| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480 |
- using System;
- using System.Collections.Generic;
- using System.Text;
- using System.Web;
- namespace CP.Common
- {
- public class WRequest
- {
- /// <summary>
- /// 过滤请求中可能存在的xxs漏洞..
- /// </summary>
- /// <param name="str"></param>
- /// <returns></returns>
- private static string GetXXString(string str)
- {
- if (string.IsNullOrEmpty(str))
- return "";
- string xxs = "--|javascript:|onkey|onchange|onfocus|onblur|onclick|select|update|delete|write|document|alert|script|.wma|.rm|.meta|param|iframe|.swf|.wmv|.asx|.mp3|.mp2|.avi|http-equiv|refresh|.css|position|absolute|z-index|window|cookie";
- string[] strs = xxs.Split('|');
- if (strs != null && strs.Length > 0)
- {
- for (int i = 0; i < strs.Length; i++)
- {
- if (str.IndexOf(strs[i], StringComparison.CurrentCultureIgnoreCase) != -1)
- str = str.Replace(strs[i], "");
- }
- }
- return str;
- }
- /// <summary>
- /// 根据request.url获取其中的某个参数
- /// </summary>
- /// <param name="key"></param>
- /// <returns></returns>
- private static string GetQueryUrlParam(string key)
- {
- if (System.Web.HttpContext.Current != null)
- {
- string query = HttpContext.Current.Request.Url.Query;
- if (!string.IsNullOrEmpty(query))
- {
- int index = 0;
- index = query.IndexOf(key + "=");
- if (index >= 0)
- {
- query = query.Substring(key.Length + 1 + index);
- index = query.IndexOf('&');
- if (index >= 0)
- query = query.Substring(0, index);
- return query;
- }
- }
- }
- return string.Empty;
- }
- /// <summary>
- /// 判断当前页面是否接收到了Post请求
- /// </summary>
- /// <returns>是否接收到了Post请求</returns>
- public static bool IsPost()
- {
- return HttpContext.Current.Request.HttpMethod.Equals("POST");
- }
- /// <summary>
- /// 判断当前页面是否接收到了Get请求
- /// </summary>
- /// <returns>是否接收到了Get请求</returns>
- public static bool IsGet()
- {
- return HttpContext.Current.Request.HttpMethod.Equals("GET");
- }
- /// <summary>
- /// 返回指定的服务器变量信息
- /// </summary>
- /// <param name="strName">服务器变量名</param>
- /// <returns>服务器变量信息</returns>
- public static string GetServerString(string strName)
- {
- if (HttpContext.Current.Request.ServerVariables[strName] == null)
- return "";
- return HttpContext.Current.Request.ServerVariables[strName].ToString();
- }
- /// <summary>
- /// 是否是站内请求.
- /// </summary>
- /// <returns></returns>
- public static bool IsLocationRequest()
- {
- string truehost = "8200.cn";
- Uri referrer = HttpContext.Current.Request.UrlReferrer;
- if (referrer != null && !string.IsNullOrEmpty(referrer.ToString()))
- {
- string rhost = referrer.Host;
- //string host = HttpContext.Current.Request.Url.Host;
- //验证主机头是否一样
- if (rhost.IndexOf(truehost, StringComparison.CurrentCultureIgnoreCase) == -1)
- return false;
- }
- else
- {
- return false;
- }
- return true;
- }
- /// <summary>
- /// 返回上一个页面的地址
- /// </summary>
- /// <returns>上一个页面的地址</returns>
- public static string GetUrlReferrer()
- {
- string retVal = string.Empty;
- try
- {
- retVal = HttpContext.Current.Request.UrlReferrer.ToString();
- }
- catch { }
- if (retVal == null)
- return "";
- return retVal;
- }
- /// <summary>
- /// 得到当前完整主机头
- /// </summary>
- /// <returns></returns>
- public static string GetCurrentFullHost()
- {
- HttpRequest request = System.Web.HttpContext.Current.Request;
- if (!request.Url.IsDefaultPort)
- return string.Format("{0}:{1}", request.Url.Host, request.Url.Port.ToString());
- return request.Url.Host;
- }
- /// <summary>
- /// 得到主机头
- /// </summary>
- /// <returns></returns>
- public static string GetHost()
- {
- return HttpContext.Current.Request.Url.Host;
- }
- /// <summary>
- /// 端口号
- /// </summary>
- /// <returns></returns>
- public static string GetPort()
- {
- return HttpContext.Current.Request.Url.Port.ToString();
- }
- /// <summary>
- /// 获取当前请求的原始 URL(URL 中域信息之后的部分,包括查询字符串(如果存在))
- /// </summary>
- /// <returns>原始 URL</returns>
- public static string GetRawUrl()
