protected override void RenderAttributes(HtmlTextWriter writer)
{
StringWriter stringWriter = new StringWriter();
HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter);
base.RenderAttributes(htmlWriter);
string html = stringWriter.ToString();
// Locate and replace action attribute
int startPoint = html.IndexOf("action=\"");
if (startPoint >= 0) //does action exist?
{
int endPoint = html.IndexOf("\"", startPoint + 8) + 1;
html = html.Remove(startPoint, endPoint - startPoint);
PortalSecurity objSecurity = new PortalSecurity();
html = html.Insert(startPoint, "action=\"" + objSecurity.InputFilter(HttpContext.Current.Request.RawUrl, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) + "\"");
}
//' Locate and replace id attribute
if (base.ID != null)
{
startPoint = html.IndexOf("id=\"");
if (startPoint >= 0) //does id exist?
{
int EndPoint = html.IndexOf("\"", startPoint + 4) + 1;
html = html.Remove(startPoint, EndPoint - startPoint);
html = html.Insert(startPoint, "id=\"" + base.ClientID + "\"");
}
}
writer.Write(html);
}
private static string GetFilteredValue(PortalSecurity objSecurity, string value)
{
return objSecurity.InputFilter(
value,
PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets
| PortalSecurity.FilterFlag.NoMarkup);
}
protected void linklogin_Click(object sender, EventArgs e)
{
DotNetNuke.Security.PortalSecurity users = new DotNetNuke.Security.PortalSecurity();
string username = txtusername.Text.ToString();
string password = txtpassword.Text.ToString();
string portalname = PortalSettings.PortalName.ToString();
int pid = PortalId;
int userfound;
userfound = users.UserLogin(username.ToString(), password.ToString(), pid, portalname, "127.0.0.1", true);
if (userfound == -1)
{
//lblLoginError.Text = "Invalid username or password";
Page.RegisterClientScriptBlock("!","<script type=\"text/javascript\">alert(\"Username and Password incorrect\");</script>");
}
else
{
string currentpage = Page.Request.Url.AbsoluteUri.ToString();
Response.Redirect(currentpage.ToString());
}
}
public string BecomeUser(int userToBecomeId, int currentlyLoggedInUser, HttpContext context, PortalSettings portalSettings, HttpSessionState sessionState)
{
string url = string.Empty;
string sessionStateName = string.Empty;
if (Settings[ModuleSettingsNames.SessionObject] != null)
sessionStateName = Settings[ModuleSettingsNames.SessionObject].ToString();
if (userToBecomeId > 0)
{
DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name);
PortalSecurity portalSecurity = new PortalSecurity();
portalSecurity.SignOut();
UserInfo newUserInfo = UserController.GetUserById(portalSettings.PortalId, userToBecomeId);
if (newUserInfo != null)
{
sessionState.Contents[sessionStateName] = null;
UserController.UserLogin(portalSettings.PortalId, newUserInfo, portalSettings.PortalName, HttpContext.Current.Request.UserHostAddress, false);
if (currentlyLoggedInUser != 0)
{
sessionState[sessionStateName] = currentlyLoggedInUser;
}
else
{
sessionState[sessionStateName] = null;
}
url = (context.Request.UrlReferrer.AbsoluteUri);
}
}
return url;
}
protected void linksignout_Click(object sender, EventArgs e)
{
DotNetNuke.Security.PortalSecurity signout = new DotNetNuke.Security.PortalSecurity();
signout.SignOut();
string currentpage = Page.Request.Url.AbsoluteUri.ToString();
Response.Redirect(currentpage.ToString());
}
public void SaveComment(CommentInfo comment)
{
var portalSecurity = new PortalSecurity();
if (!String.IsNullOrEmpty(comment.Comment))
{
comment.Comment = HttpUtility.HtmlDecode(portalSecurity.InputFilter(comment.Comment, PortalSecurity.FilterFlag.NoScripting));
comment.Comment = portalSecurity.InputFilter(comment.Comment, Security.PortalSecurity.FilterFlag.NoMarkup);
}
//TODO: enable once the profanity filter is working properly.
