returnUrl = TempData["ReturnUrl"] != null ? TempData["ReturnUrl"].ToString() : "";
if (!string.IsNullOrEmpty(returnUrl))
{
if (returnUrl.ToLower().Contains("passwordrecovery"))
{
returnUrl = "";
}
}
decodedUrl = Server.UrlDecode(returnUrl);
var resp = new BoolResponse {
IsValid = true, MessageCode = result.SessionId, Message = result.FirstName, ReturnUrl = decodedUrl
};
SiteUtils.SetBasketAction(resetAction: true);
return(JsonSuccess(resp, JsonRequestBehavior.AllowGet));
}
}
// [ValidateInput(false)]
public ActionResult Registration(RegisterViewModel register)
{
if (!ModelState.IsValid)
{
return(JsonValidationError());
}
if (!string.IsNullOrEmpty(register.Password))
{
if (!Regex.IsMatch(register.Password, SiteUtils.GetPasswordRegex()))
{
ModelState.AddModelError("Password", "Password does not meet policy!");
return(JsonValidationError());
}
}
var response = new BoolResponse();
//-- to check if user's Email Address already registered
var existingUser = _customerRepository.GetExistingUser(Sanitizer.GetSafeHtmlFragment(register.Email));
if (existingUser.Result != null)
{
if (existingUser.Result.Count > 0 && existingUser.Result[0].UserSourceType != UserSourceTypes.Newsletter.GetHashCode().ToString())
{
ModelState.AddModelError("Error", "Your email address is already registered with us.");
return(JsonValidationError());
}
var user = new CustomerModel
{
Email = Sanitizer.GetSafeHtmlFragment(register.Email),
Password = Sanitizer.GetSafeHtmlFragment(register.Password)
};
var result = _customerRepository.Register(user);
if (result.Result.IsValid)
{
var loginResult = _authenticationService.Login(Sanitizer.GetSafeHtmlFragment(register.Email), Sanitizer.GetSafeHtmlFragment(register.Password), true);
response.IsValid = true;
SiteUtils.SetBasketAction(resetAction: true);
return(JsonSuccess(response, JsonRequestBehavior.AllowGet));
}
else
{
ModelState.AddModelError("Error", "Registration failed!");
return(JsonValidationError());
}
}
else
{
ModelState.AddModelError("Error", " '+' Symbol is not allowed in Email!");
return(JsonValidationError());
}
}
public static string RemoveHtml(string content)
{
return(Sanitizer.GetSafeHtmlFragment(content));
}
/// <summary>
/// Takes in HTML and returns santized Html/string
/// </summary>
/// <param name="html"></param>
/// <param name="useXssSantiser"></param>
/// <returns></returns>
public static string ScrubHtml(string html, bool useXssSantiser = false)
{
if (string.IsNullOrEmpty(html))
{
return(html);
}
// clear the flags on P so unclosed elements in P will be auto closed.
HtmlNode.ElementsFlags.Remove("p");
var doc = new HtmlDocument();
doc.LoadHtml(html);
var finishedHtml = html;
// Embed Urls
if (doc.DocumentNode != null)
{
// Get all the links we are going to
var tags = doc.DocumentNode.SelectNodes("//a[contains(@href, 'youtube.com')]|//a[contains(@href, 'youtu.be')]|//a[contains(@href, 'vimeo.com')]|//a[contains(@href, 'screenr.com')]|//a[contains(@href, 'instagram.com')]");
if (tags != null)
{
// find formatting tags
foreach (var item in tags)
{
if (item.PreviousSibling == null)
{
// Prepend children to parent node in reverse order
foreach (var node in item.ChildNodes.Reverse())
{
item.ParentNode.PrependChild(node);
}
}
else
{
// Insert children after previous sibling
foreach (var node in item.ChildNodes)
{
item.ParentNode.InsertAfter(node, item.PreviousSibling);
}
}
// remove from tree
item.Remove();
}
}
//Remove potentially harmful elements
var nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed");
if (nc != null)
{
foreach (var node in nc)
