/// <summary> /// Saves the and continue. /// </summary> private void SaveAndContinue() { SharedEnum.CrudOperation crudOperation = SharedEnum.CrudOperation.Insert; try { DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity(); this.SaveTopic( HttpUtility.HtmlDecode( objSec.InputFilter(objSec.InputFilter(this.teContent.Text, PortalSecurity.FilterFlag.NoMarkup), PortalSecurity.FilterFlag.NoScripting)), this.AllowDiscuss.Checked, this.AllowRating.Checked, objSec.InputFilter(WikiMarkup.DecodeTitle(this.txtTitle.Text.Trim()), PortalSecurity.FilterFlag.NoMarkup), objSec.InputFilter(this.txtDescription.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup), objSec.InputFilter(this.txtKeywords.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup), out crudOperation); } catch (TopicValidationException exc) { switch (exc.CrudError) { case DotNetNuke.Wiki.BusinessObjects.TopicBO.TopicError.DUPLICATENAME: this.Messages.ShowWarning(Localization.GetString("WarningDUPLICATENAME", this.LocalResourceFile)); break; default: throw exc; } } this.PostTopicToDNNJournal(crudOperation); }
public void SaveComment(CommentInfo comment) { var portalSecurity = new PortalSecurity(); if (!String.IsNullOrEmpty(comment.Comment)) { comment.Comment = HttpUtility.HtmlDecode(portalSecurity.InputFilter(comment.Comment, PortalSecurity.FilterFlag.NoScripting)); comment.Comment = portalSecurity.InputFilter(comment.Comment, Security.PortalSecurity.FilterFlag.NoMarkup); } //TODO: enable once the profanity filter is working properly. //objCommentInfo.Comment = portalSecurity.Remove(objCommentInfo.Comment, DotNetNuke.Security.PortalSecurity.ConfigType.ListController, "ProfanityFilter", DotNetNuke.Security.PortalSecurity.FilterScope.PortalList); if (comment.Comment != null && comment.Comment.Length > 2000) { comment.Comment = comment.Comment.Substring(0, 1999); } string xml = null; if (comment.CommentXML != null) { xml = comment.CommentXML.OuterXml; } comment.CommentId = _dataService.Journal_Comment_Save(comment.JournalId, comment.CommentId, comment.UserId, comment.Comment, xml); var newComment = GetComment(comment.CommentId); comment.DateCreated = newComment.DateCreated; comment.DateUpdated = newComment.DateUpdated; }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); var objSecurity = new PortalSecurity(); if ((Request.Params["Tag"] != null)) { _tagQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Tag"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup)); } if (_tagQuery.Length > 0) { // if (!Page.IsPostBack) // { BindData(); // } } else { if (IsEditable) { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); } else { ContainerControl.Visible = false; } } }
protected override void RenderAttributes(HtmlTextWriter writer) { StringWriter stringWriter = new StringWriter(); HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter); base.RenderAttributes(htmlWriter); string html = stringWriter.ToString(); // Locate and replace action attribute int startPoint = html.IndexOf("action=\""); if (startPoint >= 0) //does action exist? { int endPoint = html.IndexOf("\"", startPoint + 8) + 1; html = html.Remove(startPoint, endPoint - startPoint); PortalSecurity objSecurity = new PortalSecurity(); html = html.Insert(startPoint, "action=\"" + objSecurity.InputFilter(HttpContext.Current.Request.RawUrl, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) + "\""); } //' Locate and replace id attribute if (base.ID != null) { startPoint = html.IndexOf("id=\""); if (startPoint >= 0) //does id exist? { int EndPoint = html.IndexOf("\"", startPoint + 4) + 1; html = html.Remove(startPoint, EndPoint - startPoint); html = html.Insert(startPoint, "id=\"" + base.ClientID + "\""); } } writer.Write(html); }
public static string FilterScripts(string text) { if (string.IsNullOrEmpty(text)) { return string.Empty; } PortalSecurity objPortalSecurity = new PortalSecurity(); try { text = objPortalSecurity.InputFilter(text, PortalSecurity.FilterFlag.NoScripting); } catch (Exception ex) { } string pattern = "<script.*/*>|</script>|<[a-zA-Z][^>]*=['\"]+javascript:\\w+.*['\"]+>|<\\w+[^>]*\\son\\w+=.*[ /]*>"; text = Regex.Replace(text, pattern, string.Empty, RegexOptions.IgnoreCase); string strip = "/*,*/,alert,document.,window.,eval(,eval[,@import,vbscript,javascript,jscript,msgbox"; foreach (string s in strip.Split(',')) { if (text.ToUpper().Contains(s.ToUpper())) { text = text.Replace(s.ToUpper(), string.Empty); text = text.Replace(s, string.Empty); } } return text; }
private static string GetFilteredValue(PortalSecurity objSecurity, string value) { return objSecurity.InputFilter( value, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); }
/// <summary> /// Handles the Click event of the SubmitButton control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event /// data.</param> private void SubmitButton_Click(object sender, System.EventArgs e) { using (UnitOfWork uOw = new UnitOfWork()) { var commentBo = new CommentBO(uOw); string commentText = this.txtComment.Text; DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity(); if (commentText.Length > this.CommentsMaxLength) { commentText = commentText.Substring(0, this.CommentsMaxLength); } ////4.8.3 has better control for NoMarkup var comment = new Comment { ParentId = this.ParentId, Name = objSec.InputFilter(this.txtName.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup), Email = objSec.InputFilter(this.txtEmail.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup), CommentText = objSec.InputFilter(commentText, PortalSecurity.FilterFlag.NoMarkup), Ip = objSec.InputFilter(this.Context.Request.ServerVariables["REMOTE_ADDR"], DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup), EmailNotify = this.chkSubscribeToNotifications.Checked, Datetime = DateTime.Now }; comment = commentBo.Add(comment); ////send the notification var topic = new TopicBO(uOw).Get(this.ParentId); DNNUtils.SendNotifications(uOw, topic, comment.Name, comment.Email, comment.CommentText, comment.Ip); this.mSuccessValue = comment.CommentId > 0; if (this.mSuccessValue) { this.txtName.Text = string.Empty; this.txtEmail.Text = string.Empty; this.txtComment.Text = string.Empty; this.Context.Cache.Remove("WikiComments" + this.ParentId.ToString()); if (this.PostSubmitted != null) { this.PostSubmitted(this); } } } }
