2 // System.Web.HttpRequest
5 // Patrik Torstensson (Patrik.Torstensson@labs2.com)
6 // Gonzalo Paniagua Javier (gonzalo@ximian.com)
8 // (c) 2001, 2002 Patrick Torstensson
9 // (c) 2002,2003 Ximian, Inc. (http://www.ximian.com)
10 // (c) 2004 Novell, Inc. (http://www.novell.com)
14 // Permission is hereby granted, free of charge, to any person obtaining
15 // a copy of this software and associated documentation files (the
16 // "Software"), to deal in the Software without restriction, including
17 // without limitation the rights to use, copy, modify, merge, publish,
18 // distribute, sublicense, and/or sell copies of the Software, and to
19 // permit persons to whom the Software is furnished to do so, subject to
20 // the following conditions:
22 // The above copyright notice and this permission notice shall be
23 // included in all copies or substantial portions of the Software.
25 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
29 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
30 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
31 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Collections;
35 using System.Collections.Specialized;
36 using System.Globalization;
39 using System.Web.Configuration;
40 using System.Web.Util;
46 namespace System.Web {
47 [MonoTODO("Review security in all path access function")]
48 public sealed class HttpRequest {
49 private string [] _arrAcceptTypes;
50 private string [] _arrUserLanguages;
52 private byte [] _arrRawContent;
53 private int _iContentLength;
55 private string _sContentType;
56 private string _sHttpMethod;
57 private string _sRawUrl;
58 private string _sUserAgent;
59 private string _sUserHostAddress;
60 private string _sUserHostName;
61 private string _sPath;
62 private string _sPathInfo;
63 private string _sFilePath;
64 private string baseVirtualDir;
65 private string _sPathTranslated;
66 private string _sQueryStringRaw;
67 private string _sRequestType;
68 private string _sRequestRootVirtualDir;
70 private Encoding _oContentEncoding;
72 private Uri _oUriReferrer;
75 private int _iTotalBytes;
77 private HttpContext _oContext;
79 private HttpWorkerRequest _WorkerRequest;
80 private HttpRequestStream _oInputStream;
81 private HttpClientCertificate _ClientCert;
83 private HttpValueCollection _oServerVariables;
84 private HttpValueCollection _oHeaders;
85 private HttpValueCollection _oQueryString;
86 private HttpValueCollection _oFormData;
87 private HttpValueCollection _oParams;
89 private HttpBrowserCapabilities _browser;
91 private HttpCookieCollection cookies;
93 HttpRequestStream requestFilter;
95 string currentExePath;
99 bool validateQueryString;
103 bool checkedQueryString;
106 public HttpRequest(string Filename, string Url, string Querystring) {
107 _iContentLength = -1;
110 _WorkerRequest = null;
111 _sPathTranslated = Filename;
112 _sRequestType = "GET";
114 _oUrl = new Uri(Url);
115 _sPath = _oUrl.AbsolutePath;
117 _sQueryStringRaw = Querystring;
118 _oQueryString = new HttpValueCollection(Querystring, true, Encoding.ASCII);
121 internal HttpRequest(HttpWorkerRequest WorkRequest, HttpContext Context) {
122 _WorkerRequest = WorkRequest;
125 _iContentLength = -1;
129 internal void AddHeaderVariables (ServerVariablesCollection coll)
131 if (null == _WorkerRequest)
137 // Add all known headers
138 for (int i = 0; i < HttpWorkerRequest.RequestHeaderMaximum; i++) {
139 hvalue = _WorkerRequest.GetKnownRequestHeader (i);
140 if (null != hvalue && hvalue.Length > 0) {
141 hname = HttpWorkerRequest.GetKnownRequestHeaderName (i);
142 if (null != hname && hname.Length > 0)
143 coll.Add ("HTTP_" + hname.ToUpper ().Replace ('-', '_'), hvalue);
147 // Get all other headers
148 string [][] unknown = _WorkerRequest.GetUnknownRequestHeaders ();
149 if (null != unknown) {
150 for (int i = 0; i < unknown.Length; i++) {
