Update AntiXSS Protection

WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalAntiXSS.cs

@@ -0,0 +1,59 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+using System;
+//using System.Collections.Generic;
+//using System.Linq;
+using System.Web;
+using Microsoft.Security.Application;
+
+//usage
+//<%@ Import Namespace="WebsitePanel.Portal" %>
+//using WebsitePanel.Portal;
+
+namespace WebsitePanel.Portal
+{
+    public class PortalAntiXSS
+    {
+        public static string Encode(string input)
+        {
+            return Encoder.HtmlEncode(input);
+        }
+
+        public static string EncodeOld(string input)
+        {
+            return Encoder.HtmlEncode(HttpUtility.HtmlDecode(input)); // HtmlDecode is used for compatability reasons with WSP pre-1.2.2 versions
+        }
+
+        public static string DecodeOld(string input)
+        {
+            return HttpUtility.HtmlDecode(input); // HtmlDecode is used for compatability reasons with WSP pre-1.2.2 versions
+        }
+        
+    }
+}

WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs

@@ -35,7 +35,6 @@ using System.Security.Cryptography;
 using System.Runtime.Serialization;
 using System.Globalization;
 using System.Text;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.WebPortal
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/Default.aspx.cs

@@ -42,7 +42,7 @@ using System.Web.UI.WebControls;
 using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
 using System.Globalization;
-using Microsoft.Security.Application;
+using WebsitePanel.Portal;
 
 namespace WebsitePanel.WebPortal
 {
@@ -387,7 +387,7 @@ namespace WebsitePanel.WebPortal
         {
             Label lbl = new Label();
             lbl.Text =
-                Microsoft.Security.Application.Encoder.HtmlEncode("<div style=\"height:300px;overflow:auto;\">" + message.Replace("\n", "<br>") +
+                PortalAntiXSS.Encode("<div style=\"height:300px;overflow:auto;\">" + message.Replace("\n", "<br>") +
                                    "</div>");
             lbl.ForeColor = Color.Red;
             lbl.Font.Bold = true;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/Ecommerce/UserControls/CreateUserAccount.ascx.cs

@@ -27,7 +27,6 @@
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 using System;
-using Microsoft.Security.Application;
 using WSP = WebsitePanel.Portal;
 using WebsitePanel.Ecommerce.EnterpriseServer;
 using WebsitePanel.EnterpriseServer;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/BandwidthReport.ascx.cs

@@ -31,7 +31,6 @@ using System;
 using System.Data;
 using System.Text;
 using System.Web.UI.WebControls;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/DiskspaceReport.ascx.cs

@@ -37,7 +37,6 @@ using System.Web.UI;
 using System.Web.UI.WebControls;
 using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
-using Microsoft.Security.Application;
 using WebsitePanel.EnterpriseServer;
 
 namespace WebsitePanel.Portal

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/DiskspaceReportPackageDetails.ascx.cs

@@ -39,7 +39,6 @@ using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
 
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -94,7 +93,7 @@ namespace WebsitePanel.Portal
                 i++;
             }
 
-            litTotal.Text = Microsoft.Security.Application.Encoder.HtmlEncode(DiskspaceTotal.ToString());
+            litTotal.Text = PortalAntiXSS.Encode(DiskspaceTotal.ToString());
 
             // get summary
             gvSummary.DataSource = ds;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/ExchangeContactGeneralSettings.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using System.Web.UI.WebControls;
 using WebsitePanel.Providers.HostedSolution;
-using Microsoft.Security.Application;
 using WebsitePanel.EnterpriseServer;
 
 namespace WebsitePanel.Portal.ExchangeServer
@@ -64,7 +63,7 @@ namespace WebsitePanel.Portal.ExchangeServer
                 ExchangeContact contact = ES.Services.ExchangeServer.GetContactGeneralSettings(PanelRequest.ItemID,
                     PanelRequest.AccountID);
 
-                litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(contact.DisplayName);
+                litDisplayName.Text = PortalAntiXSS.Encode(contact.DisplayName);
 
                 // bind form
                 txtDisplayName.Text = contact.DisplayName;
@@ -146,7 +145,7 @@ namespace WebsitePanel.Portal.ExchangeServer
                     return;
                 }
 