//objCommentInfo.Comment = portalSecurity.Remove(objCommentInfo.Comment, DotNetNuke.Security.PortalSecurity.ConfigType.ListController, "ProfanityFilter", DotNetNuke.Security.PortalSecurity.FilterScope.PortalList);
if (comment.Comment != null && comment.Comment.Length > 2000)
{
comment.Comment = comment.Comment.Substring(0, 1999);
}
string xml = null;
if (comment.CommentXML != null)
{
xml = comment.CommentXML.OuterXml;
}
comment.CommentId = _dataService.Journal_Comment_Save(comment.JournalId, comment.CommentId, comment.UserId, comment.Comment, xml);
var newComment = GetComment(comment.CommentId);
comment.DateCreated = newComment.DateCreated;
comment.DateUpdated = newComment.DateUpdated;
}
public static string FilterScripts(string text)
{
if (string.IsNullOrEmpty(text))
{
return string.Empty;
}
PortalSecurity objPortalSecurity = new PortalSecurity();
try
{
text = objPortalSecurity.InputFilter(text, PortalSecurity.FilterFlag.NoScripting);
}
catch (Exception ex)
{
}
string pattern = "<script.*/*>|</script>|<[a-zA-Z][^>]*=['\"]+javascript:\\w+.*['\"]+>|<\\w+[^>]*\\son\\w+=.*[ /]*>";
text = Regex.Replace(text, pattern, string.Empty, RegexOptions.IgnoreCase);
string strip = "/*,*/,alert,document.,window.,eval(,eval[,@import,vbscript,javascript,jscript,msgbox";
foreach (string s in strip.Split(','))
{
if (text.ToUpper().Contains(s.ToUpper()))
{
text = text.Replace(s.ToUpper(), string.Empty);
text = text.Replace(s, string.Empty);
}
}
return text;
}
public static string DecryptParameter( string Value )
{
PortalSettings _portalSettings = PortalController.GetCurrentPortalSettings();
string strKey = _portalSettings.GUID.ToString(); // restrict the key to 6 characters to conserve space
PortalSecurity objSecurity = new PortalSecurity();
return objSecurity.Decrypt( strKey, Value );
}
private void OnSaveClick(object sender, EventArgs e)
{
PortalSecurity ps = new PortalSecurity();
PortalController.UpdatePortalSetting(PortalId, "Store_Username", ps.EncryptString(txtUsername.Text, Config.GetDecryptionkey()));
PortalController.UpdatePortalSetting(PortalId, "Store_Password", ps.EncryptString(txtPassword.Text, Config.GetDecryptionkey()));
Response.Redirect(Globals.NavigateURL());
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
var objSecurity = new PortalSecurity();
if ((Request.Params["Tag"] != null))
{
_tagQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Tag"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
}
if (_tagQuery.Length > 0)
{
// if (!Page.IsPostBack)
// {
BindData();
// }
}
else
{
if (IsEditable)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
ContainerControl.Visible = false;
}
}
}
/// <summary>
/// Saves the and continue.
