using CommonToolsCore;
|
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc.Filters;
|
using System;
|
using System.Collections.Generic;
|
using System.Linq;
|
using System.Text;
|
using System.Threading.Tasks;
|
|
namespace zhengcaioa.Model
|
{
|
public class AntiSqlAttribute: Attribute, IActionFilter
|
{
|
public void OnActionExecuted(ActionExecutedContext context)//方法执行后执行
|
{
|
|
}
|
|
public void OnActionExecuting(ActionExecutingContext filterContext)
|
{
|
var actionParameters = filterContext.ActionDescriptor.Parameters;
|
foreach (var p in actionParameters)
|
{
|
if (p.Name == "file")
|
{
|
continue;
|
}
|
if (p.ParameterType == typeof(string))
|
{
|
if (filterContext.ActionArguments.ContainsKey(p.Name) && filterContext.ActionArguments[p.Name] != null)
|
{
|
filterContext.ActionArguments[p.Name] = SqlFilter.SqlFilterFilter(filterContext.ActionArguments[p.Name].ToString().Trim()) ;
|
}
|
}
|
else
|
{
|
var model = filterContext.ActionArguments[p.Name];
|
Type type = model.GetType();
|
foreach (var item in type.GetProperties())
|
{
|
if (item.PropertyType == typeof(string) && item.GetValue(model, null) != null)
|
{
|
if (!item.IsDefined(typeof(IgnoreSqlInjectAttribute), false))
|
{
|
item.SetValue(model, SqlFilter.SqlFilterFilter(item.GetValue(model, null).ToString().Trim()), null);
|
}
|
}
|
}
|
}
|
}
|
|
}
|
}
|
/// <summary>
|
/// 忽略SQL注入
|
/// [IgnoreSqlInject]
|
/// </summary>
|
[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Property, AllowMultiple = true)]
|
public class IgnoreSqlInjectAttribute : Attribute
|
{
|
|
}
|
|
}
|
