internal HttpSessionData(HttpRequest httpPacket)
{
base.HttpHeadVariables = httpPacket.VariablesHttpHead;
base.HttpPostVariables = httpPacket.VariablesHttpPost;
base.RequestedFile = httpPacket.RequestUrl;
this.Cookies = new AVLTree <string, string>();
this.HttpPacket = httpPacket;
this.Stream = httpPacket.Stream;
try
{
this.RemoteEndpoint = httpPacket.TcpClient?.Client?.RemoteEndPoint;
this.LocalEndpoint = httpPacket.TcpClient?.Client?.LocalEndPoint;
}
catch { }
if (httpPacket.Cookies != null)
{
foreach (KeyValuePair <string, string> kvp in httpPacket.Cookies)
{
this.Cookies.Add(kvp);
}
}
this.RawHttpPacket = httpPacket.RawRequest;
if (SessionContainer.SessionIdTransmissionType == SessionContainer.ESessionIdTransmissionType.Cookie)
{
base.Ssid = this.Cookies["ssid"];
}
else
{
Logger.LogExcept(new NotImplementedException($"The given SessionIdTransmissionType ({SessionContainer.SessionIdTransmissionType}) could not be handled in {GetType().ToString()}."));
}
base.PerFileVariables = SessionContainer.GetFileDictionary(httpPacket.RequestUrl);
this._userInfo = SessionContainer.GetUserInfoFromSsid(Ssid);
CurrentSession = this;
}
/// <summary>
/// Tells if a user has ever been registered with the given name
/// </summary>
/// <param name="userName">the name of the user</param>
/// <returns>true if the user has ever existed</returns>
public bool UserExists(string userName)
{
return(SessionContainer.GetUserInfoFromName(userName) != null);
}
private void ProcessHrefs(ref string ret, HttpSessionData sessionData)
{
// href="#" untouched
// href="somelink.html?123=bla" even with onclick="xyz" will contain the ssid in post
for (int i = 0; i < ret.Length - 1; i++)
{
if ((ret[i] == '<' && ret[i + 1] == 'a') || (i > 5 && ret.Substring(i - 6, 7) == "<button"))
{
int state = 0;
int hrefPos = -1, onclickPos = -1;
int linkStartPos = -1, onclickStartPos = -1;
int linkEndPos = -1, onclickEndPos = -1;
char stringEndChar = '\0';
// search for href
for (int j = i + 3; j < ret.Length - 5; j++)
{
if (state == 0 && j < ret.Length - 5 && ret.Substring(j, 4) == "href" && hrefPos == -1)
{
j += 3;
hrefPos = j;
state = 1;
}
else if (state == 1 && ret[j] == '=')
{
state = 2;
}
else if (state == 2 && (ret[j] == '\'' || ret[j] == '\"'))
{
state = 3;
stringEndChar = ret[j];
linkStartPos = j + 1;
if (j + 1 < ret.Length && ret[j + 1] == '#')
{
goto CONTINUE_SEARCH_FOR_LINK_TAG;
}
j++;
}
else if (state == 3 && j > linkStartPos + 1 && ret[j] == stringEndChar)
{
state = 0;
linkEndPos = j - 1;
}
else if (state == 0 && j < ret.Length - 5 && ret.Substring(j, 7) == "onclick" && onclickPos == -1)
{
state = -1;
j += 6;
}
else if (state == -1 && ret[j] == '=')
{
state = -2;
}
else if (state == -2 && (ret[j] == '\'' || ret[j] == '\"'))
{
stringEndChar = ret[j];
state = -3;
onclickStartPos = j + 1;
}
else if (state == -3 && ret[j] == stringEndChar)
{
onclickEndPos = j - 1;
state = 0;
}
else if (ret[j] == '>')
{
if (linkStartPos > -1 && linkEndPos > -1)
{
ret = ret.Remove(linkStartPos - 1, 1);
ret = ret.Insert(linkStartPos - 1, "\"");
ret = ret.Remove(linkEndPos + 1, 1);
ret = ret.Insert(linkEndPos + 1, "\"");
if (onclickStartPos > -1 && onclickEndPos > -1)
{
ret = ret.Remove(onclickStartPos - 1, 1);
ret = ret.Insert(onclickStartPos - 1, "\"");
ret = ret.Remove(onclickEndPos + 1, 1);
ret = ret.Insert(onclickEndPos + 1, "\"");
string hash = SessionContainer.GenerateUnusedHash();
string add = ";var f_"
+ hash + "=document.createElement('form');f_"
+ hash + ".setAttribute('method','POST');f_"
+ hash + ".setAttribute('action','"
+ ret.Substring(linkStartPos, linkEndPos - linkStartPos + 1) + "');f_"
+ hash + ".setAttribute('enctype','application/x-www-form-urlencoded');var i_"
+ hash + "=document.createElement('input');i_"
+ hash + ".setAttribute('type','hidden');i_"
+ hash + ".setAttribute('name','ssid');i_"
+ hash + ".setAttribute('value','"
+ sessionData.Ssid + "');f_"
+ hash + ".appendChild(i_"
+ hash + ");document.body.appendChild(f_"
+ hash + ");f_"
+ hash + ".submit();document.body.remove(f_"
+ hash + ");";
if (onclickStartPos > linkStartPos)
{
ret = ret.Insert(onclickEndPos + 1, add);
j += add.Length;
ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1);
ret = ret.Insert(linkStartPos, "#");
j -= (linkEndPos - 1);
}
else
{
ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1);
ret = ret.Insert(linkStartPos, "#");
j -= (linkEndPos - 1);
ret = ret.Insert(onclickEndPos + 1, add);
j += add.Length;
}
}
else
{
string add = "#\" onclick =\"var f=document.createElement('form');f.setAttribute('method','POST');f.setAttribute('action','"
+ ret.Substring(linkStartPos, linkEndPos - linkStartPos + 1)
+ "');f.setAttribute('enctype','application/x-www-form-urlencoded');var i=document.createElement('input');i.setAttribute('type','hidden');i.setAttribute('name','ssid');i.setAttribute('value','"
+ sessionData.Ssid
+ "');f.appendChild(i);document.body.appendChild(f);f.submit();document.body.remove(f);";
ret = ret.Remove(linkStartPos, linkEndPos - linkStartPos + 1);
j -= linkEndPos;
ret = ret.Insert(linkStartPos, add);
j += add.Length;
}
}
i = j;
goto CONTINUE_SEARCH_FOR_LINK_TAG;
}
}
CONTINUE_SEARCH_FOR_LINK_TAG :;
}
}
}
