forked from microsoft/referencesource
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathUnvalidatedRequestValues.cs
155 lines (132 loc) · 5.32 KB
/
UnvalidatedRequestValues.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
//------------------------------------------------------------------------------
// <copyright file="UnvalidatedRequestValues.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
namespace System.Web {
using System;
using System.Collections.Specialized;
// Allows access to Form, QueryString, and other request values without going through the active
// request validator. Useful for allowing granular access to particular inputs (like user input
// that can contain HTML) without disabling validation for the request at large.
public sealed class UnvalidatedRequestValues {
private readonly HttpRequest _request;
internal UnvalidatedRequestValues(HttpRequest request) {
_request = request;
}
// Corresponds to the unvalidated version of Request.Form
private HttpValueCollection _form;
public NameValueCollection Form {
get {
if (_form == null) {
HttpValueCollection originalForm = _request.EnsureForm();
_form = new HttpValueCollection(originalForm); // copy ctor disables validation
}
return _form;
}
}
// Forces reevaluation of the Form, e.g. as the result of Server.Execute replacing it
internal void InvalidateForm() {
_form = null;
}
// Corresponds to the unvalidated version of Request.QueryString
private HttpValueCollection _queryString;
public NameValueCollection QueryString {
get {
if (_queryString == null) {
HttpValueCollection originalQueryString = _request.EnsureQueryString();
_queryString = new HttpValueCollection(originalQueryString); // copy ctor disables validation
}
return _queryString;
}
}
// Forces reevaluation of the QueryString, e.g. as the result of Server.Execute replacing it
internal void InvalidateQueryString() {
_queryString = null;
}
// Corresponds to the unvalidated version of Request.Headers
private HttpHeaderCollection _headers;
public NameValueCollection Headers {
get {
if (_headers == null) {
HttpHeaderCollection originalHeaders = _request.EnsureHeaders();
_headers = new HttpHeaderCollection(originalHeaders); // copy ctor disables validation
}
return _headers;
}
}
// Corresponds to the unvalidated version of Request.Cookies
private HttpCookieCollection _cookies;
public HttpCookieCollection Cookies {
get {
if (_cookies == null) {
HttpCookieCollection originalCookies = _request.EnsureCookies();
_cookies = new HttpCookieCollection(originalCookies); // copy ctor disables validation
}
return _cookies;
}
}
// Corresponds to the unvalidated version of Request.Files
private HttpFileCollection _files;
public HttpFileCollection Files {
get {
if (_files == null) {
HttpFileCollection originalFiles = _request.EnsureFiles();
_files = new HttpFileCollection(originalFiles); // copy ctor disables validation
}
return _files;
}
}
public string RawUrl {
get {
return _request.EnsureRawUrl();
}
}
public string Path {
get {
return _request.GetUnvalidatedPath();
}
}
public string PathInfo {
get {
return _request.GetUnvalidatedPathInfo();
}
}
public string this[string field] {
get {
// The original logic in HttpRequest.get_Item looked in these four collections, so we should
// also, even though ServerVariables doesn't go through validation.
string qsValue = QueryString[field];
if (qsValue != null) {
return qsValue;
}
string formValue = Form[field];
if (formValue != null) {
return formValue;
}
HttpCookie cookie = Cookies[field];
if (cookie != null) {
return cookie.Value;
}
string svValue = _request.ServerVariables[field];
if (svValue != null) {
return svValue;
}
return null;
}
}
private Uri _url;
public Uri Url {
get {
if (_url == null) {
_url = _request.BuildUrl(() => Path);
}
return _url;
}
}
// Forces reevaluation of the Url, e.g. as the result of Server.Execute replacing it
internal void InvalidateUrl() {
_url = null;
}
}
}