/// <summary>
/// This function applies security filtering to the UserInput string.
/// </summary>
/// <param name="UserInput">This is the string to be filtered</param>
/// <param name="FilterType">Flags which designate the filters to be applied</param>
/// <returns>Filtered UserInput</returns>
public string InputFilter(string UserInput, FilterFlag FilterType)
{
if (UserInput == null)
{
return("");
}
string TempInput = UserInput;
if ((FilterType & FilterFlag.NoAngleBrackets) == FilterFlag.NoAngleBrackets)
{
bool RemoveAngleBrackets;
if (Config.GetSetting("RemoveAngleBrackets") == null)
{
RemoveAngleBrackets = false;
}
else
{
RemoveAngleBrackets = bool.Parse(Config.GetSetting("RemoveAngleBrackets"));
}
if (RemoveAngleBrackets)
{
TempInput = FormatAngleBrackets(TempInput);
}
}
if ((FilterType & FilterFlag.NoSQL) == FilterFlag.NoSQL)
{
TempInput = FormatRemoveSQL(TempInput);
}
else
{
if ((FilterType & FilterFlag.NoMarkup) == FilterFlag.NoMarkup)
{
if (IncludesMarkup(TempInput))
{
TempInput = HttpUtility.HtmlEncode(TempInput);
}
}
else if ((FilterType & FilterFlag.NoScripting) == FilterFlag.NoScripting)
{
TempInput = FormatDisableScripting(TempInput);
}
if ((FilterType & FilterFlag.MultiLine) == FilterFlag.MultiLine)
{
TempInput = FormatMultiLine(TempInput);
}
}
return(TempInput);
}
/// -----------------------------------------------------------------------------
/// <summary>
/// This function applies security filtering to the UserInput string.
/// </summary>
/// <param name="userInput">This is the string to be filtered.</param>
/// <param name="filterType">Flags which designate the filters to be applied.</param>
/// <returns>Filtered UserInput.</returns>
/// -----------------------------------------------------------------------------
public string InputFilter(string userInput, FilterFlag filterType)
{
if (userInput == null)
{
return(string.Empty);
}
var tempInput = userInput;
if ((filterType & FilterFlag.NoAngleBrackets) == FilterFlag.NoAngleBrackets)
{
var removeAngleBrackets = Config.GetSetting("RemoveAngleBrackets") != null && bool.Parse(Config.GetSetting("RemoveAngleBrackets"));
if (removeAngleBrackets)
{
tempInput = FormatAngleBrackets(tempInput);
}
}
if ((filterType & FilterFlag.NoSQL) == FilterFlag.NoSQL)
{
tempInput = FormatRemoveSQL(tempInput);
}
if ((filterType & FilterFlag.NoMarkup) == FilterFlag.NoMarkup && IncludesMarkup(tempInput))
{
tempInput = HttpUtility.HtmlEncode(tempInput);
}
if ((filterType & FilterFlag.NoScripting) == FilterFlag.NoScripting)
{
tempInput = FilterStrings(tempInput);
}
if ((filterType & FilterFlag.MultiLine) == FilterFlag.MultiLine)
{
tempInput = FormatMultiLine(tempInput);
}
if ((filterType & FilterFlag.NoProfanity) == FilterFlag.NoProfanity)
{
tempInput = this.Replace(tempInput, ConfigType.ListController, "ProfanityFilter", FilterScope.SystemAndPortalList);
}
return(tempInput);
}
public static string InputFilter(string strInput, FilterFlag Filter, Regex[] NewRxListStrings)
{
if (strInput == null)
{
return(null);
}
string tempInput = strInput;
const string replacement = " ";
if (Filter == FilterFlag.NoScripting)
{
if (NewRxListStrings != null && NewRxListStrings.Count() > 0)
{
tempInput = NewRxListStrings.Aggregate(tempInput, (current, s) => s.Replace(current, replacement));
}
else
{
tempInput = RxListStrings.Aggregate(tempInput, (current, s) => s.Replace(current, replacement));
}
}
return(tempInput);
}
public static string InputFilter(string strInput, FilterFlag Filter)
{
return(InputFilter(strInput, Filter, null));
}
///-----------------------------------------------------------------------------
/// <summary>
/// This function applies security filtering to the UserInput string, and reports
/// whether the input string is valid.