public static string StripHTMLTags(string Text, bool RetainWhiteSpace) { DotNetNuke.Security.PortalSecurity ps = new DotNetNuke.Security.PortalSecurity(); Text = ps.InputFilter(Text, PortalSecurity.FilterFlag.NoScripting); Text = Regex.Replace(Text, "<(.|\\n)*?>", " "); if (!RetainWhiteSpace) { Text = Regex.Replace(Text, "\\s{2,}", " ").Trim(); } return(Text); }
public void Html_Source_Tag_Should_Not_Be_Allowed(string html, string expectedOutput, DotNetNuke.Security.PortalSecurity.FilterFlag markup) { //Arrange var portalSecurity = new DotNetNuke.Security.PortalSecurity(); //Act var filterOutput = portalSecurity.InputFilter(html, markup); //Assert Assert.AreEqual(filterOutput, expectedOutput); }
public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound) { if (_nameValueCollection == null) return string.Empty; var value = _nameValueCollection[strPropertyName]; if (string.IsNullOrEmpty(strFormat)) strFormat = string.Empty; if (value != null) { var security = new PortalSecurity(); value = security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting); return security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting); } else { propertyNotFound = true; return string.Empty; } }
private void SaveMetadata() { var security = new DotNetNuke.Security.PortalSecurity(); var ctlRole = new RoleController(); var role = ctlRole.GetRole(GroupId, PortalId); var settingKey = security.InputFilter(txtSettingKey.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); var settingValue = security.InputFilter(txtSettingValue.Text.Trim(), PortalSecurity.FilterFlag.NoScripting); if (role.Settings.ContainsKey(settingKey)) { // update the existing key role.Settings[settingKey] = settingValue; } else { // add a new key role.Settings.Add(settingKey, settingValue); } TestableRoleController.Instance.UpdateRoleSettings(role, true); }
public string[] GetTagsCompletionList(string prefixText, int count, string contextKey) { var objSecurity = new PortalSecurity(); DataTable dt = Tag.GetTagsByString(objSecurity.InputFilter(HttpUtility.UrlDecode(prefixText), PortalSecurity.FilterFlag.NoSQL), Convert.ToInt32(contextKey, CultureInfo.InvariantCulture)); var returnTags = new string[dt.Rows.Count]; foreach (DataRow dr in dt.Rows) { returnTags[0] = dr["name"].ToString(); } return returnTags; }
/// <summary> /// Get Property out of NameValueCollection /// </summary> /// <param name="strPropertyName"></param> /// <param name="strFormat"></param> /// <param name="formatProvider"></param> /// <param name="AccessingUser"></param> /// <param name="AccessLevel"></param> /// <param name="PropertyNotFound"></param> /// <returns></returns> public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound) { if (NameValueCollection == null) return string.Empty; var value = NameValueCollection[strPropertyName]; //string OutputFormat = null; //if (strFormat == string.Empty) //{ // OutputFormat = "g"; //} //else //{ // OutputFormat = string.Empty; //} if (value != null) { var Security = new PortalSecurity(); value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting); return Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting); } PropertyNotFound = true; return string.Empty; }
public static string NewUrl(PortalSettings portalSettings, string newLanguage) { var objSecurity = new PortalSecurity(); var newLocale = LocaleController.Instance.GetLocale(newLanguage); //Ensure that the current ActiveTab is the culture of the new language var tabId = portalSettings.ActiveTab.TabID; var islocalized = false; var localizedTab = TabController.Instance.GetTabByCulture(tabId, portalSettings.PortalId, newLocale); if (localizedTab != null) { islocalized = true; if (localizedTab.IsDeleted || !TabPermissionController.CanViewPage(localizedTab)) { var localizedPortal = PortalController.Instance.GetPortal(portalSettings.PortalId, newLocale.Code); tabId = localizedPortal.HomeTabId; } else { var fullurl = string.Empty; switch (localizedTab.TabType) { case TabType.Normal: //normal tab tabId = localizedTab.TabID; break; case TabType.Tab: //alternate tab url fullurl = TestableGlobals.Instance.NavigateURL(Convert.ToInt32(localizedTab.Url)); break; case TabType.File: //file url fullurl = TestableGlobals.Instance.LinkClick(localizedTab.Url, localizedTab.TabID, Null.NullInteger); break; case TabType.Url: //external url fullurl = localizedTab.Url; break; } if (!string.IsNullOrEmpty(fullurl)) { return objSecurity.InputFilter(fullurl, PortalSecurity.FilterFlag.NoScripting); } } } var rawQueryString = string.Empty; if (DotNetNuke.Entities.Host.Host.UseFriendlyUrls) { // Remove returnurl from query parameters to prevent that the language is changed back after the user has logged in // Example: Accessing protected page /de-de/Page1 redirects to /de-DE/Login?returnurl=%2f%2fde-de%2fPage1 and changing language to en-us on the login page // using the language links won't change the language in the returnurl parameter and the user will be redirected to the de-de version after logging in // Assumption: Loosing the returnurl information is better than confusing the user by switching the language back after the login var queryParams = HttpUtility.ParseQueryString(new Uri(string.Concat(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority), HttpContext.Current.Request.RawUrl)).Query); queryParams.Remove("returnurl"); var queryString = queryParams.ToString(); if (queryString.Length > 0) rawQueryString = string.Concat("?", queryString); } return objSecurity.InputFilter( TestableGlobals.Instance.NavigateURL(tabId, portalSettings.ActiveTab.IsSuperTab, portalSettings, HttpContext.Current.Request.QueryString["ctl"], newLanguage, GetQsParams(portalSettings, newLocale.Code, islocalized)) + rawQueryString, PortalSecurity.FilterFlag.NoScripting); }