{
node.ParentNode.RemoveChild(node, false);
}
}
//remove hrefs to java/j/vbscript URLs
nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]");
if (nc != null)
{
foreach (var node in nc)
{
node.SetAttributeValue("href", "#");
}
}
//remove img with refs to java/j/vbscript URLs
nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]");
if (nc != null)
{
foreach (var node in nc)
{
node.SetAttributeValue("src", "#");
}
}
//remove on<Event> handlers from all tags
nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondblclick or @onload or @onunload or @onerror]");
if (nc != null)
{
foreach (var node in nc)
{
node.Attributes.Remove("onFocus");
node.Attributes.Remove("onBlur");
node.Attributes.Remove("onClick");
node.Attributes.Remove("onMouseOver");
node.Attributes.Remove("onMouseOut");
node.Attributes.Remove("onDblClick");
node.Attributes.Remove("onLoad");
node.Attributes.Remove("onUnload");
node.Attributes.Remove("onError");
}
}
// remove any style attributes that contain the word expression (IE evaluates this as script)
nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]");
if (nc != null)
{
foreach (var node in nc)
{
node.Attributes.Remove("stYle");
}
}
// build a list of nodes ordered by stream position
var pos = new NodePositions(doc);
// browse all tags detected as not opened
foreach (var error in doc.ParseErrors.Where(e => e.Code == HtmlParseErrorCode.TagNotOpened))
{
// find the text node just before this error
var last = pos.Nodes.OfType <HtmlTextNode>().LastOrDefault(n => n.StreamPosition < error.StreamPosition);
if (last != null)
{
// fix the text; reintroduce the broken tag
last.Text = error.SourceText.Replace("/", "") + last.Text + error.SourceText;
}
}
finishedHtml = doc.DocumentNode.WriteTo();
}
// The reason we have this option, is using the santiser with the MarkDown editor
// causes problems with line breaks.
if (useXssSantiser)
{
return(SanitizerCompatibleWithForiegnCharacters(Sanitizer.GetSafeHtmlFragment(finishedHtml)));
}
return(finishedHtml);
}
// GET: Checkout
public ActionResult OnePageCheckout(string basketId)
{
var response = _checkoutApi.Checkout(Sanitizer.GetSafeHtmlFragment(basketId));
var checkout = response.Result;
if (checkout.BasketId == null || checkout.Basket == null || checkout.Basket.LineItems.Count < 1)
{
return(RedirectToAction("BasketNotFound", "Common"));
}
foreach (var pay in checkout.PaymentOptions)
{
pay.CardInfo.Amount = checkout.BalanceAmount.Raw.WithTax;
}
var result = _configApi.GetConfig();
var data = result.Result;
//checkout.Basket.shippingMethods = 0 is simpl check this implementation later
data.ShippingCountries = data.ShippingCountries.Where(x => checkout.Basket.shippingMethods.Any(y => y.CountryCode == x.TwoLetterIsoCode) || checkout.Basket.shippingMethods.Count() == 0).Distinct().ToList();
var model = new CheckoutViewModel
{
Checkout = checkout,
Register = new RegistrationModel(),
Login = new LoginViewModel(),
BillingCountries = data.BillingCountries,
ShippingCountries = data.ShippingCountries,
CurrentDate = DateTime.Today.Date.AddDays(1)
};
if (_sessionContext.CurrentUser == null)
{
model.RegistrationPrompt = Convert.ToBoolean(_sessionContext.CurrentSiteConfig.BasketSettings.RegistrationPrompt);
}
string returnUrl = string.Empty;
//So that the user can be referred back to where they were when they click logon
if (Request.UrlReferrer != null)
{
returnUrl = Server.UrlEncode(Request.UrlReferrer.PathAndQuery);
}
//if (Url.IsLocalUrl(returnUrl) && !string.IsNullOrEmpty(returnUrl))
if (!string.IsNullOrEmpty(returnUrl))