-                litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtDisplayName.Text);
+                litDisplayName.Text = PortalAntiXSS.Encode(txtDisplayName.Text);
 
                 messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_CONTACT_SETTINGS");
             }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/ExchangeDistributionListGeneralSettings.ascx.cs

@@ -38,7 +38,6 @@ using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
 
 using WebsitePanel.Providers.HostedSolution;
-using Microsoft.Security.Application;
 using WebsitePanel.EnterpriseServer;
 
 namespace WebsitePanel.Portal.ExchangeServer
@@ -63,7 +62,7 @@ namespace WebsitePanel.Portal.ExchangeServer
                 ExchangeDistributionList dlist = ES.Services.ExchangeServer.GetDistributionListGeneralSettings(
                     PanelRequest.ItemID, PanelRequest.AccountID);
 
-                litDisplayName.Text = dlist.DisplayName;
+                litDisplayName.Text = PortalAntiXSS.Encode(dlist.DisplayName);
 
                 // bind form
                 txtDisplayName.Text = dlist.DisplayName;
@@ -105,7 +104,7 @@ namespace WebsitePanel.Portal.ExchangeServer
                     return;
                 }
 
-                litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtDisplayName.Text);
+                litDisplayName.Text = PortalAntiXSS.Encode(txtDisplayName.Text);
 
                 messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_DLIST_SETTINGS");
             }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/ExchangeMailboxGeneralSettings.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using WebsitePanel.Providers.HostedSolution;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal.ExchangeServer
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/ExchangePublicFolderGeneralSettings.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using WebsitePanel.Providers.HostedSolution;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 using System.Collections.Generic;
 using System.Text;
 using System.Reflection;
@@ -120,7 +119,7 @@ namespace WebsitePanel.Portal.ExchangeServer
                 string origName = litDisplayName.Text;
                 origName = origName.Substring(0, origName.LastIndexOf("\\"));
 
-                litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(origName + txtName.Text);
+                litDisplayName.Text = PortalAntiXSS.Encode(origName + txtName.Text);
 
 				BindSettings();
             }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using WebsitePanel.EnterpriseServer;
 using WebsitePanel.Providers.HostedSolution;
-using Microsoft.Security.Application;
 using WebsitePanel.Providers.ResultObjects;
 
 namespace WebsitePanel.Portal.HostedSolution
@@ -70,7 +69,7 @@ namespace WebsitePanel.Portal.HostedSolution
                 OrganizationUser user = ES.Services.Organizations.GetUserGeneralSettings(PanelRequest.ItemID,
                     PanelRequest.AccountID);
 
-                litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(user.DisplayName);
+                litDisplayName.Text = PortalAntiXSS.Encode(user.DisplayName);
 
                 lblUserDomainName.Text = user.DomainUserName;
 

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/FileManager.ascx.cs

@@ -33,7 +33,6 @@ using System.Text;
 using System.Web;
 using System.Web.UI.WebControls;
 using WebsitePanel.Providers.OS;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -243,7 +242,7 @@ function SetCreateZipFocus()
         {
             if (e.CommandName == "browse")
             {                
-                litPath.Text =  HttpContext.Current.Server.HtmlEncode((string)e.CommandArgument);
+                litPath.Text =  PortalAntiXSS.Encode((string)e.CommandArgument);
                 BindPath();
             }
         }
@@ -697,7 +696,7 @@ function SetCreateZipFocus()
             if (e.CommandName == "browse")
             {
                 string fileName = (string)e.CommandArgument;
-                litPath.Text += HttpContext.Current.Server.HtmlEncode((litPath.Text != "\\") ? ("\\" + fileName) : fileName);
+                litPath.Text += PortalAntiXSS.Encode((litPath.Text != "\\") ? ("\\" + fileName) : fileName);
                 BindPath();
             }
             else if (e.CommandName == "download")

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/HostingAddons.ascx

@@ -11,9 +11,9 @@
 			<ItemStyle Width="100%"></ItemStyle>
 			<ItemTemplate>
 				<b><asp:hyperlink id="lnkEdit" runat="server" NavigateUrl='<%# EditUrl("PlanID", Eval("PlanID").ToString(), "edit_addon", "UserID=" + Eval("UserID").ToString()) %>'>
-					<%# Eval("PlanName") %>
+					<%# PortalAntiXSS.EncodeOld((string) Eval("PlanName")) %>
 				</asp:hyperlink></b><br />
-				<%# Eval("PlanDescription") %>
+				<%# PortalAntiXSS.EncodeOld((string) Eval("PlanDescription")) %>
 			</ItemTemplate>
 		</asp:TemplateField>
 		<asp:TemplateField>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/HostingAddons.ascx.designer.cs