protected override void OnPreRender(EventArgs e) { base.OnPreRender(e); //public attributes if (!String.IsNullOrEmpty(CssClass)) { titleLabel.CssClass = CssClass; } string moduleTitle = Null.NullString; if (ModuleControl != null) { moduleTitle = Localization.LocalizeControlTitle(ModuleControl); } if (moduleTitle == Null.NullString) { moduleTitle = " "; } var ps = new PortalSecurity(); titleLabel.Text = ps.InputFilter(moduleTitle,PortalSecurity.FilterFlag.NoScripting); titleLabel.EditEnabled = false; titleToolbar.Visible = false; if (CanEditModule() && PortalSettings.InlineEditorEnabled) { titleLabel.EditEnabled = true; titleToolbar.Visible = true; } }
public static string GetRichValue(ProfilePropertyDefinition property, string formatString, CultureInfo formatProvider) { string result = ""; if (!String.IsNullOrEmpty(property.PropertyValue) || DisplayDataType(property).ToLower() == "image") { switch (DisplayDataType(property).ToLower()) { case "truefalse": result = PropertyAccess.Boolean2LocalizedYesNo(Convert.ToBoolean(property.PropertyValue), formatProvider); break; case "date": case "datetime": if (formatString == string.Empty) { formatString = "g"; } result = DateTime.Parse(property.PropertyValue, CultureInfo.InvariantCulture).ToString(formatString, formatProvider); break; case "integer": if (formatString == string.Empty) { formatString = "g"; } result = int.Parse(property.PropertyValue).ToString(formatString, formatProvider); break; case "page": var tabCtrl = new TabController(); int tabid; if (int.TryParse(property.PropertyValue, out tabid)) { TabInfo tab = tabCtrl.GetTab(tabid, Null.NullInteger, false); if (tab != null) { result = string.Format("<a href='{0}'>{1}</a>", Globals.NavigateURL(tabid), tab.LocalizedTabName); } } break; case "image": //File is stored as a FileID int fileID; if (Int32.TryParse(property.PropertyValue, out fileID) && fileID > 0) { result = Globals.LinkClick(String.Format("fileid={0}", fileID), Null.NullInteger, Null.NullInteger); } else { result = IconController.IconURL("Spacer","1X1"); } break; case "richtext": var objSecurity = new PortalSecurity(); result = PropertyAccess.FormatString(objSecurity.InputFilter(HttpUtility.HtmlDecode(property.PropertyValue), PortalSecurity.FilterFlag.NoScripting), formatString); break; default: result = HttpUtility.HtmlEncode(PropertyAccess.FormatString(property.PropertyValue, formatString)); break; } } return result; }
/// <summary> /// Handles cmdSaveEntry.Click /// </summary> /// <param name="sender"></param> /// <param name="e"></param> /// <remarks> /// Using "CommandName" property of cmdSaveEntry to determine action to take (ListUpdate/AddEntry/AddList) /// </remarks> protected void OnSaveEntryClick(object sender, EventArgs e) { String entryValue; String entryText; if (UserInfo.IsSuperUser) { entryValue = txtEntryValue.Text; entryText = txtEntryText.Text; } else { var ps = new PortalSecurity(); entryValue = ps.InputFilter(txtEntryValue.Text, PortalSecurity.FilterFlag.NoScripting); entryText = ps.InputFilter(txtEntryText.Text, PortalSecurity.FilterFlag.NoScripting); } var listController = new ListController(); var entry = new ListEntryInfo(); { entry.DefinitionID = Null.NullInteger; entry.PortalID = ListPortalID; entry.ListName = txtEntryName.Text; entry.Value = entryValue; entry.Text = entryText; } if (Page.IsValid) { Mode = "ListEntries"; switch (cmdSaveEntry.CommandName.ToLower()) { case "update": entry.ParentKey = SelectedList.ParentKey; entry.EntryID = Int16.Parse(txtEntryID.Text); bool canUpdate = true; foreach (var curEntry in listController.GetListEntryInfoItems(SelectedList.Name, entry.ParentKey, entry.PortalID)) { if (entry.EntryID != curEntry.EntryID) //not the same item we are trying to update { if (entry.Value == curEntry.Value && entry.Text == curEntry.Text) { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); canUpdate = false; break; } } } if (canUpdate) { listController.UpdateListEntry(entry); DataBind(); } break; case "saveentry": if (SelectedList != null) { entry.ParentKey = SelectedList.ParentKey; entry.ParentID = SelectedList.ParentID; entry.Level = SelectedList.Level; } if (chkEnableSortOrder.Checked) { entry.SortOrder = 1; } else { entry.SortOrder = 0; } if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); } DataBind(); break; case "savelist": if (ddlSelectParent.SelectedIndex != -1) { int parentID = Int32.Parse(ddlSelectParent.SelectedItem.Value); ListEntryInfo parentEntry = listController.GetListEntryInfo(parentID); entry.ParentID = parentID; entry.DefinitionID = parentEntry.DefinitionID; entry.Level = parentEntry.Level + 1; entry.ParentKey = parentEntry.Key; } if (chkEnableSortOrder.Checked) { entry.SortOrder = 1; } else { entry.SortOrder = 0; } if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); } else { SelectedKey = entry.ParentKey.Replace(":", ".") + ":" + entry.ListName; Response.Redirect(Globals.NavigateURL(TabId, "", "Key=" + SelectedKey)); } break; } } }