/// </summary>
private void SaveAndContinue()
{
SharedEnum.CrudOperation crudOperation = SharedEnum.CrudOperation.Insert;
try
{
DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity();
this.SaveTopic(
HttpUtility.HtmlDecode(
objSec.InputFilter(objSec.InputFilter(this.teContent.Text, PortalSecurity.FilterFlag.NoMarkup), PortalSecurity.FilterFlag.NoScripting)),
this.AllowDiscuss.Checked,
this.AllowRating.Checked,
objSec.InputFilter(WikiMarkup.DecodeTitle(this.txtTitle.Text.Trim()), PortalSecurity.FilterFlag.NoMarkup),
objSec.InputFilter(this.txtDescription.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup),
objSec.InputFilter(this.txtKeywords.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup),
out crudOperation);
}
catch (TopicValidationException exc)
{
switch (exc.CrudError)
{
case DotNetNuke.Wiki.BusinessObjects.TopicBO.TopicError.DUPLICATENAME:
this.Messages.ShowWarning(Localization.GetString("WarningDUPLICATENAME", this.LocalResourceFile));
break;
default:
throw exc;
}
}
this.PostTopicToDNNJournal(crudOperation);
}
public static string DecryptParameter(string value, string encryptionKey)
{
var objSecurity = new PortalSecurity();
//[DNN-8257] - Can't do URLEncode/URLDecode as it introduces issues on decryption (with / = %2f), so we use a modifed Base64
value = value.Replace("_", "/");
value = value.Replace("-", "+");
value = value.Replace("%3d", "=");
return objSecurity.Decrypt(encryptionKey, value);
}
public SubscriberInfo()
{
ID = Guid.NewGuid().ToString();
Name = "";
Description = "";
Address = "";
var oPortalSecurity = new PortalSecurity();
PrivateKey = oPortalSecurity.CreateKey(16);
}
public SubscriberInfo()
{
this._id = Guid.NewGuid().ToString();
this._name = "";
this._description = "";
this._address = "";
PortalSecurity portalSecurity = new PortalSecurity();
this._privateKey = portalSecurity.CreateKey( 16 );
}
public static string StripHTMLTags(string Text, bool RetainWhiteSpace)
{
DotNetNuke.Security.PortalSecurity ps = new DotNetNuke.Security.PortalSecurity();
Text = ps.InputFilter(Text, PortalSecurity.FilterFlag.NoScripting);
Text = Regex.Replace(Text, "<(.|\\n)*?>", " ");
if (!RetainWhiteSpace)
{
Text = Regex.Replace(Text, "\\s{2,}", " ").Trim();
}
return(Text);
}
private void GetFile(string fileAction, string fileId)
{
string fileCheck = Localization.GetString("StoreFile", LocalResourceFile);
string postData = "";
Dictionary<string, string> settings = PortalController.GetPortalSettingsDictionary(ModuleContext.PortalId);
var ps = new PortalSecurity();
string username = ps.DecryptString(settings["Store_Username"], Config.GetDecryptionkey());
string password = ps.DecryptString(settings["Store_Password"], Config.GetDecryptionkey());
postData = postData + "username="******"&password="******"&fileid=" + fileId;
WebRequest request = WebRequest.Create(fileCheck);
request.Method = "POST";
// Create POST data and convert it to a byte array.
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
WebResponse wr = request.GetResponse();
string myfile = "";
string cd = wr.Headers["Content-Disposition"];
if (cd != null && cd.Trim() != "" && cd.StartsWith("inline;filename="))
{
myfile = cd.Replace("inline;filename=", "");
}
var objResponse = HttpContext.Current.Response;
if (fileAction == "download")
{
objResponse.AppendHeader("Content-Disposition", "attachment; filename=\"" + myfile + "\"");
objResponse.AppendHeader("Content-Length", wr.ContentLength.ToString());
objResponse.ContentType = wr.ContentType;
const int bufferLength = 4096;
byte[] byteBuffer = new byte[bufferLength];
Stream rs = wr.GetResponseStream();
int len = 0;
while ((len = rs.Read(byteBuffer, 0, byteBuffer.Length)) > 0)
{
if (len < bufferLength)
{ objResponse.BinaryWrite(byteBuffer.Take(len).ToArray()); }
else
{ objResponse.BinaryWrite(byteBuffer); }
objResponse.Flush();
}
}
}
public void Html_Source_Tag_Should_Not_Be_Allowed(string html, string expectedOutput,
DotNetNuke.Security.PortalSecurity.FilterFlag markup)
{
//Arrange
var portalSecurity = new DotNetNuke.Security.PortalSecurity();
