这类文件是Kaersoft_Forum里的一个HTML标签处理文件 现在我想加上过滤SQL的关健字。如果发现有则自动 Response.Redirect("error.aspx") 转向。现在的问题是我在这文件根本没办法使用Response.Redirect("error.aspx") 。该有的命名空间我都用上了 可还是不行:(
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Text.RegularExpressions;
namespace uclub
{
/// <summary>
/// 转换用户的输入。
/// </summary>
public sealed class ConvertString
{
/// <summary>
/// 将用户输入的字符串转换为可换行、替换Html编码、无危害数据库特殊字符、去掉首尾空白、的安全方便代码。
/// </summary>
/// <param name="inputString">用户输入字符串</param>
public static string ConvertStr(string inputString)
{
string retVal=inputString;
retVal=retVal.Replace("&","&");
retVal=retVal.Replace("\"",""");
retVal=retVal.Replace("<","<");
retVal=retVal.Replace(">",">");
retVal=retVal.Replace(" "," ");
retVal=retVal.Replace(" "," ");
retVal=retVal.Replace("\t"," ");
retVal=retVal.Replace("\r", "<br>");
return retVal;
}
public static string OutputText(string inputString)
{
string retVal=inputString;
retVal= ConvertStr(retVal);
retVal=retVal.Replace("
retVal=retVal.Replace("" target="_blank">", "");
retVal=retVal.Replace("", "");
retVal=retVal.Replace("[img]", "");
retVal=retVal.Replace("[/img]", "");
retVal= Regex.Replace(retVal,@"\[flash=\d+,\d+](?<x>[^\]]*)\[/flash]",@"$1",RegexOptions.IgnoreCase);
retVal=retVal.Replace("[flash]", "");
retVal=retVal.Replace("[/flash]", "");
return retVal;
}
//过滤SQL关键,防止SQL远程注入攻击
public static string FilterSql(string inputString)
{
string retVal=inputString;
if (retVal==null)
{
retVal="0";
}
string strFilter="',;,//,--,@,_,exec,declare,create";
string[] x=Regex.Split(strFilter,",");
for (int i=1;i<x.Length;i++)
{
if(retVal.ToString().IndexOf(x[i].ToString())>-1)
{
retVal="jf_error";
break;
}
}
return retVal;
}
public static string ToUrl(string inputString)
{
string retVal=inputString;
retVal= ConvertStr(retVal);
retVal= Regex.Replace(retVal,@"\
(?<x>[^\]]*)\",@"<a href=""$1"" target=""_blank"">$1</a>",RegexOptions.IgnoreCase);
retVal= Regex.Replace(retVal,@"\[flash=(?<width>\d+),(?<height>\d+)](?<x>[^\]]*)\[/flash]",@"<embed src=""$3"" width=""${width}"" height=""${height}""></embed>",RegexOptions.IgnoreCase);
retVal= Regex.Replace(retVal,@"\[flash](?<x>[^\]]*)\[/flash]",@"<embed src=""$1""></embed>",RegexOptions.IgnoreCase);
return Regex.Replace(retVal,@"\[img](?<x>[^\]]*)\[/img]",@"<a href=""$1"" target=""_blank""><img src=""$1"" onload=""javascript:if(this.width>screen.width-220)this.width=screen.width-220"" border=1></a>",RegexOptions.IgnoreCase);
}
}
}