/// </summary>
/// <param name="userInput">This is the string to be filtered</param>
/// <param name="filterType">Flags which designate the filters to be applied</param>
/// <returns></returns>
///-----------------------------------------------------------------------------
public bool ValidateInput(string userInput, FilterFlag filterType)
{
string filteredInput = InputFilter(userInput, filterType);
return(userInput == filteredInput);
}
///-----------------------------------------------------------------------------
/// <summary>
/// This function applies security filtering to the UserInput string, and reports
/// whether the input string is valid.
/// </summary>
/// <param name="userInput">This is the string to be filtered</param>
/// <param name="filterType">Flags which designate the filters to be applied</param>
/// <returns></returns>
///-----------------------------------------------------------------------------
public bool ValidateInput(string userInput, FilterFlag filterType)
{
string filteredInput = InputFilter(userInput, filterType);
return (userInput == filteredInput);
}
///-----------------------------------------------------------------------------
/// <summary>
/// This function applies security filtering to the UserInput string.
/// </summary>
/// <param name="userInput">This is the string to be filtered</param>
/// <param name="filterType">Flags which designate the filters to be applied</param>
/// <returns>Filtered UserInput</returns>
///-----------------------------------------------------------------------------
public string InputFilter(string userInput, FilterFlag filterType)
{
if (userInput == null)
{
return "";
}
var tempInput = userInput;
if ((filterType & FilterFlag.NoAngleBrackets) == FilterFlag.NoAngleBrackets)
{
var removeAngleBrackets = Config.GetSetting("RemoveAngleBrackets") != null && Boolean.Parse(Config.GetSetting("RemoveAngleBrackets"));
if (removeAngleBrackets)
{
tempInput = FormatAngleBrackets(tempInput);
}
}
if ((filterType & FilterFlag.NoSQL) == FilterFlag.NoSQL)
{
tempInput = FormatRemoveSQL(tempInput);
}
else
{
if ((filterType & FilterFlag.NoMarkup) == FilterFlag.NoMarkup && IncludesMarkup(tempInput))
{
tempInput = HttpUtility.HtmlEncode(tempInput);
}
if ((filterType & FilterFlag.NoScripting) == FilterFlag.NoScripting)
{
tempInput = FormatDisableScripting(tempInput);
}
if ((filterType & FilterFlag.MultiLine) == FilterFlag.MultiLine)
{
tempInput = FormatMultiLine(tempInput);
}
}
if ((filterType & FilterFlag.NoProfanity) == FilterFlag.NoProfanity)
{
tempInput = Replace(tempInput, ConfigType.ListController, "ProfanityFilter", FilterScope.SystemAndPortalList);
}
return tempInput;
}
public override StatusChangeResult?StatusChange(int pairId, PairFlag pairFlags, FilterFlag filterFlags)
{
return(null);
}
/// <summary>
/// This function applies security filtering to the UserInput string.
/// </summary>
/// <param name="UserInput">This is the string to be filtered</param>
/// <param name="FilterType">Flags which designate the filters to be applied</param>
/// <returns>Filtered UserInput</returns>
public string InputFilter( string UserInput, FilterFlag FilterType )
{
if( UserInput == null )
{
return "";
}
string TempInput = UserInput;
if( ( FilterType & FilterFlag.NoAngleBrackets ) == FilterFlag.NoAngleBrackets )
{
bool RemoveAngleBrackets;
if( Config.GetSetting( "RemoveAngleBrackets" ) == null )
{
RemoveAngleBrackets = false;
}
else
{
RemoveAngleBrackets = bool.Parse( Config.GetSetting( "RemoveAngleBrackets" ) );
}
if( RemoveAngleBrackets )
{
TempInput = FormatAngleBrackets( TempInput );
}
}
if( ( FilterType & FilterFlag.NoSQL ) == FilterFlag.NoSQL )
{
TempInput = FormatRemoveSQL( TempInput );
}
else
{
if( ( FilterType & FilterFlag.NoMarkup ) == FilterFlag.NoMarkup )
{
if( IncludesMarkup( TempInput ) )
{
TempInput = HttpUtility.HtmlEncode( TempInput );
}
}
else if( ( FilterType & FilterFlag.NoScripting ) == FilterFlag.NoScripting )
{
TempInput = FormatDisableScripting( TempInput );
}
if( ( FilterType & FilterFlag.MultiLine ) == FilterFlag.MultiLine )
{
TempInput = FormatMultiLine( TempInput );
}
}
return TempInput;
}