151 hname = unknown [i][0];
152 hvalue = unknown [i][1];
153 coll.Add ("HTTP_" + hname.ToUpper ().Replace ('-', '_'), hvalue);
158 internal string GetAllHeaders(bool raw) {
161 if (null == _WorkerRequest) {
165 oData = new StringBuilder(512);
171 // Add all known headers
172 for (; iCount != HttpWorkerRequest.RequestHeaderMaximum; iCount++) {
173 sHeaderValue = _WorkerRequest.GetKnownRequestHeader(iCount);
174 if (null != sHeaderValue && sHeaderValue.Length > 0) {
175 sHeaderName = HttpWorkerRequest.GetKnownRequestHeaderName(iCount);
176 if (null != sHeaderName && sHeaderName.Length > 0) {
178 oData.Append(sHeaderName);
180 oData.Append ("HTTP_");
181 oData.Append (sHeaderName.ToUpper ().Replace ('-', '_'));
184 oData.Append(sHeaderValue);
185 oData.Append("\r\n");
190 // Get all other headers
191 string [][] arrUnknownHeaders = _WorkerRequest.GetUnknownRequestHeaders();
192 if (null != arrUnknownHeaders) {
193 for (iCount = 0; iCount != arrUnknownHeaders.Length; iCount++) {
194 string hname = arrUnknownHeaders[iCount][0];
196 oData.Append (hname);
198 oData.Append ("HTTP_");
199 oData.Append (hname.ToUpper ().Replace ('-', '_'));
202 oData.Append(arrUnknownHeaders[iCount][1]);
203 oData.Append("\r\n");
207 return oData.ToString();
210 [MonoTODO("We need to handly 'dynamic' variables like AUTH_USER, that can be changed during runtime... special collection")]
211 private void ParseServerVariables() {
212 if (null == _WorkerRequest) {
216 if (_oServerVariables == null){
217 _oServerVariables = new ServerVariablesCollection (this);
218 _oServerVariables.MakeReadOnly ();
222 private void ParseFormData ()
224 string content_type = ContentType;
225 if (content_type == null)
228 content_type = content_type.ToLower (CultureInfo.InvariantCulture);
229 if (content_type == "application/x-www-form-urlencoded") {
230 byte [] arrData = GetRawContent ();
231 Encoding enc = ContentEncoding;
232 string data = enc.GetString (arrData);
233 _oFormData = new HttpValueCollection (data, true, enc);
237 _oFormData = new HttpValueCollection ();
238 if (StrUtils.StartsWith (content_type, "multipart/form-data")) {
239 MultipartContentElement [] parts = GetMultipartFormData ();
242 Encoding content_encoding = ContentEncoding;
243 foreach (MultipartContentElement p in parts) {
245 _oFormData.Add (p.Name, p.GetString (content_encoding));
251 [MonoTODO("void Dispose")]
252 internal void Dispose() {
255 private byte [] GetRawContent ()
257 if (_arrRawContent != null)
258 return _arrRawContent;
260 if (null == _WorkerRequest) {
261 if (QueryStringRaw == null)
263 char [] q = QueryStringRaw.ToCharArray ();
264 _arrRawContent = new byte [q.Length];
265 for (int i = 0; i < q.Length; i++)
266 _arrRawContent [i] = (byte) q [i];
267 return _arrRawContent;
270 _arrRawContent = _WorkerRequest.GetPreloadedEntityBody ();
271 if (_arrRawContent == null)
272 _arrRawContent = new byte [0];
274 int length = ContentLength;
275 HttpRuntimeConfig cfg = (HttpRuntimeConfig) _oContext.GetConfig ("system.web/httpRuntime");
276 int maxRequestLength = cfg.MaxRequestLength * 1024;
277 if (length > maxRequestLength) {
278 throw new HttpException (400, "Maximum request length exceeded.");
281 if (_WorkerRequest.IsEntireEntityBodyIsPreloaded () || length <= _arrRawContent.Length)
282 return _arrRawContent;
284 byte [] result = new byte [length];
285 int offset = _arrRawContent.Length;
286 Buffer.BlockCopy (_arrRawContent, 0, result, 0, offset);
289 byte [] arrBuffer = new byte [Math.Min (16384, length)];
290 int bufLength = arrBuffer.Length;
291 for (; offset < length; offset += read) {
292 if (length - offset < bufLength)
293 bufLength = length - offset;
295 read = _WorkerRequest.ReadEntityBody (arrBuffer, bufLength);
296 if (read == 0 ||read == -1 )
299 if (length > maxRequestLength || offset + read > maxRequestLength)
