public void AddRequestParameters(NameValueCollection requestQueryString, NameValueCollection requestForm, HttpFileCollection requestFiles, string requestBody)
{
// combine the querystring, form, and uploaded files into one parameter collection
// combine querystring and form parameters
// note: we must sanitize the parameter names since they will be copied verbatim into the SQL to execute
// NOTE: special characters (such as Norwegian øæå) don't work in querystring? (seems to be an ASP.NET problem, ie not a database problem...)
// see http://forums.asp.net/t/1422064.aspx
// see http://www.velocityreviews.com/forums/t69568-requestquerystring-does-not-return-extended-characters.html
//foreach (string s in requestQueryString)
//{
// logger.Debug("Querystring: " + s + " = " + HttpUtility.UrlDecode(requestQueryString.Get(s)));
//}
foreach (string s in requestQueryString)
{
// ignore parameter if no parameter name specified (for example "?foo" instead of "?foo=bar")
if (s != null)
{
NameValuePair nvp = new NameValuePair(StringUtil.RemoveSpecialCharacters(s), requestQueryString.GetValues(s));
_requestParams.Add(nvp);
}
else
{
if (logger.IsDebugEnabled)
{
logger.Warn("A querystring parameter has no name, and will be ignored. Value = " + requestQueryString.GetValues(s)[0]);
}
}
}
foreach (string s in requestForm)
{
NameValuePair nvp = new NameValuePair(StringUtil.RemoveSpecialCharacters(s), requestForm.GetValues(s));
_requestParams.Add(nvp);
}
string[] fileParamNames = requestFiles.AllKeys;
for (int i = 0; i < requestFiles.Count; i++)
{
if (requestFiles[i].ContentLength > 0)
{
string paramName = StringUtil.RemoveSpecialCharacters(fileParamNames[i]);
// if the file is stored in either filesystem or XDB, it should be named differently than if stored in the document table
bool useDocTableNamingConvention = (DadConfig.DocumentFilePath.Length == 0 && DadConfig.DocumentXdbPath.Length == 0);
UploadedFile uf = new UploadedFile(paramName, requestFiles[i].FileName, requestFiles[i], DadConfig.DocumentMaxNameLength, useDocTableNamingConvention);
_uploadedFiles.Add(uf);
}
else
{
logger.Debug(string.Format("File number {0} (parameter name = {1}) was empty (zero bytes).", i, fileParamNames[i]));
}
}
int uploadedFileCount = _uploadedFiles.Count;
if (uploadedFileCount == 1)
{
// avoid extra parsing work if there is only one file uploaded
NameValuePair nvp = new NameValuePair(_uploadedFiles[0].ParamName, _uploadedFiles[0].UniqueFileName);
_requestParams.Add(nvp);
}
else if (uploadedFileCount > 1)
{
// if two or more file parameter names are equal, then add the corresponding filenames as an array instead of string
// we do this by adding the entries to a Dictionary to group by parameter name, then adding them back to a NameValuePair
Dictionary <string, List <string> > files = new Dictionary <string, List <string> >();
foreach (UploadedFile uf in _uploadedFiles)
{
if (!files.ContainsKey(uf.ParamName))
{
files[uf.ParamName] = new List <string>();
}
files[uf.ParamName].Add(uf.UniqueFileName);
}
foreach (KeyValuePair <string, List <string> > f in files)
{
NameValuePair nvp = new NameValuePair(f.Key, (List <string>)f.Value);
_requestParams.Add(nvp);
}
}
// pass the request body if it contains data (ie the data is not "form urlencoded" but passed typically as JSON)
if (requestBody.Length > 0)
{
NameValuePair nvpX = new NameValuePair(StringUtil.RemoveSpecialCharacters("p_request_body"), requestBody);
_requestParams.Add(nvpX);
}
// the parameters have been set up, now build the database call
BuildOwaProc();
}
public void AddCGIEnvironment(NameValueCollection serverVariables)
{
//logger.Debug("CGI variables: " + serverVariables.ToString());
// see http://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx for default IIS server variables
// note that some values are modified, and some are added, in the code below
foreach (string key in serverVariables.AllKeys)
{
if (!key.StartsWith("ALL_"))
{
if (key == "SERVER_SOFTWARE")
{
if (DadConfiguration.CGIServerSoftware != "")
{
NameValuePair nvp = new NameValuePair(key, DadConfiguration.CGIServerSoftware);
_cgiParams.Add(nvp);
}
else
{
// use the default
// according to the docs: "The name and version of the server software that answers the request and runs the gateway. The format is name/version."