//Act
var filterOutput = portalSecurity.InputFilter(html, markup);
//Assert
Assert.AreEqual(filterOutput, expectedOutput);
}
protected void btnProcess_Click(object sender, EventArgs e)
{
Page.Validate();
if (!Page.IsValid)
{
return;
}
StoreInfo storeInfo = CheckoutControl.StoreData;
IAddressInfo shippingAddress = CheckoutControl.ShippingAddress;
IAddressInfo billingAddress = CheckoutControl.BillingAddress;
OrderInfo orderInfo = CheckoutControl.GetFinalizedOrderInfo();
//lblOrderNumber.Text = orderInfo.OrderID.ToString();
PortalSecurity security = new PortalSecurity();
TransactionDetails transaction = new TransactionDetails();
//transaction.CardType = (TransactionDetails.CardTypes)Enum.Parse(typeof(TransactionDetails.CardTypes), rbCard.SelectedValue);
//transaction.CardType = null;
transaction.CardNumber = security.InputFilter(txtNumber.Text, PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoSQL);;
//transaction.NameOnCard = security.InputFilter(txtName.Text, PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoSQL);;
transaction.NameOnCard = string.Empty;
transaction.VerificationCode = int.Parse(txtVer.Text);
transaction.ExpirationMonth = int.Parse(ddlMonth.SelectedValue);
transaction.ExpirationYear = int.Parse(ddlYear.SelectedValue);
if (transaction.IsValid())
{
AuthNetGatewayProvider provider = new AuthNetGatewayProvider(storeInfo.GatewaySettings);
TransactionResult orderResult = provider.ProcessTransaction(shippingAddress, billingAddress, orderInfo, transaction.ToString());
if (!orderResult.Succeeded)
{
litError.Text = Localization.GetString(orderResult.Message.ToString(), this.LocalResourceFile);
}
else
{
invokePaymentSucceeded();
//Clear basket
CurrentCart.ClearItems(PortalId);
//Clear cookies
SetOrderIdCookie(-1);
}
}
else
{
litError.Text = Localization.GetString("ErrorCardNotValid", this.LocalResourceFile);
}
}
public string[] GetTagsCompletionList(string prefixText, int count, string contextKey)
{
var objSecurity = new PortalSecurity();
DataTable dt = Tag.GetTagsByString(objSecurity.InputFilter(HttpUtility.UrlDecode(prefixText), PortalSecurity.FilterFlag.NoSQL), Convert.ToInt32(contextKey, CultureInfo.InvariantCulture));
var returnTags = new string[dt.Rows.Count];
foreach (DataRow dr in dt.Rows)
{
returnTags[0] = dr["name"].ToString();
}
return returnTags;
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
if (!Page.IsPostBack)
{
PortalSecurity ps = new PortalSecurity();
Dictionary<string, string> settings = PortalController.GetPortalSettingsDictionary(ModuleContext.PortalId);
if (settings.ContainsKey("Store_Username"))
{ txtUsername.Text = ps.DecryptString(settings["Store_Username"], Config.GetDecryptionkey()); }
if (settings.ContainsKey("Store_Username"))
{ txtPassword.Text = ps.DecryptString(settings["Store_Password"], Config.GetDecryptionkey()); }
}
}
private void DoLogoff()
{
try
{
//Remove user from cache
if (User != null)
{
DataCache.ClearUserCache(PortalSettings.PortalId, Context.User.Identity.Name);
}
var objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
}
catch (Exception exc) //Page failed to load
{
Exceptions.ProcessPageLoadException(exc);
}
}
/// <summary>
/// Handles the Click event of the SubmitButton control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event
/// data.</param>
private void SubmitButton_Click(object sender, System.EventArgs e)
{
using (UnitOfWork uOw = new UnitOfWork())
{
var commentBo = new CommentBO(uOw);
string commentText = this.txtComment.Text;
DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity();
if (commentText.Length > this.CommentsMaxLength)
{
commentText = commentText.Substring(0, this.CommentsMaxLength);
}
////4.8.3 has better control for NoMarkup
var comment = new Comment
{
ParentId = this.ParentId,
Name = objSec.InputFilter(this.txtName.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
Email = objSec.InputFilter(this.txtEmail.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
CommentText = objSec.InputFilter(commentText, PortalSecurity.FilterFlag.NoMarkup),