/// ----------------------------------------------------------------------------- /// <summary> /// Page_Load runs when the control is loaded /// </summary> /// <history> /// [cnurse] 11/11/2004 documented /// [cnurse] 12/13/2004 Switched to using a DataGrid for Search Results /// </history> /// ----------------------------------------------------------------------------- protected override void OnLoad(EventArgs e) { base.OnLoad(e); dgResults.PageIndexChanged += dgResults_PageIndexChanged; ctlPagingControl.PageChanged += ctlPagingControl_PageChanged; var objSecurity = new PortalSecurity(); if (Request.Params["Search"] != null) { _SearchQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Search"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup)); } if (!String.IsNullOrEmpty(_SearchQuery)) { if (!Page.IsPostBack) { BindData(); } } else { if (IsEditable) { UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError); } else { ContainerControl.Visible = false; } } }
private void SaveMetadata() { var security = new DotNetNuke.Security.PortalSecurity(); var ctlRole = new RoleController(); var role = ctlRole.GetRole(GroupId, PortalId); var settingKey = security.InputFilter(txtSettingKey.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); var settingValue = security.InputFilter(txtSettingValue.Text.Trim(), PortalSecurity.FilterFlag.NoScripting); if (role.Settings.ContainsKey(settingKey)) { // update the existing key role.Settings[settingKey] = settingValue; } else { // add a new key role.Settings.Add(settingKey, settingValue); } TestableRoleController.Instance.UpdateRoleSettings(role, true); }
/// ----------------------------------------------------------------------------- /// <summary> /// RenderViewMode renders the View (readonly) mode of the control /// </summary> /// <param name="writer">A HtmlTextWriter.</param> /// <history> /// [cnurse] 02/27/2006 created /// </history> /// ----------------------------------------------------------------------------- protected virtual void RenderViewMode(HtmlTextWriter writer) { string propValue = Page.Server.HtmlDecode(Convert.ToString(Value)); ControlStyle.AddAttributesToRender(writer); writer.RenderBeginTag(HtmlTextWriterTag.Span); var security = new PortalSecurity(); writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoScripting)); writer.RenderEndTag(); }
private void LogResult(string message) { var portalSecurity = new PortalSecurity(); var objEventLog = new EventLogController(); var objEventLogInfo = new LogInfo(); objEventLogInfo.LogPortalID = PortalSettings.PortalId; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = UserId; objEventLogInfo.LogUserName = portalSecurity.InputFilter(User.Username, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); if (string.IsNullOrEmpty(message)) { objEventLogInfo.LogTypeKey = "PASSWORD_SENT_SUCCESS"; } else { objEventLogInfo.LogTypeKey = "PASSWORD_SENT_FAILURE"; objEventLogInfo.LogProperties.Add(new LogDetailInfo("Cause", message)); } objEventLog.AddLog(objEventLogInfo); }
/// <summary> /// cmdSendPassword_Click runs when the Password Reminder button is clicked /// </summary> /// <remarks> /// </remarks> /// <history> /// [cnurse] 03/21/2006 Created /// </history> protected void cmdSendPassword_Click( Object sender, EventArgs e ) { string strMessage = Null.NullString; bool canSend = true; if( ( UseCaptcha && ctlCaptcha.IsValid ) || ( ! UseCaptcha ) ) { if( txtUsername.Text.Trim() != "" ) { PortalSecurity objSecurity = new PortalSecurity(); UserInfo objUser = UserController.GetUserByName( PortalSettings.PortalId, txtUsername.Text, false ); if( objUser != null ) { if( MembershipProviderConfig.PasswordRetrievalEnabled ) { try { objUser.Membership.Password = UserController.GetPassword( ref objUser, txtAnswer.Text ); } catch( Exception ) { canSend = false; strMessage = Localization.GetString( "PasswordRetrievalError", this.LocalResourceFile ); } } else { canSend = false; strMessage = Localization.GetString( "PasswordRetrievalDisabled", this.LocalResourceFile ); } if( canSend ) { try { Mail.SendMail( objUser, MessageType.PasswordReminder, PortalSettings ); strMessage = Localization.GetString( "PasswordSent", this.LocalResourceFile ); } catch( Exception ) { canSend = false; } } } else { strMessage = Localization.GetString( "UsernameError", this.LocalResourceFile ); canSend = false; } if( canSend ) { EventLogController objEventLog = new EventLogController(); LogInfo objEventLogInfo = new LogInfo(); objEventLogInfo.AddProperty( "IP", ipAddress ); objEventLogInfo.LogPortalID = PortalSettings.PortalId; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = UserId; objEventLogInfo.LogUserName = objSecurity.InputFilter( txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); objEventLogInfo.LogTypeKey = "PASSWORD_SENT_SUCCESS"; objEventLog.AddLog( objEventLogInfo ); UI.Skins.Skin.AddModuleMessage( this, strMessage, ModuleMessageType.GreenSuccess ); } else { EventLogController objEventLog = new EventLogController(); LogInfo objEventLogInfo = new LogInfo(); objEventLogInfo.AddProperty( "IP", ipAddress ); objEventLogInfo.LogPortalID = PortalSettings.PortalId; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = UserId; objEventLogInfo.LogUserName = objSecurity.InputFilter( txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup ); objEventLogInfo.LogTypeKey = "PASSWORD_SENT_FAILURE"; objEventLog.AddLog( objEventLogInfo ); UI.Skins.Skin.AddModuleMessage( this, strMessage, ModuleMessageType.RedError ); } } else { strMessage = Localization.GetString( "EnterUsername", this.LocalResourceFile ); UI.Skins.Skin.AddModuleMessage( this, strMessage, ModuleMessageType.RedError ); } } }
