using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using WebHelper;
/// <summary>
///SysBasePage 的摘要说明
/// </summary>
public class SysBasePage : System.Web.UI.Page
{
public SysBasePage()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
public void init()
{
//设置css
HtmlLink link = new HtmlLink();
link.Attributes.Add("type", "text/css");
link.Attributes.Add("rel", "stylesheet");
link.Href = "~/css/style.css";
Page.Header.Controls.Add(link);
//权限
if (HttpContext.Current.Request.Cookies["adminInfo"] == null)
{
HttpContext.Current.Response.Redirect("~/System/Login.aspx");
}
//防注入
int k = 0;
foreach (string i in this.Request.QueryString)
{
//url防攻击代码;
HttpResponse Response = HttpContext.Current.Response;
string DelSQLStr = "mailto:%20and%7C%20exec%7C%20select%7C%20delete%7C%20update%7C%20mid%7C%20master%7C%20or%7C%20add%7C%20truncate%7C%20declare%7C%20join%7C%20drop%7C%20insert%7Cdrop%20table%7Cupdate%20truncate%20%7C%20cursor%7C@@fetch_status%7C%20as%7C%20from%7Cxp_cmdshell%7Cexec%20master%7Cnet%20localgroup%20administrators%7C%20cast%7Cis_srvrolemember";
foreach (string j in DelSQLStr.Split('|'))
{
if (HttpContext.Current.Request.Url.PathAndQuery.ToLower().IndexOf(j) != -1)
{
k++;
Jscirpt.ShowSysMsg(0, "<li>您输入的网址不合法~!</li>");
return;
}
if (k != 0)
{
return;
}
}
}
if (k != 0)
{
Jscirpt.ShowSysMsg(0, "<li>您输入的网址不合法~!</li>");
return;
}
}
protected override void OnInit(EventArgs e)
{
InitializeComponent();
base.OnInit(e);
this.init();
}
private void InitializeComponent()
{
this.Error += new System.EventHandler(this.Page_Error);
}
void Page_Error(object sender, System.EventArgs e)
{
try
{
Exception ex = Server.GetLastError().GetBaseException();
string url = Request.Url.AbsoluteUri;
string msg = "<br/>ex.Message异常信息:" + ex.Message + "<br/>错误方法:" + ex.TargetSite;
if (Request.Form != null)
msg = msg + "<br/>Form参数:" + Server.UrlDecode(Request.Form.ToString());
if (Request.QueryString != null)
msg = msg + "<br/>Url参数:" + Server.UrlDecode(Request.QueryString.ToString());
if (url == null || url == "")
url = "1";
//现在我们将查看某错误是否在表中
if (msg != null)
{
WebHelper.Sqldb db = new Sqldb();
int err = db.GetRecordCount("Error_Log", "Error_Url='" + url + "' and Error_Info='" + msg + "'");
if (err > 0)
{
return;
}
else
{
//没找到
db.ExecuteNonQuery("INSERT INTO [Error_Log] ([Error_Url],[Error_Info],[AddTime],[IsView]) VALUES('" + url + "','" + msg + "',getdate(),0)");
}
}
}
catch { }
finally
{
Server.ClearError();
}
}
}
浙公网安备 33010602011771号