- {
- return HttpContext.Current.Request.RawUrl;
- }
- /// <summary>
- /// 判断当前访问是否来自浏览器软件
- /// </summary>
- /// <returns>当前访问是否来自浏览器软件</returns>
- public static bool IsBrowserGet()
- {
- string[] BrowserName = { "ie", "opera", "netscape", "mozilla", "konqueror", "firefox" };
- string curBrowser = HttpContext.Current.Request.Browser.Type.ToLower();
- for (int i = 0; i < BrowserName.Length; i++)
- {
- if (curBrowser.IndexOf(BrowserName[i]) >= 0)
- return true;
- }
- return false;
- }
- /// <summary>
- /// 判断是否来自搜索引擎链接
- /// </summary>
- /// <returns>是否来自搜索引擎链接</returns>
- public static bool IsSearchEnginesGet()
- {
- if (HttpContext.Current.Request.UrlReferrer == null)
- return false;
- string[] SearchEngine = { "google", "yahoo", "msn", "baidu", "sogou", "sohu", "sina", "163", "lycos", "tom", "yisou", "iask", "soso", "gougou", "zhongsou", "yodao", "youdao", "360" };
- string tmpReferrer = HttpContext.Current.Request.UrlReferrer.ToString().ToLower();
- for (int i = 0; i < SearchEngine.Length; i++)
- {
- if (tmpReferrer.IndexOf(SearchEngine[i], StringComparison.CurrentCultureIgnoreCase) >= 0)
- return true;
- }
- return false;
- }
- /// <summary>
- /// 获得当前完整Url地址
- /// </summary>
- /// <returns>当前完整Url地址</returns>
- public static string GetUrl()
- {
- return HttpContext.Current.Request.Url.ToString();
- }
- /// <summary>
- /// 获得指定Url参数的值
- /// </summary>
- /// <param name="strName">Url参数</param>
- /// <returns>Url参数的值</returns>
- public static string GetQueryString(string strName)
- {
- return GetQueryString(strName, false);
- }
- /// <summary>
- /// 获得指定Url参数的值
- /// </summary>
- /// <param name="strName">Url参数</param>
- /// <param name="sqlSafeCheck">是否进行sql安全测试</param>
- /// <returns>Url参数的值</returns>
- public static string GetQueryString(string strName, bool SafeCheck)
- {
- if (HttpContext.Current.Request.QueryString[strName] == null)
- return "";
- if (SafeCheck && !Utils.IsSafeSqlString(HttpContext.Current.Request.QueryString[strName]))
- return "unsafe string";
- return GetXXString(HttpContext.Current.Request.QueryString[strName]);
- }
- /// <summary>
- /// 获得当前页面的名称
- /// </summary>
- /// <returns>当前页面的名称</returns>
- public static string GetPageName()
- {
- string[] urlArr = HttpContext.Current.Request.Url.AbsolutePath.Split('/');
- return urlArr[urlArr.Length - 1].ToLower();
- }
- /// <summary>
- /// 返回表单或Url参数的总个数
- /// </summary>
- /// <returns></returns>
- public static int GetParamCount()
- {
- return HttpContext.Current.Request.Form.Count + HttpContext.Current.Request.QueryString.Count;
- }
- /// <summary>
- /// 获得指定表单参数的值
- /// </summary>
- /// <param name="strName">表单参数</param>
- /// <returns>表单参数的值</returns>
- public static string GetFormString(string strName)
- {
- return GetFormString(strName, false);
- }
- /// <summary>
- /// 获得指定表单参数的值
- /// </summary>
- /// <param name="strName">表单参数</param>4
- /// <param name="sqlSafeCheck">是否进行SQL安全检查</param>
- /// <returns>表单参数的值</returns>
- public static string GetFormString(string strName, bool sqlSafeCheck)
- {
- if (HttpContext.Current.Request.Form[strName] == null)
- return "";
- if (sqlSafeCheck && !Utils.IsSafeSqlString(HttpContext.Current.Request.Form[strName]))
- return "unsafe string";
- return GetXXString(HttpContext.Current.Request.Form[strName]);
- }
- /// <summary>
- /// 获得Url或表单参数的值, 先判断Url参数是否为空字符串, 如为True则返回表单参数的值
- /// </summary>
- /// <param name="strName">参数</param>
- /// <returns>Url或表单参数的值</returns>
- public static string GetString(string strName)
- {
- return GetString(strName, false);
- }
- /// <summary>
- /// 获得Url或表单参数的值, 先判断Url参数是否为空字符串, 如为True则返回表单参数的值
- /// </summary>
- /// <param name="strName">参数</param>
- /// <param name="sqlSafeCheck">是否进行SQL安全检查</param>
- /// <returns>Url或表单参数的值</returns>
- public static string GetString(string strName, bool sqlSafeCheck)
- {
- if ("".Equals(GetQueryString(strName)))