300 throw new HttpException (400, "Maximum request length exceeded.");
302 Buffer.BlockCopy (arrBuffer, 0, result, offset, read);
306 throw new HttpException (400, "Data length is shorter than Content-Length.");
308 _arrRawContent = result;
309 if (userFilter != null) {
310 requestFilter.Set (_arrRawContent, 0, _arrRawContent.Length);
311 int userLength = Convert.ToInt32 (userFilter.Length - userFilter.Position);
312 byte [] filtered = new byte [userLength];
313 userFilter.Read (filtered, 0, userLength);
314 _arrRawContent = filtered;
317 return _arrRawContent;
320 internal HttpContext Context {
321 get { return _oContext; }
324 internal HttpWorkerRequest WorkerRequest {
325 get { return _WorkerRequest; }
328 public string [] AcceptTypes {
330 if (null == _arrAcceptTypes && null != _WorkerRequest) {
331 _arrAcceptTypes = HttpHelper.ParseMultiValueHeader(_WorkerRequest.GetKnownRequestHeader(HttpWorkerRequest.HeaderAccept));
334 return _arrAcceptTypes;
339 public string ApplicationPath {
341 if (null != _WorkerRequest) {
342 return _WorkerRequest.GetAppPath();
349 public HttpBrowserCapabilities Browser {
351 if (_browser == null) {
352 _browser = (HttpBrowserCapabilities)
353 HttpCapabilitiesBase.GetConfigCapabilities (null, this);
359 set { _browser = value; }
362 public HttpClientCertificate ClientCertificate {
364 if (null == _ClientCert) {
365 _ClientCert = new HttpClientCertificate(_oContext);
372 private string GetValueFromHeader (string header, string attr)
374 int where = header.IndexOf (attr + '=');
378 where += attr.Length + 1;
379 int max = header.Length;
383 char ending = header [where];
387 int end = header.Substring (where + 1).IndexOf (ending);
389 return (ending == '"') ? null : header.Substring (where);
391 return header.Substring (where, end);
394 public Encoding ContentEncoding
397 if (_oContentEncoding == null) {
398 if (_WorkerRequest != null &&
399 (!_WorkerRequest.HasEntityBody () || ContentType != String.Empty)) {
400 _oContentEncoding = WebEncoding.RequestEncoding;
403 charset = GetValueFromHeader (_sContentType, "charset");
405 _oContentEncoding = Encoding.GetEncoding (charset);
407 _oContentEncoding = WebEncoding.RequestEncoding;
412 return _oContentEncoding;
416 _oContentEncoding = value;
420 public int ContentLength {
422 if (_iContentLength == -1 && null != _WorkerRequest) {
423 string sLength = _WorkerRequest.GetKnownRequestHeader(HttpWorkerRequest.HeaderContentLength);
424 if (sLength != null) {
426 _iContentLength = Int32.Parse(sLength);
433 if (_iContentLength < 0) {
437 return _iContentLength;
441 public string ContentType {
443 if (null == _sContentType) {
444 if (null != _WorkerRequest) {
445 _sContentType = _WorkerRequest.GetKnownRequestHeader(HttpWorkerRequest.HeaderContentType);
448 if (null == _sContentType) {
449 _sContentType = string.Empty;
453 return _sContentType;
456 set { _sContentType = value; }
460 static private string GetCookieValue (string str, int length, ref int i)
466 while (k < length && Char.IsWhiteSpace (str [k]))
470 while (k < length && str [k] != ';')
474 return str.Substring (begin, i - begin).Trim ();
477 static private string GetCookieName (string str, int length, ref int i)
483 while (k < length && Char.IsWhiteSpace (str [k]))
487 while (k < length && str [k] != ';' && str [k] != '=')
491 return str.Substring (begin, k - begin).Trim ();
494 private void GetCookies ()
496 string header = _WorkerRequest.GetKnownRequestHeader (HttpWorkerRequest.HeaderCookie);
497 if (header == null || header.Length == 0)
501 * cookie = "Cookie:" cookie-version
502 * 1*((";" | ",") cookie-value)
503 * cookie-value = NAME "=" VALUE [";" path] [";" domain]
504 * cookie-version = "$Version" "=" value
507 * path = "$Path" "=" value
508 * domain = "$Domain" "=" value
510 * MS ignores $Version!
511 * ',' as a separator produces errors.