Ip = objSec.InputFilter(this.Context.Request.ServerVariables["REMOTE_ADDR"], DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
EmailNotify = this.chkSubscribeToNotifications.Checked,
Datetime = DateTime.Now
};
comment = commentBo.Add(comment);
////send the notification
var topic = new TopicBO(uOw).Get(this.ParentId);
DNNUtils.SendNotifications(uOw, topic, comment.Name, comment.Email, comment.CommentText, comment.Ip);
this.mSuccessValue = comment.CommentId > 0;
if (this.mSuccessValue)
{
this.txtName.Text = string.Empty;
this.txtEmail.Text = string.Empty;
this.txtComment.Text = string.Empty;
this.Context.Cache.Remove("WikiComments" + this.ParentId.ToString());
if (this.PostSubmitted != null)
{
this.PostSubmitted(this);
}
}
}
}
public HttpResponseMessage Login(loginDTO postData)
{
UserLoginStatus loginStatus = UserLoginStatus.LOGIN_FAILURE;
string userName = new PortalSecurity().InputFilter(postData.Username,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
var objUser = UserController.ValidateUser(PortalSettings.PortalId, userName, postData.Password, "DNN", string.Empty, PortalSettings.PortalName, AuthenticationLoginBase.GetIPAddress(), ref loginStatus);
switch (loginStatus)
{
case UserLoginStatus.LOGIN_SUCCESS:
case UserLoginStatus.LOGIN_SUPERUSER:
case UserLoginStatus.LOGIN_INSECUREADMINPASSWORD:
case UserLoginStatus.LOGIN_INSECUREHOSTPASSWORD:
UserController.UserLogin(PortalSettings.PortalId, objUser, "", AuthenticationLoginBase.GetIPAddress(), postData.sc);
return Request.CreateResponse(HttpStatusCode.OK, loginStatus.ToString());
default:
return Request.CreateResponse(HttpStatusCode.Unauthorized, loginStatus.ToString());
}
}
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider,
UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound)
{
if (_nameValueCollection == null)
return string.Empty;
var value = _nameValueCollection[strPropertyName];
if (string.IsNullOrEmpty(strFormat)) strFormat = string.Empty;
if (value != null)
{
var security = new PortalSecurity();
value = security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return security.InputFilter(PropertyAccess.FormatString(value, strFormat),
PortalSecurity.FilterFlag.NoScripting);
}
else
{
propertyNotFound = true;
return string.Empty;
}
}
private EventMessage DeserializeMessage( string filePath, string subscriberId )
{
EventMessage message = new EventMessage();
StreamReader oStreamReader = File.OpenText( filePath );
string messageString = oStreamReader.ReadToEnd();
if( messageString.IndexOf( "EventMessage" ) < 0 )
{
PortalSecurity oPortalSecurity = new PortalSecurity();
messageString = oPortalSecurity.Decrypt( EventQueueConfiguration.GetConfig().EventQueueSubscribers[subscriberId].PrivateKey, messageString );
}
message.Deserialize( messageString );
oStreamReader.Close();
//remove the persisted message from the queue if it has expired
if( message.ExpirationDate < DateTime.Now )
{
File.Delete( filePath );
}
return message;
}
private void SaveMetadata()
{
var security = new DotNetNuke.Security.PortalSecurity();
var ctlRole = new RoleController();
var role = ctlRole.GetRole(GroupId, PortalId);
var settingKey = security.InputFilter(txtSettingKey.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
var settingValue = security.InputFilter(txtSettingValue.Text.Trim(), PortalSecurity.FilterFlag.NoScripting);
if (role.Settings.ContainsKey(settingKey))
{
// update the existing key
role.Settings[settingKey] = settingValue;
}
else
{
// add a new key
role.Settings.Add(settingKey, settingValue);
}
TestableRoleController.Instance.UpdateRoleSettings(role, true);
}
/// <summary>
/// Get Property out of NameValueCollection
/// </summary>
/// <param name="strPropertyName"></param>
/// <param name="strFormat"></param>
/// <param name="formatProvider"></param>
/// <param name="AccessingUser"></param>
/// <param name="AccessLevel"></param>
/// <param name="PropertyNotFound"></param>
/// <returns></returns>
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound)
{
if (NameValueCollection == null)
