예제 #1
0
        public void AddRequestParameters(NameValueCollection requestQueryString, NameValueCollection requestForm, HttpFileCollection requestFiles, string requestBody)
        {
            // combine the querystring, form, and uploaded files into one parameter collection
            // combine querystring and form parameters
            // note: we must sanitize the parameter names since they will be copied verbatim into the SQL to execute

            // NOTE: special characters (such as Norwegian øæå) don't work in querystring? (seems to be an ASP.NET problem, ie not a database problem...)
            // see http://forums.asp.net/t/1422064.aspx
            // see http://www.velocityreviews.com/forums/t69568-requestquerystring-does-not-return-extended-characters.html

            //foreach (string s in requestQueryString)
            //{
            //    logger.Debug("Querystring: " + s + " = " + HttpUtility.UrlDecode(requestQueryString.Get(s)));
            //}

            foreach (string s in requestQueryString)
            {
                // ignore parameter if no parameter name specified (for example "?foo" instead of "?foo=bar")
                if (s != null)
                {
                    NameValuePair nvp = new NameValuePair(StringUtil.RemoveSpecialCharacters(s), requestQueryString.GetValues(s));
                    _requestParams.Add(nvp);
                }
                else
                {
                    if (logger.IsDebugEnabled)
                    {
                        logger.Warn("A querystring parameter has no name, and will be ignored. Value = " + requestQueryString.GetValues(s)[0]);
                    }
                }
            }

            foreach (string s in requestForm)
            {
                NameValuePair nvp = new NameValuePair(StringUtil.RemoveSpecialCharacters(s), requestForm.GetValues(s));
                _requestParams.Add(nvp);
            }

            string[] fileParamNames = requestFiles.AllKeys;

            for (int i = 0; i < requestFiles.Count; i++)
            {
                if (requestFiles[i].ContentLength > 0)
                {
                    string paramName = StringUtil.RemoveSpecialCharacters(fileParamNames[i]);

                    // if the file is stored in either filesystem or XDB, it should be named differently than if stored in the document table
                    bool useDocTableNamingConvention = (DadConfig.DocumentFilePath.Length == 0 && DadConfig.DocumentXdbPath.Length == 0);

                    UploadedFile uf = new UploadedFile(paramName, requestFiles[i].FileName, requestFiles[i], DadConfig.DocumentMaxNameLength, useDocTableNamingConvention);
                    _uploadedFiles.Add(uf);
                }
                else
                {
                    logger.Debug(string.Format("File number {0} (parameter name = {1}) was empty (zero bytes).", i, fileParamNames[i]));
                }
            }

            int uploadedFileCount = _uploadedFiles.Count;

            if (uploadedFileCount == 1)
            {
                // avoid extra parsing work if there is only one file uploaded
                NameValuePair nvp = new NameValuePair(_uploadedFiles[0].ParamName, _uploadedFiles[0].UniqueFileName);
                _requestParams.Add(nvp);
            }
            else if (uploadedFileCount > 1)
            {
                // if two or more file parameter names are equal, then add the corresponding filenames as an array instead of string
                // we do this by adding the entries to a Dictionary to group by parameter name, then adding them back to a NameValuePair

                Dictionary <string, List <string> > files = new Dictionary <string, List <string> >();

                foreach (UploadedFile uf in _uploadedFiles)
                {
                    if (!files.ContainsKey(uf.ParamName))
                    {
                        files[uf.ParamName] = new List <string>();
                    }

                    files[uf.ParamName].Add(uf.UniqueFileName);
                }

                foreach (KeyValuePair <string, List <string> > f in files)
                {
                    NameValuePair nvp = new NameValuePair(f.Key, (List <string>)f.Value);
                    _requestParams.Add(nvp);
                }
            }

            // pass the request body if it contains data (ie the data is not "form urlencoded" but passed typically as JSON)
            if (requestBody.Length > 0)
            {
                NameValuePair nvpX = new NameValuePair(StringUtil.RemoveSpecialCharacters("p_request_body"), requestBody);
                _requestParams.Add(nvpX);
            }

            // the parameters have been set up, now build the database call
            BuildOwaProc();
        }
예제 #2
0
        public void AddCGIEnvironment(NameValueCollection serverVariables)
        {
            //logger.Debug("CGI variables: " + serverVariables.ToString());