514 string [] name_values = header.Trim ().Split (';');
515 int length = name_values.Length;
516 HttpCookie cookie = null;
518 for (int i = 0; i < length; i++) {
520 string name_value = name_values [i].Trim ();
521 string name = GetCookieName (name_value, name_value.Length, ref pos);
522 string value = GetCookieValue (name_value, name_value.Length, ref pos);
523 if (cookie != null) {
524 if (name == "$Path") {
527 } else if (name == "$Domain") {
528 cookie.Domain = value;
531 cookies.Add (cookie);
535 cookie = new HttpCookie (name, value);
539 cookies.Add (cookie);
542 public HttpCookieCollection Cookies
545 if (cookies == null) {
546 cookies = new HttpCookieCollection (null, false);
547 if (_WorkerRequest != null)
551 if (validateCookies && !checkedCookies) {
552 ValidateCookieCollection (cookies);
553 checkedCookies = true;
560 public string CurrentExecutionFilePath {
562 if (currentExePath != null)
563 return currentExePath;
569 public string FilePath {
571 if (null == _sFilePath && null != _WorkerRequest) {
572 _sFilePath = _WorkerRequest.GetFilePath();
574 _sFilePath = UrlUtils.Reduce (_sFilePath);
575 } catch (Exception) {
576 throw new HttpException (403, "Forbidden");
584 HttpFileCollection files;
585 public HttpFileCollection Files {
590 files = new HttpFileCollection ();
597 void FillPostedFiles ()
599 if (!StrUtils.StartsWith (ContentType, "multipart/form-data"))
602 MultipartContentElement [] parts = GetMultipartFormData ();
603 if (parts == null) return;
605 foreach (MultipartContentElement p in parts) {
606 if (!p.IsFile) continue;
607 files.AddFile (p.Name, p.GetFile ());
611 MultipartContentElement [] multipartContent;
612 MultipartContentElement [] GetMultipartFormData ()
614 if (multipartContent != null) return multipartContent;
616 byte [] raw = GetRawContent ();
617 byte [] boundary = Encoding.ASCII.GetBytes (("--" + GetValueFromHeader (ContentType, "boundary")));
618 return multipartContent = HttpMultipartContentParser.Parse (raw, boundary, ContentEncoding);
621 public Stream Filter {
623 if (userFilter != null)
626 if (requestFilter == null)
627 requestFilter = new HttpRequestStream ();
629 // This is an empty stream. It will not contain data until GetRawContent
630 return requestFilter;
634 if (requestFilter == null)
635 throw new HttpException ("Invalid request filter.");
641 public NameValueCollection Form {
643 if (_oFormData == null) {
647 if (validateForm && !checkedForm) {
648 ValidateNameValueCollection ("Form", _oFormData);
657 public NameValueCollection Headers {
659 if (_oHeaders == null) {
660 _oHeaders = new HttpValueCollection();
662 if (null != _WorkerRequest) {
667 // Add all know headers
668 for (; iCount != 40; iCount++) {
669 sHeaderValue = _WorkerRequest.GetKnownRequestHeader(iCount);
670 if (null != sHeaderValue && sHeaderValue.Length > 0) {
671 sHeaderName = HttpWorkerRequest.GetKnownRequestHeaderName(iCount);
672 if (null != sHeaderName && sHeaderName.Length > 0) {
673 _oHeaders.Add(sHeaderName, sHeaderValue);
678 // Get all other headers
679 string [][] arrUnknownHeaders = _WorkerRequest.GetUnknownRequestHeaders();
680 if (null != arrUnknownHeaders) {
681 for (iCount = 0; iCount != arrUnknownHeaders.Length; iCount++) {
682 _oHeaders.Add(arrUnknownHeaders[iCount][0], arrUnknownHeaders[iCount][1]);
687 // Make headers read-only
688 _oHeaders.MakeReadOnly();
691 return (NameValueCollection) _oHeaders;
695 public string HttpMethod {
697 if (null == _sHttpMethod) {
698 if (null != _WorkerRequest) {
699 _sHttpMethod = _WorkerRequest.GetHttpVerbName().ToUpper();
702 if (_sHttpMethod == null) {