return string.Empty;
var value = NameValueCollection[strPropertyName];
//string OutputFormat = null;
//if (strFormat == string.Empty)
//{
// OutputFormat = "g";
//}
//else
//{
// OutputFormat = string.Empty;
//}
if (value != null)
{
var Security = new PortalSecurity();
value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
return Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting);
}
PropertyNotFound = true;
return string.Empty;
}
private void OnAcquireRequestState(object sender, EventArgs eventArgs)
{
Debug.WriteLine("SessionManagement OnAuthenticateRequest");
var context = HttpContext.Current;
if (context.User == null || context.User.Identity == null || !context.User.Identity.IsAuthenticated)
{
return;
}
var session = context.Session;
if (session == null)
{
return;
}
var userInfo = UserController.GetCurrentUserInfo();
if (userInfo.IsSuperUser)
{
return;
}
var userId = userInfo.UserID;
var sessionId = session.SessionID;
var ipAddress = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
if (!sharedSessionManagement.RegisterSession(userId, sessionId, ipAddress))
{
// Logout user
var objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
// Redirect the user to the current page
context.Response.Redirect(Globals.NavigateURL());
}
}
protected void Continue_Click(object sender, EventArgs e)
{
try
{
PortalSecurity secure = new PortalSecurity();
user.FirstName = txtFirstName.Text;
user.LastName = txtLastName.Text;
user.Email = txtEmailAdd.Text;
if ((Page.IsValid && user.UserID > 0) && (TextBox1.Text != "" && TextBox2.Text != ""))
{
UserController.ChangePassword(user, UserController.GetPassword(ref user, user.Membership.PasswordAnswer), TextBox1.Text);
}
Page.ClientScript.RegisterStartupScript(this.GetType(), "nKey", "DisplayAlert()", true);
SqlConnection conn = new SqlConnection(connectionString);
SqlDataAdapter adap = new SqlDataAdapter("Update Users set IsFirstLogin=1 where username= '******'", conn);
dt.Clear();
adap.Fill(dt);
secure.SignOut();
Session.Abandon();
}
catch (Exception ex)
{
UserInfo info = UserController.GetCurrentUserInfo();
ErrorLog objLog = new ErrorLog();
objLog.ErrorDescription = ex.ToString();
objLog.ErrorDate = DateTime.Now;
objLog.ErrorFunctionName = System.Reflection.MethodBase.GetCurrentMethod().Name;
objLog.ErrorControlName = (GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").Remove(0, GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").LastIndexOf("_") + 1));
objLog.ErrorLoggedInUser = info.Username;
objLog.AddErrorToLog(objLog);
}
}
private static void UpgradeToVersion721()
{
try
{
//the username maybe html encode when register in 7.1.2, it will caught unicode charactors changed, need use InputFilter to correct the value.
var portalSecurity = new PortalSecurity();
using (var reader = DataProvider.Instance().ExecuteSQL("SELECT UserID, Username FROM {databaseOwner}[{objectQualifier}Users] WHERE Username LIKE '%&%'"))
{
while (reader.Read())
{
var userId = Convert.ToInt32(reader["UserID"]);
var userName = reader["Username"].ToString();
if (userName != HttpUtility.HtmlDecode(userName))
{
userName = HttpUtility.HtmlDecode(userName);
userName = portalSecurity.InputFilter(userName,
PortalSecurity.FilterFlag.NoScripting |
PortalSecurity.FilterFlag.NoAngleBrackets |
PortalSecurity.FilterFlag.NoMarkup);
UserController.ChangeUsername(userId, userName);
}
}
}
}
catch (Exception ex)
{
Logger.Error(ex);
}
AddManageUsersModulePermissions();
}
/// <summary>
/// Handles cmdSaveEntry.Click
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
/// <remarks>
/// Using "CommandName" property of cmdSaveEntry to determine action to take (ListUpdate/AddEntry/AddList)
/// </remarks>
protected void OnSaveEntryClick(object sender, EventArgs e)
{
String entryValue;
String entryText;
if (UserInfo.IsSuperUser)
{
entryValue = txtEntryValue.Text;
entryText = txtEntryText.Text;
}
else
{
var ps = new PortalSecurity();
entryValue = ps.InputFilter(txtEntryValue.Text, PortalSecurity.FilterFlag.NoScripting);
entryText = ps.InputFilter(txtEntryText.Text, PortalSecurity.FilterFlag.NoScripting);