private void SaveSettings() { var ctlRole = new RoleController(); RoleInfo role = ctlRole.GetRole(GroupId, PortalId); var sec = new PortalSecurity(); role.RoleName = sec.InputFilter(txtGroupName.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup); SaveSetting(ref role, FeatureController.KEY_COUNTRY, cboCountry.SelectedValue); SaveSetting(ref role, FeatureController.KEY_COUNTRYFULL, cboCountry.SelectedItem.Text); SaveSetting(ref role, FeatureController.KEY_REGION, sec.InputFilter(ParseRegionSaveSetting(), PortalSecurity.FilterFlag.NoMarkup)); if (role.Settings[FeatureController.KEY_REGION] == cboRegion.SelectedValue) { SaveSetting(ref role, FeatureController.KEY_REGIONFULL, cboRegion.SelectedItem.Text); } else { SaveSetting(ref role, FeatureController.KEY_REGIONFULL, sec.InputFilter(txtRegion.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); } SaveSetting(ref role, FeatureController.KEY_CITY, sec.InputFilter(txtCity.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_DEFAULTLANGUAGE, cboDefaultLanguage.SelectedValue); SaveSetting(ref role, FeatureController.KEY_WEBSITEURL, sec.InputFilter(txtWebsiteUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_FACEBOOKURL, sec.InputFilter(txtFacebookUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_TWITTERURL, sec.InputFilter(txtTwitterUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_LINKEDINURL, sec.InputFilter(txtLinkedInUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_GOOGLEPLUSURL, sec.InputFilter(txtGooglePlusUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_MEETUPURL, sec.InputFilter(txtMeetUpUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); SaveSetting(ref role, FeatureController.KEY_YOUTUBEURL, sec.InputFilter(txtYouTubeUrl.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup)); // update the role to save the name change ctlRole.UpdateRole(role); // save the settings TestableRoleController.Instance.UpdateRoleSettings(role, true); }
/// <summary> /// newUrl returns the new URL based on the new language. /// Basically it is just a call to NavigateUrl, with stripped qs parameters /// </summary> /// <param name="newLanguage"></param> /// <history> /// [erikvb] 20070814 added /// </history> private string NewUrl(string newLanguage) { var objSecurity = new PortalSecurity(); Locale newLocale = LocaleController.Instance.GetLocale(newLanguage); //Ensure that the current ActiveTab is the culture of the new language int tabId = objPortal.ActiveTab.TabID; bool islocalized = false; TabInfo localizedTab = TabController.Instance.GetTabByCulture(tabId, objPortal.PortalId, newLocale); if (localizedTab != null) { islocalized = true; if (localizedTab.IsDeleted || !TabPermissionController.CanViewPage(localizedTab)) { PortalInfo localizedPortal = PortalController.Instance.GetPortal(objPortal.PortalId, newLocale.Code); tabId = localizedPortal.HomeTabId; } else { string fullurl = ""; switch (localizedTab.TabType) { case TabType.Normal: //normal tab tabId = localizedTab.TabID; break; case TabType.Tab: //alternate tab url fullurl = TestableGlobals.Instance.NavigateURL(Convert.ToInt32(localizedTab.Url)); break; case TabType.File: //file url fullurl = TestableGlobals.Instance.LinkClick(localizedTab.Url, localizedTab.TabID, Null.NullInteger); break; case TabType.Url: //external url fullurl = localizedTab.Url; break; } if (!string.IsNullOrEmpty(fullurl)) { return objSecurity.InputFilter(fullurl, PortalSecurity.FilterFlag.NoScripting); } } } // on localised pages most of the querystring parameters have no sense and generate duplicate urls for the same content // because we are on a other tab with other modules (example : ?returntab=/en-US/about) string rawQueryString = ""; if (DotNetNuke.Entities.Host.Host.UseFriendlyUrls && !islocalized ) { rawQueryString = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl).Query; } return objSecurity.InputFilter( TestableGlobals.Instance.NavigateURL(tabId, objPortal.ActiveTab.IsSuperTab, objPortal, HttpContext.Current.Request.QueryString["ctl"], newLanguage, GetQsParams(newLocale.Code, islocalized)) + rawQueryString, PortalSecurity.FilterFlag.NoScripting); }
// Journal Items public void SaveJournalItem(JournalItem journalItem, int tabId, int moduleId) { if (journalItem.UserId < 1) { throw new ArgumentException("journalItem.UserId must be for a real user"); } UserInfo currentUser = UserController.GetUserById(journalItem.PortalId, journalItem.UserId); if (currentUser == null) { throw new Exception("Unable to locate the current user"); } string xml = null; var portalSecurity = new PortalSecurity(); if (!String.IsNullOrEmpty(journalItem.Title)) { journalItem.Title = portalSecurity.InputFilter(journalItem.Title, PortalSecurity.FilterFlag.NoMarkup); } if (!String.IsNullOrEmpty(journalItem.Summary)) { journalItem.Summary = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Summary, PortalSecurity.FilterFlag.NoScripting)); } if (!String.IsNullOrEmpty(journalItem.Body)) { journalItem.Body = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Body, PortalSecurity.FilterFlag.NoScripting)); } if (!String.IsNullOrEmpty(journalItem.Body)) { var xDoc = new XmlDocument(); XmlElement xnode = xDoc.CreateElement("items"); XmlElement xnode2 = xDoc.CreateElement("item"); xnode2.AppendChild(CreateElement(xDoc, "id", "-1")); xnode2.AppendChild(CreateCDataElement(xDoc, "body", journalItem.Body)); xnode.AppendChild(xnode2); xDoc.AppendChild(xnode); XmlDeclaration xDec = xDoc.CreateXmlDeclaration("1.0", null, null); xDec.Encoding = "UTF-16"; xDec.Standalone = "yes"; XmlElement root = xDoc.DocumentElement; xDoc.InsertBefore(xDec, root); journalItem.JournalXML = xDoc; xml = journalItem.JournalXML.OuterXml; } if (journalItem.ItemData != null) { if (!String.IsNullOrEmpty(journalItem.ItemData.Title)) { journalItem.ItemData.Title = portalSecurity.InputFilter(journalItem.ItemData.Title, PortalSecurity.FilterFlag.NoMarkup); } if (!String.IsNullOrEmpty(journalItem.ItemData.Description)) { journalItem.ItemData.Description = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.ItemData.Description, PortalSecurity.FilterFlag.NoScripting)); } if (!String.IsNullOrEmpty(journalItem.ItemData.Url)) { journalItem.ItemData.Url = portalSecurity.InputFilter(journalItem.ItemData.Url, PortalSecurity.FilterFlag.NoScripting); } if (!String.IsNullOrEmpty(journalItem.ItemData.ImageUrl)) { journalItem.ItemData.ImageUrl = portalSecurity.InputFilter(journalItem.ItemData.ImageUrl, PortalSecurity.FilterFlag.NoScripting); } } string