703 if (RequestType != null)
704 _sHttpMethod = RequestType;
706 _sHttpMethod = "GET";
714 public Stream InputStream {
716 if (_oInputStream == null) {
717 byte [] arrInputData = GetRawContent ();
719 if (null != arrInputData) {
720 _oInputStream = new HttpRequestStream(arrInputData, 0, arrInputData.Length);
722 _oInputStream = new HttpRequestStream(null, 0, 0);
726 return _oInputStream;
730 public bool IsAuthenticated {
732 if (_oContext != null && _oContext.User != null && _oContext.User.Identity != null) {
733 return _oContext.User.Identity.IsAuthenticated;
740 public bool IsSecureConnection {
742 if (null != _WorkerRequest) {
743 return _WorkerRequest.IsSecure();
750 public string this [string sKey] {
752 string result = QueryString [sKey];
756 result = Form [sKey];
760 HttpCookie cookie = Cookies [sKey];
764 return ServerVariables [sKey];
768 public NameValueCollection Params {
770 if (_oParams == null) {
771 _oParams = new HttpValueCollection();
773 _oParams.Merge(QueryString);
774 _oParams.Merge(Form);
775 _oParams.Merge(ServerVariables);
776 int count = Cookies.Count;
777 for (int i = 0; i< count; i++) {
778 HttpCookie cookie = Cookies [i];
779 _oParams.Add (cookie.Name, cookie.Value);
781 _oParams.MakeReadOnly();
784 return (NameValueCollection) _oParams;
790 if (_sPath == null) {
791 if (null != _WorkerRequest) {
792 _sPath = _WorkerRequest.GetUriPath();
795 if (_sPath == null) {
796 _sPath = string.Empty;
804 public string PathInfo {
806 if (_sPathInfo == null) {
807 if (null != _WorkerRequest) {
808 _sPathInfo = _WorkerRequest.GetPathInfo();
811 if (_sPathInfo == null) {
812 _sPathInfo = string.Empty;
820 public string PhysicalApplicationPath {
822 if (null != _WorkerRequest) {
823 return _WorkerRequest.GetAppPathTranslated();
830 public string PhysicalPath {
832 if (_sPathTranslated == null && _WorkerRequest != null)
833 _sPathTranslated = _WorkerRequest.MapPath (CurrentExecutionFilePath);
835 return _sPathTranslated;
839 public NameValueCollection QueryString {
841 if (_oQueryString == null) {
843 _oQueryString = new HttpValueCollection(QueryStringRaw, true,
846 _oQueryString = new HttpValueCollection(QueryStringRaw, true,
851 if (validateQueryString && !checkedQueryString) {
852 ValidateNameValueCollection ("QueryString", _oQueryString);
853 checkedQueryString = true;
856 return _oQueryString;
860 // Used to parse the querystring
861 internal string QueryStringRaw {
863 if (_sQueryStringRaw == null && null != _WorkerRequest) {
864 byte [] arrQuerystringBytes = _WorkerRequest.GetQueryStringRawBytes();
865 if (null != arrQuerystringBytes && arrQuerystringBytes.Length > 0) {
866 _sQueryStringRaw = ContentEncoding.GetString(arrQuerystringBytes);
868 _sQueryStringRaw = _WorkerRequest.GetQueryString();
872 if (_sQueryStringRaw == null) {
873 _sQueryStringRaw = string.Empty;
876 return _sQueryStringRaw;
880 _sQueryStringRaw = value;
881 _oQueryString = null;
882 _arrRawContent = null;
887 public string RawUrl {
889 if (null == _sRawUrl) {
890 if (null != _WorkerRequest) {
891 _sRawUrl = _WorkerRequest.GetRawUrl();
894 if (QueryStringRaw != null && QueryStringRaw.Length > 0) {
895 _sRawUrl = _sRawUrl + "?" + QueryStringRaw;
904 public string RequestType {
906 if (null == _sRequestType) {
910 return _sRequestType;
914 _sRequestType = value;
919 public NameValueCollection ServerVariables {
921 ParseServerVariables();
923 return (NameValueCollection) _oServerVariables;
927 public int TotalBytes {
929 if (_iTotalBytes == -1) {
930 if (null != InputStream) {
931 _iTotalBytes = (int) InputStream.Length;