{
TempData["ReturnURL"] = returnUrl;
}
if (_sessionContext.CurrentUser == null)
{
if (Guid.Parse(checkout.CustomerId) != Guid.Empty)
{
var customerresult = _customerRepository.GetUserdetailsById <CustomerDetailModel>(checkout.CustomerId);
if (customerresult != null)
{
checkout.Email = customerresult.Result.Email;
checkout.CompanyId = customerresult.Result.CompanyId;
}
}
else
{
_checkoutApi.UpdateUserToBasket(checkout.BasketId, Guid.Empty.ToString());
checkout.Stage = BasketStage.Anonymous.GetHashCode();
}
SetDataLayerVariables(response.Result?.Basket, WebhookEventTypes.CheckoutStarted);
return(View(CustomViews.ONE_PAGE_CHECKOUT, model));
}
model.Checkout.CustomerId = _sessionContext.CurrentUser.UserId.ToString();
model.Checkout.Email = _sessionContext.CurrentUser.Email;
var WishlistResponse = _customerRepository.GetWishlist(model.Checkout.CustomerId, true);
model.Checkout.WishlistProducts = WishlistResponse.Result;
SetDataLayerVariables(response.Result?.Basket, WebhookEventTypes.CheckoutStarted);
return(View(CustomViews.ONE_PAGE_CHECKOUT, model));
}
public ActionResult RemoveWishList(string id)
{
_customerRepository.RemoveWishList(_sessionContext.CurrentUser.UserId.ToString(), Sanitizer.GetSafeHtmlFragment(id), true);
var response = _customerRepository.GetWishlist(_sessionContext.CurrentUser.UserId.ToString(), true);
return(JsonSuccess(response.Result, JsonRequestBehavior.AllowGet));
}
public ActionResult UpdateBasketDeliveryAddress(CheckoutModel checkout)
{
var response = _checkoutApi.UpdateBasketDeliveryAddress(Sanitizer.GetSafeHtmlFragment(checkout.BasketId), checkout);
return(JsonSuccess(new { response = response, BasketStage = BasketStage.ShippingAddressProvided.GetHashCode() }, JsonRequestBehavior.AllowGet));
}
/// <summary>
/// Validate a user by password
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="maxInvalidPasswordAttempts"> </param>
/// <returns></returns>
public bool ValidateUser(string userName, string password, int maxInvalidPasswordAttempts)
{
userName = Sanitizer.GetSafeHtmlFragment(userName);
password = Sanitizer.GetSafeHtmlFragment(password);
LastLoginStatus = LoginAttemptStatus.LoginSuccessful;
var user = GetUser(userName);
if (user == null)
{
LastLoginStatus = LoginAttemptStatus.UserNotFound;
return(false);
}
if (user.IsBanned)
{
LastLoginStatus = LoginAttemptStatus.Banned;
return(false);
}
if (user.IsLockedOut)
{
LastLoginStatus = LoginAttemptStatus.UserLockedOut;
return(false);
}
if (!user.IsApproved)
{
LastLoginStatus = LoginAttemptStatus.UserNotApproved;
return(false);
}
var allowedPasswordAttempts = maxInvalidPasswordAttempts;
if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts)
{
LastLoginStatus = LoginAttemptStatus.PasswordAttemptsExceeded;
return(false);
}
var salt = user.PasswordSalt;
var hash = StringUtils.GenerateSaltedHash(password, salt);
var passwordMatches = hash == user.Password;
user.FailedPasswordAttemptCount = passwordMatches ? 0 : user.FailedPasswordAttemptCount + 1;
if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockoutDate = DateTime.UtcNow;
}
if (!passwordMatches)
{
LastLoginStatus = LoginAttemptStatus.PasswordIncorrect;
return(false);
}
return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful);
}
public virtual ActionResult GetDeliveryMethodsByPostCode(string countryCode, string basketId, string postCode, string appliedShippingId)
{
var shippingMethods = _shippingApi.GetShippingMethods(basketId, Sanitizer.GetSafeHtmlFragment(countryCode), postCode);
bool IsPriceOnRequest = false;