journalData = journalItem.ItemData.ToJson(); if (journalData == "null") { journalData = null; } PrepareSecuritySet(journalItem, currentUser); journalItem.JournalId = _dataService.Journal_Save(journalItem.PortalId, journalItem.UserId, journalItem.ProfileId, journalItem.SocialGroupId, journalItem.JournalId, journalItem.JournalTypeId, journalItem.Title, journalItem.Summary, journalItem.Body, journalData, xml, journalItem.ObjectKey, journalItem.AccessKey, journalItem.SecuritySet, journalItem.CommentsDisabled, journalItem.CommentsHidden); var updatedJournalItem = GetJournalItem(journalItem.PortalId, journalItem.UserId, journalItem.JournalId); journalItem.DateCreated = updatedJournalItem.DateCreated; journalItem.DateUpdated = updatedJournalItem.DateUpdated; var cnt = new Content(); if (journalItem.ContentItemId > 0) { cnt.UpdateContentItem(journalItem, tabId, moduleId); _dataService.Journal_UpdateContentItemId(journalItem.JournalId, journalItem.ContentItemId); } else { ContentItem ci = cnt.CreateContentItem(journalItem, tabId, moduleId); _dataService.Journal_UpdateContentItemId(journalItem.JournalId, ci.ContentItemId); journalItem.ContentItemId = ci.ContentItemId; } if (journalItem.SocialGroupId > 0) { try { UpdateGroupStats(journalItem.PortalId, journalItem.SocialGroupId); } catch (Exception exc) { Exceptions.Exceptions.LogException(exc); } } }
/// <summary> /// Processes a post's body content prior to submission to the data store. It performs all content manipulation including security checks and returns it for saving to the data store. /// </summary> /// <param name="content"></param> /// <returns>This will likely be updated w/ more content manipulation prior to save.</returns> public static string ProcessSavePostBody(string content) { var cntSecurity = new PortalSecurity(); var cleanContent = cntSecurity.InputFilter(content, PortalSecurity.FilterFlag.NoScripting); return (cleanContent); }
public void UpdateJournalItem(JournalItem journalItem, int tabId, int moduleId) { if (journalItem.UserId < 1) { throw new ArgumentException("journalItem.UserId must be for a real user"); } UserInfo currentUser = UserController.GetUserById(journalItem.PortalId, journalItem.UserId); if (currentUser == null) { throw new Exception("Unable to locate the current user"); } string xml = null; var portalSecurity = new PortalSecurity(); if (!String.IsNullOrEmpty(journalItem.Title)) { journalItem.Title = portalSecurity.InputFilter(journalItem.Title, PortalSecurity.FilterFlag.NoMarkup); } if (!String.IsNullOrEmpty(journalItem.Summary)) { journalItem.Summary = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Summary, PortalSecurity.FilterFlag.NoScripting)); } if (!String.IsNullOrEmpty(journalItem.Body)) { journalItem.Body = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.Body, PortalSecurity.FilterFlag.NoScripting)); } if (!String.IsNullOrEmpty(journalItem.Body)) { var xDoc = new XmlDocument(); XmlElement xnode = xDoc.CreateElement("items"); XmlElement xnode2 = xDoc.CreateElement("item"); xnode2.AppendChild(CreateElement(xDoc, "id", "-1")); xnode2.AppendChild(CreateCDataElement(xDoc, "body", journalItem.Body)); xnode.AppendChild(xnode2); xDoc.AppendChild(xnode); XmlDeclaration xDec = xDoc.CreateXmlDeclaration("1.0", null, null); xDec.Encoding = "UTF-16"; xDec.Standalone = "yes"; XmlElement root = xDoc.DocumentElement; xDoc.InsertBefore(xDec, root); journalItem.JournalXML = xDoc; xml = journalItem.JournalXML.OuterXml; } if (journalItem.ItemData != null) { if (!String.IsNullOrEmpty(journalItem.ItemData.Title)) { journalItem.ItemData.Title = portalSecurity.InputFilter(journalItem.ItemData.Title, PortalSecurity.FilterFlag.NoMarkup); } if (!String.IsNullOrEmpty(journalItem.ItemData.Description)) { journalItem.ItemData.Description = HttpUtility.HtmlDecode(portalSecurity.InputFilter(journalItem.ItemData.Description, PortalSecurity.FilterFlag.NoScripting)); } if (!String.IsNullOrEmpty(journalItem.ItemData.Url)) { journalItem.ItemData.Url = portalSecurity.InputFilter(journalItem.ItemData.Url, PortalSecurity.FilterFlag.NoScripting); } if (!String.IsNullOrEmpty(journalItem.ItemData.ImageUrl)) { journalItem.ItemData.ImageUrl = portalSecurity.InputFilter(journalItem.ItemData.ImageUrl, PortalSecurity.FilterFlag.NoScripting); } } string journalData = journalItem.ItemData.ToJson(); if (journalData == "null") { journalData = null; } if (String.IsNullOrEmpty(journalItem.SecuritySet)) { journalItem.SecuritySet = "E,"; } else if (!journalItem.SecuritySet.EndsWith(",")) { journalItem.SecuritySet += ","; } if (journalItem.SecuritySet == "F,") { journalItem.SecuritySet = "F" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ","; journalItem.SecuritySet += "P" + journalItem.ProfileId.ToString(CultureInfo.InvariantCulture) + ","; } if (journalItem.SecuritySet == "U,") { journalItem.SecuritySet += "U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ","; } if (journalItem.ProfileId > 0 && journalItem.UserId != journalItem.ProfileId) { journalItem.SecuritySet += "P" + journalItem.ProfileId.ToString(CultureInfo.InvariantCulture) + ","; journalItem.SecuritySet += "U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ","; } if (!journalItem.SecuritySet.Contains("U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture))) { journalItem.SecuritySet += "U" + journalItem.UserId.ToString(CultureInfo.InvariantCulture) + ","; } if (journalItem.SocialGroupId > 0) { JournalItem item = journalItem; RoleInfo role = RoleController.Instance.GetRole(journalItem.PortalId, r => r.SecurityMode != SecurityMode.SecurityRole && r.RoleID == item.SocialGroupId); if (role != null) { if (currentUser.IsInRole(role.RoleName)) { journalItem.SecuritySet += "R" + journalItem.SocialGroupId.ToString(CultureInfo.InvariantCulture) + ","; if (!role.IsPublic) { journalItem.SecuritySet = journalItem.SecuritySet.Replace("E,", String.Empty); } } } } journalItem.JournalId = _dataService.Journal_Update(journalItem.PortalId, journalItem.UserId, journalItem.ProfileId, journalItem.SocialGroupId, journalItem.JournalId, journalItem.JournalTypeId, journalItem.Title, journalItem.Summary, journalItem.Body, journalData, xml, journalItem.ObjectKey, journalItem.AccessKey, journalItem.SecuritySet, journalItem.CommentsDisabled, journalItem.CommentsHidden); var updatedJournalItem = GetJournalItem(journalItem.PortalId, journalItem.UserId, journalItem.JournalId); journalItem.DateCreated = updatedJournalItem.DateCreated; journalItem.DateUpdated = updatedJournalItem.DateUpdated; var cnt = new Content(); if (journalItem.ContentItemId > 0) { cnt.UpdateContentItem(journalItem, tabId, moduleId); _dataService.Journal_UpdateContentItemId(journalItem.JournalId, journalItem.ContentItemId); } else { ContentItem ci = cnt.CreateContentItem(journalItem, tabId, moduleId); _dataService.Journal_UpdateContentItemId(journalItem.JournalId, ci.ContentItemId); journalItem.ContentItemId = ci.ContentItemId; } if (journalItem.SocialGroupId > 0) { try { UpdateGroupStats(journalItem.PortalId, journalItem.SocialGroupId); } catch (Exception exc) { Exceptions.Exceptions.LogException(exc); } } }
/// <Summary> /// RenderViewMode renders the View (readonly) mode of the control /// </Summary> /// <Param name="writer">A HtmlTextWriter.</Param> protected virtual void RenderViewMode( HtmlTextWriter writer ) { string propValue = Convert.ToString(this.Value); ControlStyle.AddAttributesToRender(writer); writer.RenderBeginTag(HtmlTextWriterTag.Span); PortalSecurity security = new PortalSecurity(); writer.Write(security.InputFilter(propValue, PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting)); writer.RenderEndTag(); }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); PortalSettings portalSettings = PortalController.GetCurrentPortalSettings(); if (portalSettings != null && !String.IsNullOrEmpty(portalSettings.LogoFile)) { IFileInfo fileInfo = FileManager.Instance.GetFile(portalSettings.PortalId, portalSettings.LogoFile); if (fileInfo != null) { headerImage.ImageUrl = FileManager.Instance.GetUrl(fileInfo); } } headerImage.Visible = !string.IsNullOrEmpty(headerImage.ImageUrl); string localizedMessage; var security = new PortalSecurity(); string status = security.InputFilter(Request.QueryString["status"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup); if (!string.IsNullOrEmpty(status)) ManageError(status); else { //get the last server error var exc = Server.GetLastError(); try { if (Request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx")) { ErrorPlaceHolder.Controls.Add(new LiteralControl(HttpUtility.HtmlEncode(exc.ToString()))); } else { var lex = new PageLoadException(exc.Message, exc); Exceptions.LogException(lex); localizedMessage = Localization.Localization.GetString("Error.Text", Localization.Localization.GlobalResourceFile); ErrorPlaceHolder.Controls.Add(new ErrorContainer(portalSettings, localizedMessage, lex).Container); } } catch { //No exception was found...you shouldn't end up here //unless you go to this aspx page URL directly localizedMessage = Localization.Localization.GetString("UnhandledError.Text", Localization.Localization.GlobalResourceFile); ErrorPlaceHolder.Controls.Add(new LiteralControl(localizedMessage)); } Response.StatusCode = 500; } localizedMessage = Localization.Localization.GetString("Return.Text", Localization.Localization.GlobalResourceFile); hypReturn.Text = localizedMessage; }
internal virtual string InputFilter(string input) { var ps = new PortalSecurity(); return ps.InputFilter(input, PortalSecurity.FilterFlag.NoProfanity); }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); PortalSettings portalSettings = PortalController.GetCurrentPortalSettings(); if (portalSettings != null && !String.IsNullOrEmpty(portalSettings.LogoFile)) { IFileInfo fileInfo = FileManager.Instance.GetFile(portalSettings.PortalId, portalSettings.LogoFile); if (fileInfo != null) { headerImage.ImageUrl = FileManager.Instance.GetUrl(fileInfo); } } headerImage.Visible = !string.IsNullOrEmpty(headerImage.ImageUrl); string strLocalizedMessage = Null.NullString; PortalSecurity objSecurity = new PortalSecurity(); string status = objSecurity.InputFilter(Request.QueryString["status"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup); if (!string.IsNullOrEmpty(status)) ManageError(status); else { //get the last server error Exception exc = Server.GetLastError(); try { if (Request.Url.LocalPath.ToLower().EndsWith("installwizard.aspx")) ErrorPlaceHolder.Controls.Add(new LiteralControl(HttpUtility.HtmlEncode(exc.ToString()))); else { PageLoadException lex = new PageLoadException(exc.Message, exc); //process this error using the Exception Management Application Block Exceptions.LogException(lex); //add to a placeholder and place on page strLocalizedMessage = Localization.Localization.GetString("Error.Text", Localization.Localization. GlobalResourceFile); ErrorPlaceHolder.Controls.Add( new ErrorContainer(portalSettings, strLocalizedMessage, lex).Container); } } catch { //No exception was found...you shouldn't end up here //unless you go to this aspx page URL directly strLocalizedMessage = Localization.Localization.GetString("UnhandledError.Text", Localization.Localization. GlobalResourceFile); ErrorPlaceHolder.Controls.Add(new LiteralControl(strLocalizedMessage)); } } strLocalizedMessage = Localization.Localization.GetString("Return.Text", Localization.Localization.GlobalResourceFile); hypReturn.Text = "<img src=\"" + Globals.ApplicationPath + "/images/lt.gif\" border=\"0\" /> " + strLocalizedMessage; }
