private static void CheckSecureAction(ICustomAttributeProvider method, ControllerActionData actionData)
{
object[] dataActionAttributes = method.GetCustomAttributes(typeof(SecureActionAttribute), false);
if (dataActionAttributes.Length == 0)
{
return;
}
SecureActionAttribute attribute = (SecureActionAttribute)dataActionAttributes[0];
actionData.AntiForgery = actionData.Secure = true;
actionData.AllowRouteTokens = attribute.AllowRouteTokens;
actionData.AntiForgerySalt = attribute.AntiForgerySalt;
}
private static void CheckActionFilters(ICustomAttributeProvider method, ControllerActionData actionData)
{
object[] filterAttributes = method.GetCustomAttributes(typeof(FilterAttribute), false);
if (filterAttributes.Length == 0)
{
return;
}
for (int index = 0; index < filterAttributes.Length; index++)
{
FilterAttribute attribute = (FilterAttribute)filterAttributes[index];
actionData.Filters.Add(attribute);
}
}
private static void CheckAntiForgeryAction(ICustomAttributeProvider method, ControllerActionData actionData)
{
if (actionData.Secure)
{
return;
}
object[] dataActionAttributes = method.GetCustomAttributes(typeof(AntiForgeryAttribute), false);
if (dataActionAttributes.Length == 0)
{
return;
}
actionData.AntiForgery = true;
actionData.AntiForgerySalt = ((AntiForgeryAttribute)dataActionAttributes[0]).Salt;
}
private ActionResult ExecuteControllerAction(IPortalContext context, IController controller)
{
string actionName = context.Request.ActionName.ToUpper(CultureInfo.InvariantCulture);
Dictionary <string, ControllerActionData> actionDataList = actionDataListInitializer.Value;
if (actionDataList.ContainsKey(actionName))
{
ControllerActionData actionData = actionDataList[actionName];
IHttpRequest httpRequest = context.HttpContext.Request;
if (actionData.Secure && (!RequiredRequestType.Equals(httpRequest.RequestType, StringComparison.OrdinalIgnoreCase) || !RequiredContentType.Equals(httpRequest.ContentType, StringComparison.OrdinalIgnoreCase)))
{
WriteJsonServerException("Invalid Request", context.HttpContext);
}
try
{
ActionResult action = actionData.CallMethod(controller, serializer, context.HttpContext.Request.InputStream, context.Request.Tokens);
if (action == null)
{
throw new ControllerResultException("Controller did not return an ActionResult.");
}
action.ViewPaths = BaseViewVirtualPaths.ToArray();
return(action);
}
catch (Exception ex)
{
if (actionData.Secure)
#if DEBUG
{
string message = ex.Message;
if (ex.InnerException != null)
{
message += " " + ex.InnerException.Message;
}
WriteJsonServerException(message, context.HttpContext);
}
#endif
#if !DEBUG
{ WriteJsonServerException(ex.Message, context.HttpContext); }
#endif
{ else
{
throw;
} }
private static ControllerActionData CreateActionDataObject(MethodInfo method)
{
ControllerActionData actionData = new ControllerActionData();
CheckSecureAction(method, actionData);
CheckAntiForgeryAction(method, actionData);
CheckActionFilters(method, actionData);
DynamicMethod dm = new DynamicMethod(ActionExecuterMethodPrefix + method.Name,
MethodAttributes.Static | MethodAttributes.Public,
CallingConventions.Standard,
typeof(ActionResult),
new[] { typeof(object), typeof(List <object>) },
method.DeclaringType, false);
ParameterInfo[] parameters = method.GetParameters();
MethodInfo getItem = typeof(List <object>).GetMethod("get_Item", new[] { typeof(int) });
ILGenerator il = dm.GetILGenerator();
il.Emit(OpCodes.Ldarg_0);
il.Emit(OpCodes.Castclass, method.DeclaringType);
for (int i = 0; i < parameters.Length; i++)
{
ParameterInfo parameter = parameters[i];
il.Emit(OpCodes.Ldarg_1);
il.Emit(OpCodes.Ldc_I4, i);
il.EmitCall(OpCodes.Callvirt, getItem, null);
actionData.Parameters.Add(new ActionParameter(parameter.Name, parameter.ParameterType));
}
il.EmitCall(OpCodes.Callvirt, method, null);
il.Emit(OpCodes.Ret);
actionData.RegisterMethodDelegate((ActionExecuter)dm.CreateDelegate(typeof(ActionExecuter)));
return(actionData);
}
