过滤器,但是asp.net 提交时候怎么过滤form里的具体值呢,大部分提交又不是访问页,已经解决
2011-05-10 14:10
477 查看
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
/// <summary>
///cedar 的摘要说明
/// </summary>
public class cedar:IHttpModule
{
public cedar()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
public void Dispose()
{
}
public void Init(HttpApplication application)
{
application.AcquireRequestState += new EventHandler(application_AcquireRequestState);
}
private void application_AcquireRequestState(object sender, EventArgs e)
{
HttpContext content = ((HttpApplication)sender).Context;
try
{
string sqlErrorPage = "default.html";//转到默认页面
string keyValue = string.Empty;
string requestUrl = content.Request.Path.ToString();
if (content.Request.QueryString != null)
{
foreach (string val in content.Request.QueryString)
{
keyValue= content.Server.UrlDecode(content.Request.QueryString[val]);
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。<br><a href=""+sqlErrorPage+"" mce_href=""+sqlErrorPage+"">转到首页</a>");
content.Response.End();
break;
}
}
}
if (content.Request.Form != null)
{
foreach(string val in content.Request.Form)
{
keyValue = content.Server.HtmlDecode(content.Request.Form[val]);
if (keyValue == "_ViEWSTATE") continue;
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。");
content.Response.End();
break;
}
}
}
}
catch (Exception ex)
{
}
}
private bool processSqlStr(string str)
{
bool returnValue = true;
try
{
if (str.Trim() != "")
{
//取得webconfig中过滤字符串
string sqlStr = ConfigurationManager.AppSettings["FilterSql"].Trim();
//string sqlStr = "declare |exec|varchar |cursor |begin |open |drop |creat |select |truncate";
string[] sqlStrs = sqlStr.Split('|');
foreach (string ss in sqlStrs)
{
if (str.ToLower().IndexOf(ss) >= 0)
{
sqlStr = ss;
returnValue = false;
break;
}
}
}
}
catch
{
returnValue = false;
}
return returnValue;
}
}
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
/// <summary>
///cedar 的摘要说明
/// </summary>
public class cedar:IHttpModule
{
public cedar()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
public void Dispose()
{
}
public void Init(HttpApplication application)
{
application.AcquireRequestState += new EventHandler(application_AcquireRequestState);
}
private void application_AcquireRequestState(object sender, EventArgs e)
{
HttpContext content = ((HttpApplication)sender).Context;
try
{
string sqlErrorPage = "default.html";//转到默认页面
string keyValue = string.Empty;
string requestUrl = content.Request.Path.ToString();
if (content.Request.QueryString != null)
{
foreach (string val in content.Request.QueryString)
{
keyValue= content.Server.UrlDecode(content.Request.QueryString[val]);
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。<br><a href=""+sqlErrorPage+"" mce_href=""+sqlErrorPage+"">转到首页</a>");
content.Response.End();
break;
}
}
}
if (content.Request.Form != null)
{
foreach(string val in content.Request.Form)
{
keyValue = content.Server.HtmlDecode(content.Request.Form[val]);
if (keyValue == "_ViEWSTATE") continue;
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。");
content.Response.End();
break;
}
}
}
}
catch (Exception ex)
{
}
}
private bool processSqlStr(string str)
{
bool returnValue = true;
try
{
if (str.Trim() != "")
{
//取得webconfig中过滤字符串
string sqlStr = ConfigurationManager.AppSettings["FilterSql"].Trim();
//string sqlStr = "declare |exec|varchar |cursor |begin |open |drop |creat |select |truncate";
string[] sqlStrs = sqlStr.Split('|');
foreach (string ss in sqlStrs)
{
if (str.ToLower().IndexOf(ss) >= 0)
{
sqlStr = ss;
returnValue = false;
break;
}
}
}
}
catch
{
returnValue = false;
}
return returnValue;
}
}
在web.config中添加以下:
<appSettings>