            // see http://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx for default IIS server variables
            // note that some values are modified, and some are added, in the code below

            foreach (string key in serverVariables.AllKeys)
            {
                if (!key.StartsWith("ALL_"))
                {
                    if (key == "SERVER_SOFTWARE")
                    {
                        if (DadConfiguration.CGIServerSoftware != "")
                        {
                            NameValuePair nvp = new NameValuePair(key, DadConfiguration.CGIServerSoftware);
                            _cgiParams.Add(nvp);
                        }
                        else
                        {
                            // use the default
                            // according to the docs: "The name and version of the server software that answers the request and runs the gateway. The format is name/version."
                            // ie., this should return something like "Microsoft-IIS/7.5"
                            NameValuePair nvp = new NameValuePair(key, serverVariables.GetValues(key));
                            _cgiParams.Add(nvp);
                        }
                    }
                    else if (key == "SCRIPT_NAME")
                    {
                        NameValuePair nvp = new NameValuePair(key, "/" + ModuleName + "/" + DadName);
                        _cgiParams.Add(nvp);
                    }
                    else if (key == "PATH_INFO")
                    {
                        NameValuePair nvp = new NameValuePair(key, "/" + ProcName);
                        _cgiParams.Add(nvp);
                    }
                    else if (key == "HTTP_AUTHORIZATION")
                    {
                        // parse username and password and set properties
                        string encodedAuth = serverVariables.GetValues(key)[0];

                        logger.Debug("HTTP Authorization: " + encodedAuth);

                        if (encodedAuth.StartsWith("Basic "))
                        {
                            string decodedAuth = encodedAuth.Substring(6);
                            //decodedAuth = StringUtil.base64Decode(decodedAuth);
                            decodedAuth = System.Text.Encoding.Default.GetString(Convert.FromBase64String(decodedAuth));

                            // commented out to avoid logging usernames/passwords in the log file
                            //logger.Debug("Decoded value: " + decodedAuth);
                            string[] auth = decodedAuth.Split(':');
                            BasicAuthUsername = auth[0];
                            BasicAuthPassword = auth[1];
                        }

                        NameValuePair nvp = new NameValuePair(key, serverVariables.GetValues(key));
                        _cgiParams.Add(nvp);
                    }
                    else
                    {
                        NameValuePair nvp = new NameValuePair(key, serverVariables.GetValues(key));

                        if (nvp.Name == "HTTP_COOKIE")
                        {
                            logger.Debug("Cookies: " + nvp.ValuesAsString);
                        }

                        _cgiParams.Add(nvp);
                    }
                }
            }

            // add custom CGI variables

            NameValuePair nvp1 = new NameValuePair("PLSQL_GATEWAY", DadConfiguration.CGIPLSQLGateway);

            _cgiParams.Add(nvp1);
            NameValuePair nvp2 = new NameValuePair("GATEWAY_IVERSION", DadConfiguration.CGIGatewayIVersion);

            _cgiParams.Add(nvp2);
            NameValuePair nvp3 = new NameValuePair("DAD_NAME", DadName);

            _cgiParams.Add(nvp3);
            NameValuePair nvp4 = new NameValuePair("REQUEST_CHARSET", DadConfig.NLSCharset);

            _cgiParams.Add(nvp4);
            NameValuePair nvp5 = new NameValuePair("REQUEST_IANA_CHARSET", DadConfig.IANACharset);

            _cgiParams.Add(nvp5);
            NameValuePair nvp6 = new NameValuePair("DOC_ACCESS_PATH", DadConfig.DocumentPath);

            _cgiParams.Add(nvp6);
            NameValuePair nvp7 = new NameValuePair("DOCUMENT_TABLE", DadConfig.DocumentTableName);

            _cgiParams.Add(nvp7);
            NameValuePair nvp8 = new NameValuePair("PATH_ALIAS", DadConfig.PathAlias);

            _cgiParams.Add(nvp8);

            // REQUEST_PROTOCOL: not supplied by IIS, but required for Apex Listener compatibility
            // see https://code.google.com/p/thoth-gateway/issues/detail?id=8

            string requestProtocol = "http";

            if (serverVariables["HTTPS"].ToLower() == "on")
            {
                requestProtocol = "https";
            }

            NameValuePair nvp9 = new NameValuePair("REQUEST_PROTOCOL", requestProtocol);

            _cgiParams.Add(nvp9);

            // impersonate Apex Listener, if necessary/desired
            if (DadConfiguration.CGIApexListenerVersion != "")
            {
                NameValuePair nvp10 = new NameValuePair("APEX_LISTENER_VERSION", DadConfiguration.CGIApexListenerVersion);
                _cgiParams.Add(nvp10);
            }

            // get the current Windows username, useful for Integrated Windows Authentication
            WindowsUsername = serverVariables["LOGON_USER"];
            logger.Debug("Current Windows user name (LOGON_USER) = " + WindowsUsername);
        }