943 if (_oUrl != null || _WorkerRequest == null)
946 string qs = QueryStringRaw;
952 UriBuilder ub = new UriBuilder (_WorkerRequest.GetProtocol (),
953 _WorkerRequest.GetServerName (),
954 _WorkerRequest.GetLocalPort (),
963 public Uri UrlReferrer {
965 if (null == _oUriReferrer && null != _WorkerRequest) {
966 string sReferrer = _WorkerRequest.GetKnownRequestHeader(HttpWorkerRequest.HeaderReferer);
967 if (null != sReferrer && sReferrer.Length > 0) {
969 if (sReferrer.IndexOf("://") >= 0) {
970 _oUriReferrer = new Uri(sReferrer);
972 _oUriReferrer = new Uri(this.Url, sReferrer);
980 return _oUriReferrer;
984 public string UserAgent {
986 if (_sUserAgent == null && _WorkerRequest != null) {
987 _sUserAgent = _WorkerRequest.GetKnownRequestHeader(HttpWorkerRequest.HeaderUserAgent);
990 if (_sUserAgent == null) {
991 _sUserAgent = string.Empty;
998 public string UserHostAddress {
1000 if (_sUserHostAddress == null && null != _WorkerRequest) {
1001 _sUserHostAddress = _WorkerRequest.GetRemoteAddress();
1004 if (_sUserHostAddress == null || _sUserHostAddress.Length == 0) {
1005 _sUserHostAddress = "127.0.0.1";
1008 return _sUserHostAddress;
1012 public string UserHostName {
1014 if (_sUserHostName == null && null != _WorkerRequest) {
1015 _sUserHostName = _WorkerRequest.GetRemoteName();
1018 if (_sUserHostName == null || _sUserHostName.Length == 0) {
1019 _sUserHostName = UserHostAddress;
1022 return _sUserHostName;
1026 public string [] UserLanguages {
1028 if (_arrUserLanguages == null && null != _WorkerRequest) {
1029 _arrUserLanguages = HttpHelper.ParseMultiValueHeader(_WorkerRequest.GetKnownRequestHeader(HttpWorkerRequest.HeaderAcceptLanguage));
1032 return _arrUserLanguages;
1036 internal string RootVirtualDir {
1038 if (_sRequestRootVirtualDir == null) {
1039 _sRequestRootVirtualDir = FilePath;
1040 int pos = _sRequestRootVirtualDir.LastIndexOf ('/');
1041 if (pos == -1 || pos == 0)
1042 _sRequestRootVirtualDir = "/";
1044 _sRequestRootVirtualDir = _sRequestRootVirtualDir.Substring (0, pos);
1047 return _sRequestRootVirtualDir;
1051 internal string BaseVirtualDir {
1053 if (baseVirtualDir == null)
1054 baseVirtualDir = UrlUtils.GetDirectory (FilePath);
1056 return baseVirtualDir;
1060 internal bool IsLocal {
1062 return _WorkerRequest.GetLocalAddress () == "127.0.0.1";
1066 public byte [] BinaryRead (int count)
1068 if (count < 0 || count > TotalBytes)
1069 throw new ArgumentOutOfRangeException ("count");
1071 byte [] data = new byte [count];
1072 int nread = InputStream.Read (data, 0, count);
1073 if (nread != count) {
1074 byte [] tmp = new byte [nread];
1075 Buffer.BlockCopy (data, 0, tmp, 0, nread);
1082 public int [] MapImageCoordinates(string ImageFieldName) {
1083 NameValueCollection oItems;
1085 if (HttpMethod == "GET" || HttpMethod == "HEAD") {
1086 oItems = QueryString;
1087 } else if (HttpMethod == "POST") {
1093 int [] arrRet = null;
1095 string sX = oItems.Get(ImageFieldName + ".x");
1096 string sY = oItems.Get(ImageFieldName + ".y");
1098 if (null != sX && null != sY) {
1099 int [] arrTmp = new Int32[2];
1100 arrRet[0] = Int32.Parse(sX);
1101 arrRet[1] = Int32.Parse(sY);
1112 public string MapPath (string VirtualPath)
1114 return MapPath (VirtualPath, BaseVirtualDir, true);
1117 public string MapPath (string virtualPath, string baseVirtualDir, bool allowCrossAppMapping)
1119 if (_WorkerRequest == null)
1120 throw new HttpException ("No HttpWorkerRequest!!!");
1123 if (baseVirtualDir.Equals(BaseVirtualDir))
1125 string val = System.Web.J2EE.PageMapper.GetFromMapPathCache(virtualPath);