<add key="FilterSql" value="declare |exec|varchar |cursor |begin |open |drop |creat |select |truncate "/>
</appSettings>
<httpModules>
<add type="cedar" name="cedar"/>
</httpModules>
已经解决
private void Application_AcquireRequestState(Object source,
EventArgs e)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
HttpSessionState session = context.Session;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
String contextPath = request.ApplicationPath;
//session["admin"] = "sdfsdfsdfsdf";
for (int i = 0; i < request.Form.Count; i++)
{
if (request.Form[i].ToString() == "__VIEWSTATE") continue;
if (IsM(request.Form[i].ToString()))
{
response.Write("您提交的内容中含有非法字符.");
response.End();
}
}
//string keyValue = String.Empty;
//if (context.Request.QueryString != null)
//{
// foreach (string val in context.Request.QueryString)
// {
// keyValue = context.Server.UrlDecode(context.Request.QueryString[val]);
// //keyValue=keyValue.Replace("aa", "bb");
// keyValue = processStr(keyValue);
// //if (!processSqlStr(keyValue))
// //{
// // content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。<br><a href=""+sqlErrorPage+"" mce_href=""+sqlErrorPage+"">转到首页</a>");
// // content.Response.End();
// // break;
// //}
// context.Response.Write("" + keyValue + "");
// context.Response.End();
// break;
// }
//}
}
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
/// <summary>
///cedar 的摘要说明
/// </summary>
public class cedar:IHttpModule
{
public cedar()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
public void Dispose()
{
}
public void Init(HttpApplication application)
{
application.AcquireRequestState += new EventHandler(application_AcquireRequestState);
}
private void application_AcquireRequestState(object sender, EventArgs e)
{
HttpContext content = ((HttpApplication)sender).Context;
try
{
string sqlErrorPage = "default.html";//转到默认页面
string keyValue = string.Empty;
string requestUrl = content.Request.Path.ToString();
if (content.Request.QueryString != null)
{
foreach (string val in content.Request.QueryString)
{
keyValue= content.Server.UrlDecode(content.Request.QueryString[val]);
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。<br><a href=""+sqlErrorPage+"" mce_href=""+sqlErrorPage+"">转到首页</a>");
content.Response.End();
break;
}
}
}
if (content.Request.Form != null)
{
foreach(string val in content.Request.Form)
{
keyValue = content.Server.HtmlDecode(content.Request.Form[val]);
if (keyValue == "_ViEWSTATE") continue;
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。");
content.Response.End();
break;
}
}
}
}
catch (Exception ex)
{
}
}
private bool processSqlStr(string str)
{
bool returnValue = true;
try
{
if (str.Trim() != "")
{
//取得webconfig中过滤字符串
string sqlStr = ConfigurationManager.AppSettings["FilterSql"].Trim();
//string sqlStr = "declare |exec|varchar |cursor |begin |open |drop |creat |select |truncate";
string[] sqlStrs = sqlStr.Split('|');
foreach (string ss in sqlStrs)
{
if (str.ToLower().IndexOf(ss) >= 0)
{
sqlStr = ss;
returnValue = false;
break;
}
}
}
}
catch
{
returnValue = false;
}
return returnValue;
}
}
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
/// <summary>
///cedar 的摘要说明
/// </summary>
public class cedar:IHttpModule
{
public cedar()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
public void Dispose()
{
}
public void Init(HttpApplication application)
{
application.AcquireRequestState += new EventHandler(application_AcquireRequestState);
}
private void application_AcquireRequestState(object sender, EventArgs e)
{
HttpContext content = ((HttpApplication)sender).Context;
try
{
string sqlErrorPage = "default.html";//转到默认页面
string keyValue = string.Empty;