var response = new ResponseModel <BasketModel> {
};
// If don't found any shipping in apply postcode control will to to else part and remove applied shipping from basket
if (shippingMethods.Result != null && shippingMethods.Result.Count > 0)
{
var shippingMethod = shippingMethods.Result.Where(x => x.Id == Guid.Parse(appliedShippingId)).FirstOrDefault();
// shippingMethod can have only that case if shippingMethods list having applied shipping id in that case
//no need to updateshipping
if (shippingMethod == null)
{
// In case shippingMethods list don't have applied shipping id default shipping will be apply
shippingMethod = shippingMethods.Result.Where(x => x.IsDefault = true).FirstOrDefault();
response = _basketApi.UpdateShipping(Sanitizer.GetSafeHtmlFragment(basketId), Sanitizer.GetSafeHtmlFragment(Convert.ToString(shippingMethod.Id)), null);
IsPriceOnRequest = shippingMethod.IsPriceOnRequest;
if (shippingMethod == null)
{
// In case default shipping is not set that case first shipping will be apply
shippingMethod = shippingMethods.Result.FirstOrDefault();
response = _basketApi.UpdateShipping(Sanitizer.GetSafeHtmlFragment(basketId), Sanitizer.GetSafeHtmlFragment(Convert.ToString(shippingMethod.Id)), null);
IsPriceOnRequest = shippingMethod.IsPriceOnRequest;
}
}
else
{
response = _basketApi.UpdateShipping(Sanitizer.GetSafeHtmlFragment(basketId), Sanitizer.GetSafeHtmlFragment(Convert.ToString(shippingMethod.Id)), null);
IsPriceOnRequest = shippingMethod.IsPriceOnRequest;
}
}
else
{
response = _basketApi.UpdateShipping(Sanitizer.GetSafeHtmlFragment(basketId), Sanitizer.GetSafeHtmlFragment(Convert.ToString(Guid.Empty)), null); //Applied shipping remove in case don't found the shipping
}
response.Result.IsPriceOnRequest = IsPriceOnRequest;
response.Result.shippingMethods = shippingMethods.Result;
return(JsonSuccess(response.Result, JsonRequestBehavior.AllowGet));
}
public ActionResult GetShippingMethods(string countryCode)
{
var shippingMethods = _shippingApi.GetShippingMethods(_sessionContext.SessionId, Sanitizer.GetSafeHtmlFragment(countryCode));
return(JsonSuccess(shippingMethods.Result, JsonRequestBehavior.AllowGet));
}
public virtual ActionResult UpdateShipping(string id, string shippingId, NominatedDeliveryModel nominatedDelivery)
{
var response = _basketApi.UpdateShipping(Sanitizer.GetSafeHtmlFragment(id), Sanitizer.GetSafeHtmlFragment(shippingId), nominatedDelivery);
var basket = response.Result;
if (basket.LineItems == null)
{
basket.LineItems = new List <BasketLineModel>();
}
return(JsonSuccess(new { basket = basket, BasketStage = BasketStage.ShippingMethodSelected.GetHashCode() }, JsonRequestBehavior.AllowGet));
}
public virtual ActionResult RemovePromoCode(string id, string promoCode)
{
var resp = _basketApi.RemovePromoCode(Sanitizer.GetSafeHtmlFragment(id), Sanitizer.GetSafeHtmlFragment(promoCode));
return(JsonSuccess(resp, JsonRequestBehavior.AllowGet));
}
/// <summary>
/// 主方法。
/// </summary>
/// <param name="args">傳入參數集合。</param>
private static void Main(string[] args)
{
var originalColor = Console.ForegroundColor;
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("開始。");
Console.ForegroundColor = originalColor;
var testChars = Enumerable.Range(0, char.MaxValue + 1).Select(i => (char)i);
var testFuncs = new Dictionary <string, Func <string, string> >
{
#region -- URL Encode --
// using System.Web;
{ _httpUtilityUrlEncodeName, str => HttpUtility.UrlEncode(str) },
{ _httpUtilityUrlEncodeUnicodeName, str => HttpUtility.UrlEncodeUnicode(str) }, // Obsolete.