1131 if (virtualPath == null || virtualPath.Length == 0)
1134 virtualPath = virtualPath.Trim ();
1136 if (virtualPath.IndexOf (':') != -1)
1137 throw new ArgumentException ("Invalid path -> " + virtualPath);
1139 if (virtualPath.StartsWith(IAppDomainConfig.WAR_ROOT_SYMBOL))
1142 if (System.IO.Path.DirectorySeparatorChar != '/')
1143 virtualPath = virtualPath.Replace (System.IO.Path.DirectorySeparatorChar, '/');
1145 if (UrlUtils.IsRooted (virtualPath)) {
1146 virtualPath = UrlUtils.Reduce (virtualPath);
1148 if (baseVirtualDir == null) {
1149 virtualPath = UrlUtils.Combine (RootVirtualDir, virtualPath);
1151 virtualPath = UrlUtils.Combine (baseVirtualDir, virtualPath);
1155 if (!allowCrossAppMapping) {
1156 if (!StrUtils.StartsWith (virtualPath, RootVirtualDir, true))
1157 throw new HttpException ("Mapping across applications not allowed.");
1159 if (RootVirtualDir.Length > 1 && virtualPath.Length > 1 && virtualPath [0] != '/')
1160 throw new HttpException ("Mapping across applications not allowed.");
1163 return _WorkerRequest.MapPath (virtualPath);
1166 public void SaveAs(string filename, bool includeHeaders) {
1169 HttpRequestStream oData;
1171 oFile = new FileStream(filename, FileMode.CreateNew);
1172 if (includeHeaders) {
1173 oWriter = new StreamWriter(oFile);
1174 oWriter.Write(HttpMethod + " " + Path);
1176 if (QueryStringRaw != null && QueryStringRaw.Length > 0)
1177 oWriter.Write("?" + QueryStringRaw);
1178 if (_WorkerRequest != null) {
1179 oWriter.Write(" " + _WorkerRequest.GetHttpVersion() + "\r\n");
1180 oWriter.Write(GetAllHeaders(true));
1182 oWriter.Write("\r\n");
1185 oWriter.Write("\r\n");
1189 oData = (HttpRequestStream) InputStream;
1191 if (oData.DataLength > 0) {
1192 oFile.Write(oData.Data, oData.DataOffset, oData.DataLength);
1200 public void ValidateInput ()
1202 validateCookies = true;
1203 validateQueryString = true;
1204 validateForm = true;
1208 internal void SetCurrentExePath (string filePath)
1210 currentExePath = filePath;
1212 _sFilePath = filePath;
1213 _sRequestRootVirtualDir = null;
1214 baseVirtualDir = null;
1215 _sPathTranslated = null;
1218 internal void SetPathInfo (string pathInfo)
1220 _sPathInfo = pathInfo;
1223 internal void SetForm (HttpValueCollection form)
1228 internal void SetHeader (string name, string value)
1230 HttpValueCollection headers = (HttpValueCollection) Headers;
1231 headers.MakeReadWrite ();
1232 headers [name] = value;
1233 headers.MakeReadOnly ();
1236 internal string ClientTarget {
1237 get { return clientTarget; }
1239 if (value != clientTarget) {
1240 clientTarget = value;
1247 static void ValidateNameValueCollection (string name, NameValueCollection coll)
1252 foreach (string key in coll.Keys) {
1253 string val = coll [key];
1254 if (CheckString (val))
1255 ThrowValidationException (name, key, val);
1259 static void ValidateCookieCollection (HttpCookieCollection cookies)
1261 if (cookies == null)
1264 int size = cookies.Count;
1266 for (int i = 0 ; i < size ; i++) {
1267 cookie = cookies[i];
1268 if (CheckString (cookie.Value))
1269 ThrowValidationException ("Cookies", cookie.Name, cookie.Value);
1273 static void ThrowValidationException (string name, string key, string value)
1275 string v = "\"" + value + "\"";
1277 v = v.Substring (0, 16) + "...\"";
1279 string msg = String.Format ("A potentially dangerous Request.{0} value was " +
1280 "detected from the client ({1}={2}).", name, key, v);
1282 throw new HttpRequestValidationException (msg);
1285 static bool CheckString (string val)
1291 foreach (char c in val) {
1292 if (c == '<' || c == '>' || c == '\xff1c' || c == '\xff1e')