// ie., this should return something like "Microsoft-IIS/7.5"
NameValuePair nvp = new NameValuePair(key, serverVariables.GetValues(key));
_cgiParams.Add(nvp);
}
}
else if (key == "SCRIPT_NAME")
{
NameValuePair nvp = new NameValuePair(key, "/" + ModuleName + "/" + DadName);
_cgiParams.Add(nvp);
}
else if (key == "PATH_INFO")
{
NameValuePair nvp = new NameValuePair(key, "/" + ProcName);
_cgiParams.Add(nvp);
}
else if (key == "HTTP_AUTHORIZATION")
{
// parse username and password and set properties
string encodedAuth = serverVariables.GetValues(key)[0];
logger.Debug("HTTP Authorization: " + encodedAuth);
if (encodedAuth.StartsWith("Basic "))
{
string decodedAuth = encodedAuth.Substring(6);
//decodedAuth = StringUtil.base64Decode(decodedAuth);
decodedAuth = System.Text.Encoding.Default.GetString(Convert.FromBase64String(decodedAuth));
// commented out to avoid logging usernames/passwords in the log file
//logger.Debug("Decoded value: " + decodedAuth);
string[] auth = decodedAuth.Split(':');
BasicAuthUsername = auth[0];
BasicAuthPassword = auth[1];
}
NameValuePair nvp = new NameValuePair(key, serverVariables.GetValues(key));
_cgiParams.Add(nvp);
}
else
{
NameValuePair nvp = new NameValuePair(key, serverVariables.GetValues(key));
if (nvp.Name == "HTTP_COOKIE")
{
logger.Debug("Cookies: " + nvp.ValuesAsString);
}
_cgiParams.Add(nvp);
}
}
}
// add custom CGI variables
NameValuePair nvp1 = new NameValuePair("PLSQL_GATEWAY", DadConfiguration.CGIPLSQLGateway);
_cgiParams.Add(nvp1);
NameValuePair nvp2 = new NameValuePair("GATEWAY_IVERSION", DadConfiguration.CGIGatewayIVersion);
_cgiParams.Add(nvp2);
NameValuePair nvp3 = new NameValuePair("DAD_NAME", DadName);
_cgiParams.Add(nvp3);
NameValuePair nvp4 = new NameValuePair("REQUEST_CHARSET", DadConfig.NLSCharset);
_cgiParams.Add(nvp4);
NameValuePair nvp5 = new NameValuePair("REQUEST_IANA_CHARSET", DadConfig.IANACharset);
_cgiParams.Add(nvp5);
NameValuePair nvp6 = new NameValuePair("DOC_ACCESS_PATH", DadConfig.DocumentPath);
_cgiParams.Add(nvp6);
NameValuePair nvp7 = new NameValuePair("DOCUMENT_TABLE", DadConfig.DocumentTableName);
_cgiParams.Add(nvp7);
NameValuePair nvp8 = new NameValuePair("PATH_ALIAS", DadConfig.PathAlias);
_cgiParams.Add(nvp8);
// REQUEST_PROTOCOL: not supplied by IIS, but required for Apex Listener compatibility
// see https://code.google.com/p/thoth-gateway/issues/detail?id=8
string requestProtocol = "http";
if (serverVariables["HTTPS"].ToLower() == "on")
{
requestProtocol = "https";
}
NameValuePair nvp9 = new NameValuePair("REQUEST_PROTOCOL", requestProtocol);
_cgiParams.Add(nvp9);
// impersonate Apex Listener, if necessary/desired
if (DadConfiguration.CGIApexListenerVersion != "")
{
NameValuePair nvp10 = new NameValuePair("APEX_LISTENER_VERSION", DadConfiguration.CGIApexListenerVersion);
_cgiParams.Add(nvp10);
}
// get the current Windows username, useful for Integrated Windows Authentication
WindowsUsername = serverVariables["LOGON_USER"];
logger.Debug("Current Windows user name (LOGON_USER) = " + WindowsUsername);
}