- return GetFormString(strName, sqlSafeCheck);
- else
- return GetQueryString(strName, sqlSafeCheck);
- }
- /// <summary>
- /// 获得指定Url参数的int类型值
- /// </summary>
- /// <param name="strName">Url参数</param>
- /// <returns>Url参数的int类型值</returns>
- public static int GetQueryInt(string strName)
- {
- return Utils.StrToInt(HttpContext.Current.Request.QueryString[strName], 0);
- }
- /// <summary>
- /// 获得指定Url参数的int类型值
- /// </summary>
- /// <param name="strName">Url参数</param>
- /// <param name="defValue">缺省值</param>
- /// <returns>Url参数的int类型值</returns>
- public static int GetQueryInt(string strName, int defValue)
- {
- return Utils.StrToInt(HttpContext.Current.Request.QueryString[strName], defValue);
- }
- /// <summary>
- /// 获得指定表单参数的int类型值
- /// </summary>
- /// <param name="strName">表单参数</param>
- /// <param name="defValue">缺省值</param>
- /// <returns>表单参数的int类型值</returns>
- public static int GetFormInt(string strName, int defValue)
- {
- return Utils.StrToInt(HttpContext.Current.Request.Form[strName], defValue);
- }
- /// <summary>
- /// 获得指定Url或表单参数的int类型值, 先判断Url参数是否为缺省值, 如为True则返回表单参数的值
- /// </summary>
- /// <param name="strName">Url或表单参数</param>
- /// <param name="defValue">缺省值</param>
- /// <returns>Url或表单参数的int类型值</returns>
- public static int GetInt(string strName, int defValue)
- {
- if (GetQueryInt(strName, defValue) == defValue)
- return GetFormInt(strName, defValue);
- else
- return GetQueryInt(strName, defValue);
- }
- /// <summary>
- /// 获得指定Url参数的float类型值
- /// </summary>
- /// <param name="strName">Url参数</param>
- /// <param name="defValue">缺省值</param>
- /// <returns>Url参数的int类型值</returns>
- public static float GetQueryFloat(string strName, float defValue)
- {
- return Utils.StrToFloat(HttpContext.Current.Request.QueryString[strName], defValue);
- }
- /// <summary>
- /// 获得指定表单参数的float类型值
- /// </summary>
- /// <param name="strName">表单参数</param>
- /// <param name="defValue">缺省值</param>
- /// <returns>表单参数的float类型值</returns>
- public static float GetFormFloat(string strName, float defValue)
- {
- return Utils.StrToFloat(HttpContext.Current.Request.Form[strName], defValue);
- }
- /// <summary>
- /// 获得指定Url或表单参数的float类型值, 先判断Url参数是否为缺省值, 如为True则返回表单参数的值
- /// </summary>
- /// <param name="strName">Url或表单参数</param>
- /// <param name="defValue">缺省值</param>
- /// <returns>Url或表单参数的int类型值</returns>
- public static float GetFloat(string strName, float defValue)
- {
- if (GetQueryFloat(strName, defValue) == defValue)
- return GetFormFloat(strName, defValue);
- else
- return GetQueryFloat(strName, defValue);
- }
- /// <summary>
- /// 获得当前页面客户端的IP
- /// </summary>
- /// <returns>当前页面客户端的IP</returns>
- public static string GetIP()
- {
- string result = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
- if (string.IsNullOrEmpty(result))
- result = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
- if (string.IsNullOrEmpty(result))
- result = HttpContext.Current.Request.UserHostAddress;
- if (string.IsNullOrEmpty(result) || !Utils.IsIP(result))
- return "127.0.0.1";
- return result;
- }
- /// <summary>
- /// 获取浏览器类型
- /// </summary>
- /// <returns></returns>
- public static string GetBrowse()
- {
- string b = string.Empty;
- string ua = HttpContext.Current.Request.UserAgent.ToString().ToLower();
- if (ua.Contains("firefox"))
- {
- b = "firefox";
- }
- else if (ua.Contains("msie"))
- {
- b = "ie";
- }
- else if (ua.Contains("gecko") && !ua.Contains("firefox")&&!ua.Contains("safari"))
- {
- b = "ie11";
- }
- else if (ua.Contains("safari"))
- {
- b = "safari";
- }
- else if (ua.Contains("chrome"))
- {
- b = "chrome";
- }
- else
- {
- b = "unknow";
- }
- return b;
- }
- /// <summary>
- /// 保存用户上传的文件
- /// </summary>
- /// <param name="path">保存路径</param>
- public static void SaveRequestFile(string path)
- {
- if (HttpContext.Current.Request.Files.Count > 0)
- {
- HttpContext.Current.Request.Files[0].SaveAs(path);
- }
- }
- }
- }
|