}
var listController = new ListController();
var entry = new ListEntryInfo();
{
entry.DefinitionID = Null.NullInteger;
entry.PortalID = ListPortalID;
entry.ListName = txtEntryName.Text;
entry.Value = entryValue;
entry.Text = entryText;
}
if (Page.IsValid)
{
Mode = "ListEntries";
switch (cmdSaveEntry.CommandName.ToLower())
{
case "update":
entry.ParentKey = SelectedList.ParentKey;
entry.EntryID = Int16.Parse(txtEntryID.Text);
bool canUpdate = true;
foreach (var curEntry in listController.GetListEntryInfoItems(SelectedList.Name, entry.ParentKey, entry.PortalID))
{
if (entry.EntryID != curEntry.EntryID) //not the same item we are trying to update
{
if (entry.Value == curEntry.Value && entry.Text == curEntry.Text)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
canUpdate = false;
break;
}
}
}
if (canUpdate)
{
listController.UpdateListEntry(entry);
DataBind();
}
break;
case "saveentry":
if (SelectedList != null)
{
entry.ParentKey = SelectedList.ParentKey;
entry.ParentID = SelectedList.ParentID;
entry.Level = SelectedList.Level;
}
if (chkEnableSortOrder.Checked)
{
entry.SortOrder = 1;
}
else
{
entry.SortOrder = 0;
}
if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
DataBind();
break;
case "savelist":
if (ddlSelectParent.SelectedIndex != -1)
{
int parentID = Int32.Parse(ddlSelectParent.SelectedItem.Value);
ListEntryInfo parentEntry = listController.GetListEntryInfo(parentID);
entry.ParentID = parentID;
entry.DefinitionID = parentEntry.DefinitionID;
entry.Level = parentEntry.Level + 1;
entry.ParentKey = parentEntry.Key;
}
if (chkEnableSortOrder.Checked)
{
entry.SortOrder = 1;
}
else
{
entry.SortOrder = 0;
}
if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
SelectedKey = entry.ParentKey.Replace(":", ".") + ":" + entry.ListName;
Response.Redirect(Globals.NavigateURL(TabId, "", "Key=" + SelectedKey));
}
break;
}
}
}
private void LogResult(string message)
{
var portalSecurity = new PortalSecurity();
var log = new LogInfo
{
LogPortalID = PortalSettings.PortalId,
LogPortalName = PortalSettings.PortalName,
LogUserID = UserId,
LogUserName = portalSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup)
};
if (string.IsNullOrEmpty(message))
{
log.LogTypeKey = "PASSWORD_SENT_SUCCESS";
}
else
{
log.LogTypeKey = "PASSWORD_SENT_FAILURE";
log.LogProperties.Add(new LogDetailInfo("Cause", message));
}
log.AddProperty("IP", _ipAddress);
LogController.Instance.AddLog(log);
}
internal virtual string InputFilter(string input)
{
var ps = new PortalSecurity();
return ps.InputFilter(input, PortalSecurity.FilterFlag.NoProfanity);
}
/// -----------------------------------------------------------------------------
/// <summary>
/// Page_Load runs when the control is loaded
/// </summary>
/// <history>
/// [cnurse] 11/11/2004 documented
/// [cnurse] 12/13/2004 Switched to using a DataGrid for Search Results
/// </history>
/// -----------------------------------------------------------------------------
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
dgResults.PageIndexChanged += dgResults_PageIndexChanged;
ctlPagingControl.PageChanged += ctlPagingControl_PageChanged;
var objSecurity = new PortalSecurity();
if (Request.Params["Search"] != null)
{
_SearchQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Search"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
}
if (!String.IsNullOrEmpty(_SearchQuery))
{
if (!Page.IsPostBack)
{
BindData();
}
}
else
{
if (IsEditable)
{
UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
}
else
{
ContainerControl.Visible = false;
}
}
}
public static XmlDocument UpdateValidationKey(XmlDocument xmlConfig)
{
XmlNode xmlMachineKey = xmlConfig.SelectSingleNode("configuration/system.web/machineKey");
if (xmlMachineKey.Attributes["validationKey"].Value == "F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902")
{
var objSecurity = new PortalSecurity();
string validationKey = objSecurity.CreateKey(20);
XmlUtils.UpdateAttribute(xmlMachineKey, "validationKey", validationKey);
}
return xmlConfig;
}