string requestUrl = content.Request.Path.ToString();
if (content.Request.QueryString != null)
{
foreach (string val in content.Request.QueryString)
{
keyValue= content.Server.UrlDecode(content.Request.QueryString[val]);
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。<br><a href=""+sqlErrorPage+"" mce_href=""+sqlErrorPage+"">转到首页</a>");
content.Response.End();
break;
}
}
}
if (content.Request.Form != null)
{
foreach(string val in content.Request.Form)
{
keyValue = content.Server.HtmlDecode(content.Request.Form[val]);
if (keyValue == "_ViEWSTATE") continue;
if (!processSqlStr(keyValue))
{
content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。");
content.Response.End();
break;
}
}
}
}
catch (Exception ex)
{
}
}
private bool processSqlStr(string str)
{
bool returnValue = true;
try
{
if (str.Trim() != "")
{
//取得webconfig中过滤字符串
string sqlStr = ConfigurationManager.AppSettings["FilterSql"].Trim();
//string sqlStr = "declare |exec|varchar |cursor |begin |open |drop |creat |select |truncate";
string[] sqlStrs = sqlStr.Split('|');
foreach (string ss in sqlStrs)
{
if (str.ToLower().IndexOf(ss) >= 0)
{
sqlStr = ss;
returnValue = false;
break;
}
}
}
}
catch
{
returnValue = false;
}
return returnValue;
}
}
在web.config中添加以下:
<appSettings>
<add key="FilterSql" value="declare |exec|varchar |cursor |begin |open |drop |creat |select |truncate "/>
</appSettings>
<httpModules>
<add type="cedar" name="cedar"/>
</httpModules>
已经解决
private void Application_AcquireRequestState(Object source,
EventArgs e)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
HttpSessionState session = context.Session;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
String contextPath = request.ApplicationPath;
//session["admin"] = "sdfsdfsdfsdf";
for (int i = 0; i < request.Form.Count; i++)
{
if (request.Form[i].ToString() == "__VIEWSTATE") continue;
if (IsM(request.Form[i].ToString()))
{
response.Write("您提交的内容中含有非法字符.");
response.End();
}
}
//string keyValue = String.Empty;
//if (context.Request.QueryString != null)
//{
// foreach (string val in context.Request.QueryString)
// {
// keyValue = context.Server.UrlDecode(context.Request.QueryString[val]);
// //keyValue=keyValue.Replace("aa", "bb");
// keyValue = processStr(keyValue);
// //if (!processSqlStr(keyValue))
// //{
// // content.Response.Write("您访问的页面发生错误,此问题我们已经记录并尽快改善,请稍后再试。<br><a href=""+sqlErrorPage+"" mce_href=""+sqlErrorPage+"">转到首页</a>");
// // content.Response.End();
// // break;
// //}
// context.Response.Write("" + keyValue + "");
// context.Response.End();
// break;
// }
//}
}
相关文章推荐
- 检测到指定的WEB服务器运行的不是ASP.NET 1.1版,您无法运行ASP.NET应用程序或服务和创建ASP.NET程序时候发生错误 HTTP/1.0 500 Server Error的解决方法
- [VB.NET]datagridview的单元格的值为0的时候想显示空,但是提交的时候,空的想转换为0,怎么做?
- ASP.NET:Form提交中文乱码的解决方法总结
- gitignore文件中添加新过滤文件,但是此文件已经提交到远程库,如何解决?
- 怎么解决重复提交的问题,即网络不好的时候,提交按钮点了一次,但是却发起了多次http url请求,数据库中写入了多条重复记录(当然ID是不重复的,因为毕竟是多条http url记录)
- 在ASP.Net中用了marquee的时候图片循环但是不能连续循环,请大家帮忙解决啊
- ASP.net_form表单提交路径和之前做的其他网站路径都一样,但是提交后显示404错误,找不到页面
- asp.net form标签嵌套 提交页面的解决方法
- asp整合到asp.net当中,当asp中form提交后,request中文名为乱码的解决方法
- IIS 中Asp.net网站输入网站名默认页提交问题解决
- asp.net使用post方式action到另一个页面,在另一个页面接受form表单的值!(报错,已解决!)
- “Visual Studio.net已检测到指定的Web服务器运行的不是Asp.net1.1版。您将无法运行Asp.net Web应用程序或服务”问题的解决方法
- VS.NET Web服务器运行的不是ASP.NET 1.1 版"的解决办法
- 总结Asp.net中Page加载PostData的具体过程 进而解决"获取动态创建的控件的PostData数据"问题
- ASP.NET - (Session)后台登陆时,判断是不是已经登陆,如果不是,跳转回登陆页
- vs.net已经检测到制定的WEB服务器运行的不是ASP.NET1.1版,你无法运行ASP.NET WEB应用程序或服务
- 使用Asp.net MVC 2.0 +.NET 4.0 出现 “从客户端 ... 中检测到有潜在危险的 Request.Form 值”错误的解决办法
- JS调用form的方法submit直接提交form的时候,submit事件不响应解决办法
- ASP.NET防止表单重复提交解决办法搜集
- 用window.showModalDialog()打开一个新窗口,但是提交的时候会打开一个新页面解决办法