{ _httpUtilityUrlPathEncodeName, str => HttpUtility.UrlPathEncode(str) },
// using System.Net;
{ _webUtilityUrlEncodeName, str => WebUtility.UrlEncode(str) },
// using System;
{ _uriEscapeDataStringName, str => Uri.EscapeDataString(str) },
{ _uriEscapeUriStringName, str => Uri.EscapeUriString(str) },
// PM> Install-Package System.Text.Encodings.Web
// using System.Text.Encodings.Web;
{ _urlEncoderEncodeName, str => UrlEncoder.Default.Encode(str) },
// PM> Install-Package Flurl
// using Flurl;
{ _urlEncodeName, str => Url.Encode(str) },
{ _urlEncodeIllegalCharactersName, str => Url.EncodeIllegalCharacters(str) },
#endregion -- URL Encode --
#region -- Html & JavaScript Encode --
// using System.Web;
{ _httpUtilityHtmlAttributeEncodeName, str => HttpUtility.HtmlAttributeEncode(str) },
{ _httpUtilityHtmlEncodeName, str => HttpUtility.HtmlEncode(str) },
{ _httpUtilityJavaScriptStringEncodeName, str => HttpUtility.JavaScriptStringEncode(str) },
// using System.Net;
{ _webUtilityHtmlEncodeName, str => WebUtility.HtmlEncode(str) },
// PM> Install-Package System.Text.Encodings.Web
// using System.Text.Encodings.Web;
{ _htmlEncoderEncodeName, str => HtmlEncoder.Default.Encode(str) },
{ _javaScriptEncoderEncodeName, str => JavaScriptEncoder.Default.Encode(str) },
// PM> Install-Package AntiXSS
// using Microsoft.Security.Application;
{ _sanitizerGetSafeHtmlFragmentName, str => Sanitizer.GetSafeHtmlFragment(str) },
#endregion -- Html & JavaScript Encode --
};
var testData = GetTestData(testChars, testFuncs);
var testResults = GetTestResult(testData);
var filePath = $@"{AppDomain.CurrentDomain.BaseDirectory}Data\TestResults.csv";
GenerateCsvFile(testResults, filePath);
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("結束。");
Console.ForegroundColor = originalColor;
}
public ActionResult ChangePassword(ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(JsonValidationError());
}
if (!string.IsNullOrEmpty(model.NewPassword))
{
if (!Regex.IsMatch(model.NewPassword, SiteUtils.GetPasswordRegex()))
{
ModelState.AddModelError("Password", "Password does not meet policy!");
return(JsonValidationError());
}
}
if (model.OldPassword == model.NewPassword)
{
ModelState.AddModelError("Error", "Old Password and New Password cannot be same");
return(JsonValidationError());
}
var response = new BoolResponse();
var result = _authenticationService.Login(_sessionContext.CurrentUser.Username, Sanitizer.GetSafeHtmlFragment(model.OldPassword), true);
if (result != null)
{
response.IsValid = _customerRepository.ChangePassword(Sanitizer.GetSafeHtmlFragment(model.OldPassword), Sanitizer.GetSafeHtmlFragment(model.NewPassword), _sessionContext.CurrentUser.UserId.ToString()).Result;
return(JsonSuccess(response, JsonRequestBehavior.AllowGet));
}
else
{
ModelState.AddModelError("Error", "Old Password didn't match.");
return(JsonValidationError());
}
}
public ActionResult ConvertToOrder(CheckoutModel checkout)
{
if (!string.IsNullOrEmpty(checkout.CompanyId) && _sessionContext.CurrentUser == null && checkout.CompanyId != Guid.Empty.ToString())
{
//execute when company user tries to place order via guest checkout.
return(JsonSuccess("", JsonRequestBehavior.DenyGet));
}
if (checkout.CustomerId == Guid.Empty.ToString() || checkout.CustomerId == null)
{
var user = new CustomerModel {
Email = Sanitizer.GetSafeHtmlFragment(checkout.Email),
Password = Sanitizer.GetSafeHtmlFragment(checkout.Password)
};
var responseTemp = _customerRepository.GetExistingUser(user.Email);
if (responseTemp.Result.Count > 0)
{
checkout.CustomerId = responseTemp.Result[0].UserId.ToString();
}
else
{
var result = _customerRepository.Register(user);
if (result.Result.IsValid)
{
checkout.CustomerId = result.Result.RecordId;
}
}
}
checkout.Payment = new PaymentModel
{
PaymentGatewayId = checkout.SelectedPayment.Id,
PaymentGateway = checkout.SelectedPayment.SystemName,
OrderAmount = checkout.SelectedPayment.CardInfo.Amount,
Status = PaymentStatus.Pending.GetHashCode()
};
var response = _checkoutApi.ConvertToOrder(Sanitizer.GetSafeHtmlFragment(checkout.BasketId), checkout);
