private void Application_Error(object sender, EventArgs e)
{
HttpRequestValidationException lastError = base.Server.GetLastError() as HttpRequestValidationException;
if (lastError != null)
{
PowwaEvents.PowwaEVENT_MALICIOUS_DATA(SessionHelper.GetSourceIPAddressRemoteAddr(), SessionHelper.GetSourceIPAddressHttpXForwardedFor(), lastError.Message);
}
}
public void ResolveRichText_InvalidQueryStringValue_ThrowsHttpRequestValidationException_LogsException()
{
const string PARAM = "param";
const string DEFAULT_VALUE = "DEF";
string text = $"{{% ResolveDynamicText(\"query\", \"{PARAM}\", \"{DEFAULT_VALUE}\") %}}";
var register = GetPatternRegister();
var queryString = Substitute.For <IDataContainer>();
var thrownException = new HttpRequestValidationException();
queryString[PARAM].Returns(x => { throw thrownException; });
string result = new DynamicTextResolver(register, queryString, eventLogService).ResolveRichText(text);
Assert.Multiple(() =>
{
Assert.That(result, Is.EqualTo(DEFAULT_VALUE));
eventLogService.Received(1).LogException("RichTextEditor", "InvalidQueryParamValue", thrownException);
});
}
void Application_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError().InnerException ?? Server.GetLastError();
if (ex is ThreadAbortException)
{
// 不记录Response.End引发的异常
Thread.ResetAbort();
HttpContext.Current.ClearError();
return;
}
HttpException exp404 = ex as HttpException;
if (exp404 != null)
{
int erCode = exp404.GetHttpCode();
if (erCode == 404 || erCode == 400)
{
LogHelper.WriteCustom(ex.Message, erCode.ToString() + "err\\");
ClearError();
return;
}
}
string msg = string.Format("\r\nGlobal异常: Post数据:{0}\r\nHeaders:\r\n{1}",
Request.Form, GetHeaders());
HttpRequestValidationException validationExp = ex as HttpRequestValidationException;
if (validationExp != null)
{
LogHelper.WriteCustom(msg, "expValidation\\");
ClearError();
return;
}
LogHelper.WriteException(msg, ex);
ClearError();
}
protected void HandleHttpRequestValidationException(System.Web.Mvc.ModelBindingContext bindingContext, HttpRequestValidationException ex)
{
var valueProviderCollection = bindingContext.ValueProvider as System.Web.Mvc.ValueProviderCollection;
if (valueProviderCollection != null)
{
System.Web.Mvc.ValueProviderResult valueProviderResult = valueProviderCollection.GetValue(bindingContext.ModelName, skipValidation: true);
bindingContext.ModelState.SetModelValue(bindingContext.ModelName, valueProviderResult);
}
string errorMessage = string.Format(CultureInfo.CurrentCulture, "{0} contém caracteres inválidos: <, & ou >",
bindingContext.ModelMetadata.DisplayName);
bindingContext.ModelState.AddModelError(bindingContext.ModelName, errorMessage);
}
