20250402 修改作业本合版施工单问题

username@email.com

2025-04-02 d4ac809aa5620aa79fc6b5a396a64fc27d5fcdee

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using CY.Config;
 
namespace CY_ValidaterHttpModule
{
    /// <summary>
    /// 过滤非法输入，如：防止SQL注入，其他非法输入
    /// </summary>
    public class ValidaterHttpModule : IHttpModule 
    {
        public void Dispose()
        {
 
        } 
        public void Init(HttpApplication context)
        {
            context.AcquireRequestState += new EventHandler(context_AcquireRequestState);
        }
 
        private void context_AcquireRequestState(object sender, EventArgs e)
        {
            HttpContext context = ((HttpApplication)sender).Context;
            //context.Response.Write('1');
            //context.Response.End();
            //return;
 
            try
            {
                string getkeys = string.Empty;
                string sqlErrorPage = "~/RemindError.html";//转向的错误提示页面 
                string keyvalue = string.Empty;
 
                string requestUrl = context.Request.Path.ToString();
                //url提交数据
                if (context.Request.QueryString != null)
                {
                    for (int i = 0; i < context.Request.QueryString.Count; i++)
                    {
                        getkeys = context.Request.QueryString.Keys[i];
                        keyvalue = context.Server.UrlDecode(context.Request.QueryString[getkeys]);
 
                        if (!FilterSql(keyvalue))
                        {
                            context.Response.Redirect(sqlErrorPage);
                            context.Response.End();
                            break;
                        }
                    }
                }
                //表单提交数据
                if (context.Request.Form != null)
                {
                    for (int i = 0; i < context.Request.Form.Count; i++)
                    {
                        getkeys = context.Request.Form.Keys[i];
                        keyvalue = context.Server.HtmlDecode(context.Request.Form[i]);
                        if (getkeys == "__VIEWSTATE") continue;
                        if (getkeys == "__EVENTVALIDATION") continue; 
                        if (!FilterSql(keyvalue))
                        {
                            context.Response.Redirect(sqlErrorPage);
                            context.Response.End();
                            break;
                        }
                    }
                }
            }
            catch (Exception ex)
            {
            }
        }
 
        /// <summary> 
        /// 过滤非法关键字，这个可以按照项目灵活配置 
        /// </summary> 
        /// <param name="key"></param> 
        /// <returns></returns> 
        private bool FilterSql(string key)
        {
            bool flag = true;
            try
            {
                if (!string.IsNullOrEmpty(key))
                {
                    //非法字段配置
                    string sqlStr = WebInfo.Instance.IllegalInput;
                    string[] sqlStrArr = sqlStr.Split('|');
                    foreach (string strChild in sqlStrArr)
                    {
                        if (key.Trim().ToLower().IndexOf(strChild.Trim().ToLower()) != -1)
                        {
                            flag = false;
                            break;
                        }
                    }
                }
            }
            catch
            {
                flag = false;
            }
            return flag;
        }
 
    }
 
}