protected void CourseIndexDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e) { if (e.ParameterValues[1] != null) { //防注入,替换四个关键key // e.ParameterValues[1].ToString().Replace("'", "''"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("'", "''"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("[", "[[]"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("%", "[%]"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("_", "[_]"); /* * AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("[", "[[]")); * AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("%", "[%]")); * AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("_", "[_]")); */ } }
protected void UserStatisticalDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e) { if (e.ParameterValues[0].ToString().Equals("all")) { e.ParameterValues[0] = null; return; } if (e.ParameterValues[1] != null) { //防注入,替换四个关键key // e.ParameterValues[1].ToString().Replace("'", "''"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("'", "''"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("[", "[[]"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("%", "[%]"); e.ParameterValues[1] = e.ParameterValues[1].ToString().Replace("_", "[_]"); /* * AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("[", "[[]")); * AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("%", "[%]")); * AdminNewsListDataSource.FilterExpression.Replace("{1}", e.ParameterValues[1].ToString().Replace("_", "[_]")); */ } }
protected void SubmissionsSqlDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e) { if (Page.User.Identity.IsAuthenticated) { if (Page.User.IsInRole("Novell")) { string filter = string.Empty; string datefrom_text = Novell_DateFromTextBox.Text; string dateto_text = Novell_DateToTextBox.Text; if (datefrom_text != string.Empty && dateto_text != string.Empty) { try { DateTime datefrom = DateTime.Parse(datefrom_text); DateTime dateto = DateTime.Parse(dateto_text); /* Make dateto include the whole of the dateto day */ dateto = dateto.AddHours(23); dateto = dateto.AddMinutes(59); dateto = dateto.AddSeconds(59); if (filter != string.Empty) { filter += " AND "; } filter += "report_date >= '" + datefrom.ToString("o") + "' AND report_date <= '" + dateto.ToString("o") + "'"; } catch (FormatException) { } } string imp_filter = string.Empty; foreach (ListItem item in Novell_ImportanceCheckBoxList.Items) { if (item.Selected) { if (imp_filter != string.Empty) { imp_filter += " OR "; } imp_filter += "importance='" + item.Value + "'"; } } if (imp_filter != string.Empty) { if (filter != string.Empty) { filter += " AND "; } filter += "(" + imp_filter + ")"; } if (Novell_AppNameFilterTextBox.Text != string.Empty) { if (filter != string.Empty) { filter += " AND "; } filter += "application_name='" + Novell_AppNameFilterTextBox.Text + "'"; } string type_filter = string.Empty; foreach (ListItem item in Novell_AppTypeCheckBoxList.Items) { if (item.Selected) { if (type_filter != string.Empty) { type_filter += " OR "; } type_filter += "application_type='" + item.Value + "'"; } } if (type_filter != string.Empty) { if (filter != string.Empty) { filter += " AND "; } filter += "(" + type_filter + ")"; } if (Novell_ProfileFilterDropDownList.SelectedItem != null && Novell_ProfileFilterDropDownList.SelectedItem.Value != "[All]") { if (filter != string.Empty) { filter += " AND "; } filter += "display_name='" + Novell_ProfileFilterDropDownList.SelectedItem.Value + "'"; } // If nothing selected, the empty string will filter nothing SubmissionsSqlDataSource.FilterExpression = filter; } else { string filter = string.Empty; string datefrom_text = LoggedIn_DateFromTextBox.Text; string dateto_text = LoggedIn_DateToTextBox.Text; if (datefrom_text != string.Empty && dateto_text != string.Empty) { try { DateTime datefrom = DateTime.Parse(datefrom_text); DateTime dateto = DateTime.Parse(dateto_text); /* Make dateto include the whole of the dateto day */ dateto = dateto.AddHours(23); dateto = dateto.AddMinutes(59); dateto = dateto.AddSeconds(59); if (filter != string.Empty) { filter += " AND "; } filter += "report_date >= '" + datefrom.ToString("o") + "' AND report_date <= '" + dateto.ToString("o") + "'"; } catch (FormatException) { } } string type_filter = string.Empty; foreach (ListItem item in LoggedIn_AppTypeCheckBoxList.Items) { if (item.Selected) { if (type_filter != string.Empty) { type_filter += " OR "; } type_filter += "application_type='" + item.Value + "'"; } } if (type_filter != string.Empty) { if (filter != string.Empty) { filter += " AND "; } filter += "(" + type_filter + ")"; } if (LoggedIn_ProfileFilterDropDownList.SelectedItem != null && LoggedIn_ProfileFilterDropDownList.SelectedItem.Value != "[All]") { if (filter != string.Empty) { filter += " AND "; } filter += "display_name='" + LoggedIn_ProfileFilterDropDownList.SelectedItem.Value + "'"; } // If nothing selected, the empty string will filter nothing SubmissionsSqlDataSource.FilterExpression = filter; } } }
protected void IssuesSqlDataSource_Filtering(object sender, SqlDataSourceFilteringEventArgs e) { if (Page.User.Identity.IsAuthenticated) { string filter = string.Empty; foreach (ListItem item in IssueTypeFilterCheckBoxList.Items) { if (item.Selected) { if (filter != string.Empty) { filter += " OR "; } filter += "lookup_name='" + item.Value + "'"; } } if (IssueNamespaceFilterTextBox.Text != string.Empty) { if (filter != string.Empty) { filter += " AND "; } filter += "method_namespace='" + IssueNamespaceFilterTextBox.Text + "'"; } if (IssueClassFilterTextBox.Text != string.Empty) { if (filter != string.Empty) { filter += " AND "; } filter += "method_class='" + IssueClassFilterTextBox.Text + "'"; } // If nothing selected, the empty string will filter nothing IssuesSqlDataSource.FilterExpression = filter; } }