if (response.Result == null)
{
return(JsonSuccess(response, JsonRequestBehavior.AllowGet));
}
_b2bRepository.RemoveQuoteBasket();
var order = response.Result;
var paymentRequest = new ProcessPaymentRequest
{
BasketId = checkout.BasketId,
CurrencyCode = order.CurrencyCode,
CustomerId = checkout.CustomerId,
LanuguageCode = _sessionContext.CurrentSiteConfig.RegionalSettings.DefaultLanguageCulture,
OrderId = order.Id,
OrderNo = order.OrderNo,
PaymentId = order.Payment.Id,
UserEmail = checkout.Email,
OrderTotal = order.Payment.OrderAmount,
Order = order
};
if (!string.IsNullOrEmpty(checkout.SelectedPayment.CardInfo?.CardNo) && !string.IsNullOrEmpty(checkout.SelectedPayment.CardInfo.SecurityCode) && checkout.SelectedPayment.CardInfo.Amount > 0)
{
paymentRequest.CardNo = checkout.SelectedPayment.CardInfo.CardNo;
paymentRequest.Cvv = checkout.SelectedPayment.CardInfo.SecurityCode;
paymentRequest.OrderTotal = checkout.SelectedPayment.CardInfo.Amount;
}
if (checkout.SelectedPayment.SystemName != Convert.ToString(PaymentMethodTypes.AccountCredit))
{
var payResponse = _checkoutApi.PaymentSetting(checkout.SelectedPayment.SystemName);
checkout.SelectedPayment = payResponse.Result;
}
var paymentResponse = checkout.SelectedPayment.ProcessPayment(paymentRequest);
if (paymentResponse.Success && paymentResponse.AuthorizedAmount > 0)
{
order.Payment.IsValid = true;
order.Payment.Status = order.Payment.IsValid.GetHashCode();
order.Payment.AuthCode = paymentResponse.AuthorizationTransactionCode;
order.Payment.CardNo = paymentRequest.CardNo;
order.Payment.OrderAmount = paymentResponse.AuthorizedAmount;
var result = _checkoutApi.UpdatePayment(order.Id, order.Payment);
paymentResponse.BalanceAmount = result.Result?.BalanceAmount;
}
return(JsonSuccess(paymentResponse, JsonRequestBehavior.AllowGet));
}
public ActionResult GetAddressById(AddressModel customeraddress)
{
var result = _customerRepository.GetAddressById(Sanitizer.GetSafeHtmlFragment(customeraddress.CustomerId), Sanitizer.GetSafeHtmlFragment(customeraddress.Id));
result.Result.CustomerId = Sanitizer.GetSafeHtmlFragment(customeraddress.CustomerId);
return(JsonSuccess(result.Result, JsonRequestBehavior.AllowGet));
}
protected override System.Threading.Tasks.Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, System.Threading.CancellationToken cancellationToken)
{
if (Request.Method == HttpMethod.Options)
{
return(base.SendAsync(Request, cancellationToken));
}
var queryStrings = Request.RequestUri.ParseQueryString();
foreach (var key in queryStrings.AllKeys)
{
var value = Sanitizer.GetSafeHtmlFragment(queryStrings[key]);
if (value != queryStrings[key])
{
return(SendError($"input ${key} can not contain sensitive character", HttpStatusCode.BadRequest));
}
}
if (Request.Content.IsFormData())
{
var results = Request.Content.ReadAsFormDataAsync().Result;
foreach (var key in results.AllKeys)
{
var value = results.GetValues(key).FirstOrDefault();
var safeValue = Sanitizer.GetSafeHtmlFragment(value);
if (value != safeValue)
{
return(SendError($"input ${key} can not contain sensitive character", HttpStatusCode.BadRequest));
}
}
}
else if (Request.Content.IsMimeMultipartContent())
{
string tempDir = profileDirService.GetTempDir();
var provider = new MultipartFormDataStreamProvider(tempDir);
var results = Request.Content.ReadAsMultipartAsync(provider).Result;
foreach (var key in results.FormData.AllKeys)
{
var value = results.FormData.GetValues(key).FirstOrDefault();
var safeValue = Sanitizer.GetSafeHtmlFragment(value);
if (value != safeValue)
{
return(SendError($"input ${key} can not contain sensitive character", HttpStatusCode.BadRequest));
}
}
}
else
{
try
{
var result = Request.Content.ReadAsStringAsync().Result;
var obj = JObject.Parse(result);
foreach (var item in obj)
{
var saleValue = Sanitizer.GetSafeHtmlFragment(item.Value.ToString());
if (item.Value.ToString() != saleValue)
{
return(SendError($"input ${item.Key} can not contain sensitive character", HttpStatusCode.BadRequest));
}
}
}
catch (Exception)
{
}
}
return(base.SendAsync(Request, cancellationToken));
}
