示例#1
0
        public IHttpActionResult Main()
        {
            try
            {
                var request = new AuthRequest();

                var siteId        = request.GetPostInt("siteId");
                var pageChannelId = request.GetPostInt("pageChannelId");
                if (pageChannelId == 0)
                {
                    pageChannelId = siteId;
                }
                var pageContentId   = request.GetPostInt("pageContentId");
                var pageTemplateId  = request.GetPostInt("pageTemplateId");
                var isPageRefresh   = request.GetPostBool("isPageRefresh");
                var templateContent = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("templateContent"));
                var ajaxDivId       = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId"));

                var channelId = request.GetPostInt("channelId");
                if (channelId == 0)
                {
                    channelId = pageChannelId;
                }
                var contentId = request.GetPostInt("contentId");
                if (contentId == 0)
                {
                    contentId = pageContentId;
                }

                var pageUrl   = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl"));
                var pageIndex = request.GetPostInt("pageNum");
                if (pageIndex > 0)
                {
                    pageIndex--;
                }

                var queryString = PageUtils.GetQueryStringFilterXss(PageUtils.UrlDecode(HttpContext.Current.Request.RawUrl));
                queryString.Remove("siteId");

                return(Ok(new
                {
                    Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, pageTemplateId, isPageRefresh, templateContent, pageUrl, pageIndex, ajaxDivId, queryString, request.UserInfo)
                }));
            }
            catch (Exception ex)
            {
                return(InternalServerError(ex));
            }
        }
        public IHttpActionResult Main()
        {
            try
            {
                var request = new AuthRequest();
                var form    = HttpContext.Current.Request.Form;

                var isAllSites       = request.GetPostBool(StlSearch.AttributeIsAllSites.ToLower());
                var siteName         = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeSiteName.ToLower()));
                var siteDir          = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeSiteDir.ToLower()));
                var siteIds          = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeSiteIds.ToLower()));
                var channelIndex     = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeChannelIndex.ToLower()));
                var channelName      = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeChannelName.ToLower()));
                var channelIds       = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeChannelIds.ToLower()));
                var type             = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeType.ToLower()));
                var word             = PageUtils.FilterSql(request.GetPostString(StlSearch.AttributeWord.ToLower()));
                var dateAttribute    = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeDateAttribute.ToLower()));
                var dateFrom         = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeDateFrom.ToLower()));
                var dateTo           = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeDateTo.ToLower()));
                var since            = PageUtils.FilterSqlAndXss(request.GetPostString(StlSearch.AttributeSince.ToLower()));
                var pageNum          = request.GetPostInt(StlSearch.AttributePageNum.ToLower());
                var isHighlight      = request.GetPostBool(StlSearch.AttributeIsHighlight.ToLower());
                var isDefaultDisplay = request.GetPostBool(StlSearch.AttributeIsDefaultDisplay.ToLower());
                var siteId           = request.GetPostInt("siteid");
                var ajaxDivId        = PageUtils.FilterSqlAndXss(request.GetPostString("ajaxdivid"));
                var template         = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("template"));
                var pageIndex        = request.GetPostInt("page", 1) - 1;

                var templateInfo = new TemplateInfo(0, siteId, string.Empty, TemplateType.FileTemplate, string.Empty, string.Empty, string.Empty, ECharset.utf_8, false);
                var siteInfo     = SiteManager.GetSiteInfo(siteId);
                var pageInfo     = new PageInfo(siteId, 0, siteInfo, templateInfo, new Dictionary <string, object>())
                {
                    UserInfo = request.UserInfo
                };
                var contextInfo    = new ContextInfo(pageInfo);
                var contentBuilder = new StringBuilder(StlRequestEntities.ParseRequestEntities(form, template));

                var stlLabelList = StlParserUtility.GetStlLabelList(contentBuilder.ToString());

                if (StlParserUtility.IsStlElementExists(StlPageContents.ElementName, stlLabelList))
                {
                    var stlElement             = StlParserUtility.GetStlElement(StlPageContents.ElementName, stlLabelList);
                    var stlPageContentsElement = stlElement;
                    var stlPageContentsElementReplaceString = stlElement;

                    bool isDefaultCondition;
                    var  whereString = DataProvider.ContentDao.GetWhereStringByStlSearch(isAllSites, siteName, siteDir, siteIds, channelIndex, channelName, channelIds, type, word, dateAttribute, dateFrom, dateTo, since, siteId, ApiRouteActionsSearch.ExlcudeAttributeNames, form, out isDefaultCondition);

                    //没搜索条件时不显示搜索结果
                    if (isDefaultCondition && !isDefaultDisplay)
                    {
                        return(NotFound());
                    }

                    var stlPageContents = new StlPageContents(stlPageContentsElement, pageInfo, contextInfo, pageNum, siteInfo.TableName, whereString);

                    int totalNum;
                    var pageCount = stlPageContents.GetPageCount(out totalNum);

                    if (totalNum == 0)
                    {
                        return(NotFound());
                    }

                    for (var currentPageIndex = 0; currentPageIndex < pageCount; currentPageIndex++)
                    {
                        if (currentPageIndex != pageIndex)
                        {
                            continue;
                        }

                        var pageHtml     = stlPageContents.Parse(totalNum, currentPageIndex, pageCount, false);
                        var pagedBuilder = new StringBuilder(contentBuilder.ToString().Replace(stlPageContentsElementReplaceString, pageHtml));

                        StlParserManager.ReplacePageElementsInSearchPage(pagedBuilder, pageInfo, stlLabelList, ajaxDivId, pageInfo.PageChannelId, currentPageIndex, pageCount, totalNum);

                        if (isHighlight && !string.IsNullOrEmpty(word))
                        {
                            var pagedContents = pagedBuilder.ToString();
                            pagedBuilder = new StringBuilder();
                            pagedBuilder.Append(RegexUtils.Replace(
                                                    $"({word.Replace(" ", "\\s")})(?!</a>)(?![^><]*>)", pagedContents,
                                                    $"<span style='color:#cc0000'>{word}</span>"));
                        }

                        Parser.Parse(siteInfo, pageInfo, contextInfo, pagedBuilder, string.Empty, false);
                        return(Ok(pagedBuilder.ToString()));
                    }
                }

                Parser.Parse(siteInfo, pageInfo, contextInfo, contentBuilder, string.Empty, false);
                return(Ok(contentBuilder.ToString()));
            }
            catch (Exception ex)
            {
                return(InternalServerError(ex));
            }
        }