private void LogResult(string message) { var portalSecurity = new PortalSecurity(); var log = new LogInfo { LogPortalID = PortalSettings.PortalId, LogPortalName = PortalSettings.PortalName, LogUserID = UserId, LogUserName = portalSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) }; if (string.IsNullOrEmpty(message)) { log.LogTypeKey = "PASSWORD_SENT_SUCCESS"; } else { log.LogTypeKey = "PASSWORD_SENT_FAILURE"; log.LogProperties.Add(new LogDetailInfo("Cause", message)); } log.AddProperty("IP", _ipAddress); LogController.Instance.AddLog(log); }
/// <summary> /// newUrl returns the new URL based on the new language. /// Basically it is just a call to NavigateUrl, with stripped qs parameters /// </summary> /// <param name="newLanguage"></param> /// <history> /// [erikvb] 20070814 added /// </history> private string newUrl(string newLanguage) { var objSecurity = new PortalSecurity(); Locale newLocale = LocaleController.Instance.GetLocale(newLanguage); //Ensure that the current ActiveTab is the culture of the new language int tabId = objPortal.ActiveTab.TabID; bool islocalized = false; TabInfo localizedTab = new TabController().GetTabByCulture(tabId, objPortal.PortalId, newLocale); if (localizedTab != null) { islocalized = true; tabId = localizedTab.TabID; } return objSecurity.InputFilter( Globals.NavigateURL(tabId, objPortal.ActiveTab.IsSuperTab, objPortal, HttpContext.Current.Request.QueryString["ctl"], newLanguage, getQSParams(newLocale.Code, islocalized)), PortalSecurity.FilterFlag.NoScripting); }
private static void UpgradeToVersion721() { try { //the username maybe html encode when register in 7.1.2, it will caught unicode charactors changed, need use InputFilter to correct the value. var portalSecurity = new PortalSecurity(); using (var reader = DataProvider.Instance().ExecuteSQL("SELECT UserID, Username FROM {databaseOwner}[{objectQualifier}Users] WHERE Username LIKE '%&%'")) { while (reader.Read()) { var userId = Convert.ToInt32(reader["UserID"]); var userName = reader["Username"].ToString(); if (userName != HttpUtility.HtmlDecode(userName)) { userName = HttpUtility.HtmlDecode(userName); userName = portalSecurity.InputFilter(userName, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); UserController.ChangeUsername(userId, userName); } } } } catch (Exception ex) { Logger.Error(ex); } AddManageUsersModulePermissions(); }
/// <summary> /// cmdResetPassword_Click runs when the password reset button is clicked /// </summary> /// <remarks> /// </remarks> /// <history> /// [JT] 04/13/2006 Created /// </history> protected void cmdResetPassword_Click(Object sender, EventArgs e) { string strMessage = Null.NullString; ModuleMessageType moduleMessageType = ModuleMessageType.GreenSuccess; bool canReset = true; string answer = String.Empty; if ((UseCaptcha && ctlCaptcha.IsValid) || (!UseCaptcha)) { // No point in continuing if the user has not entered a username. if (!String.IsNullOrEmpty(txtUsername.Text.Trim())) { PortalSecurity objSecurity = new PortalSecurity(); UserInfo objUser = UserController.GetUserByName(PortalSettings.PortalId, txtUsername.Text.Trim(), false); if (objUser != null) { if (MembershipProviderConfig.RequiresQuestionAndAnswer) { // This is a simple check to see if this is our first or second pass through this event method. if (User.UserID != objUser.UserID) { User = objUser; canReset = false; // Check to see if the user had enter an email and password question. if (!String.IsNullOrEmpty(User.Membership.Email.Trim()) && !String.IsNullOrEmpty(User.Membership.PasswordQuestion.Trim())) { tblQA.Visible = true; lblQuestion.Text = User.Membership.PasswordQuestion; txtAnswer.Text = String.Empty; strMessage = Localization.GetString("RequiresQAndAEnabled", this.LocalResourceFile); moduleMessageType = ModuleMessageType.YellowWarning; } else { strMessage = Localization.GetString("MissingEmailOrQuestion", this.LocalResourceFile); moduleMessageType = ModuleMessageType.RedError; } } else { answer = txtAnswer.Text.Trim(); if (String.IsNullOrEmpty(answer)) { canReset = false; strMessage = Localization.GetString("EnterAnswer", this.LocalResourceFile); moduleMessageType = ModuleMessageType.RedError; } } } } else { canReset = false; ResetControl(); strMessage = Localization.GetString("UsernameError", this.LocalResourceFile); moduleMessageType = ModuleMessageType.YellowWarning; } if (canReset) { try { //UserController.ResetPassword(objUser, answer); //Mail.SendMail(User, MessageType.PasswordReminder, PortalSettings); strMessage = Localization.GetString("PasswordSent", this.LocalResourceFile); moduleMessageType = ModuleMessageType.GreenSuccess; EventLogController objEventLog = new EventLogController(); LogInfo objEventLogInfo = new LogInfo(); objEventLogInfo.AddProperty("IP", ipAddress); objEventLogInfo.LogPortalID = PortalSettings.PortalId; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = UserId; objEventLogInfo.LogUserName = objSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); objEventLogInfo.LogTypeKey = "PASSWORD_RESET_SUCCESS"; objEventLog.AddLog(objEventLogInfo); } catch (Exception) { strMessage = Localization.GetString("PasswordResetError", this.LocalResourceFile); moduleMessageType = ModuleMessageType.RedError; EventLogController objEventLog = new EventLogController(); LogInfo objEventLogInfo = new LogInfo(); objEventLogInfo.AddProperty("IP", ipAddress); objEventLogInfo.LogPortalID = PortalSettings.PortalId; objEventLogInfo.LogPortalName = PortalSettings.PortalName; objEventLogInfo.LogUserID = UserId; objEventLogInfo.LogUserName = objSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup); objEventLogInfo.LogTypeKey = "PASSWORD_RESET_FAILURE"; objEventLog.AddLog(objEventLogInfo); } } } else { ResetControl(); strMessage = Localization.GetString("EnterUsername", this.LocalResourceFile); moduleMessageType = ModuleMessageType.RedError; } UI.Skins.Skin.AddModuleMessage(this, strMessage, moduleMessageType); } }