@@ -1,10 +1,37 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3074
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/HostingAddonsEditAddon.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using System.Web;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -79,8 +78,8 @@ namespace WebsitePanel.Portal
 			}
 
             // bind plan
-            txtPlanName.Text = Server.HtmlDecode(plan.PlanName);
+            txtPlanName.Text = PortalAntiXSS.DecodeOld(plan.PlanName);
-            txtPlanDescription.Text = Server.HtmlDecode(plan.PlanDescription);
+            txtPlanDescription.Text = PortalAntiXSS.DecodeOld(plan.PlanDescription);
             //chkAvailable.Checked = plan.Available;
 
             //txtSetupPrice.Text = plan.SetupPrice.ToString("0.00");
@@ -107,8 +106,8 @@ namespace WebsitePanel.Portal
             plan.UserId = PanelSecurity.SelectedUserId;
             plan.PlanId = PanelRequest.PlanID;
             plan.IsAddon = true;
-            plan.PlanName = Server.HtmlEncode(txtPlanName.Text);
+            plan.PlanName = txtPlanName.Text;
-            plan.PlanDescription = Server.HtmlEncode(txtPlanDescription.Text);
+            plan.PlanDescription = txtPlanDescription.Text;
             plan.Available = true; // always available
 
             plan.SetupPrice = 0;
@@ -144,7 +143,7 @@ namespace WebsitePanel.Portal
                 try
                 {
                     PackageResult result = ES.Services.Packages.UpdateHostingPlan(plan);
-                    lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
+                    lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
                     if (result.Result < 0)
                     {
                         ShowResultMessage(result.Result);

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/HostingPlans.ascx

@@ -12,9 +12,9 @@
 			<ItemStyle Width="100%"></ItemStyle>
 			<ItemTemplate>
 				<b><asp:hyperlink id="lnkEdit" runat="server" NavigateUrl='<%# EditUrl("PlanID", Eval("PlanID").ToString(), "edit_plan", "UserID=" + Eval("UserID").ToString()) %>'>
-					<%# Eval("PlanName") %>
+					<%# PortalAntiXSS.Encode((string)Eval("PlanName")) %>
 				</asp:hyperlink></b><br />
-				<%# Eval("PlanDescription") %>
+				<%# PortalAntiXSS.Encode((string)Eval("PlanDescription")) %>
 			</ItemTemplate>
 		</asp:TemplateField>
 		<asp:TemplateField>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/HostingPlans.ascx.designer.cs

@@ -1,10 +1,37 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3074
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/HostingPlansEditPlan.ascx.cs

@@ -30,7 +30,6 @@ using System;
 using System.Web;
 using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -104,8 +103,8 @@ namespace WebsitePanel.Portal
 			}
 
             // bind plan
-            txtPlanName.Text = Server.HtmlDecode(plan.PlanName);
+            txtPlanName.Text = PortalAntiXSS.DecodeOld(plan.PlanName);
-            txtPlanDescription.Text = Server.HtmlDecode(plan.PlanDescription);
+            txtPlanDescription.Text = PortalAntiXSS.DecodeOld(plan.PlanDescription);
             //chkAvailable.Checked = plan.Available;
 
             //txtSetupPrice.Text = plan.SetupPrice.ToString("0.00");
@@ -137,8 +136,8 @@ namespace WebsitePanel.Portal
             plan.UserId = PanelSecurity.SelectedUserId;
             plan.PlanId = PanelRequest.PlanID;
             plan.IsAddon = false;
-            plan.PlanName = Server.HtmlEncode(txtPlanName.Text);
+            plan.PlanName = txtPlanName.Text;
-            plan.PlanDescription = Server.HtmlEncode(txtPlanDescription.Text);
+            plan.PlanDescription = txtPlanDescription.Text;
             plan.Available = true; // always available
 
             plan.SetupPrice = 0;
@@ -196,7 +195,7 @@ namespace WebsitePanel.Portal
                     if (result.Result < 0)
                     {
                         ShowResultMessage(result.Result);
-                        lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
+                        lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
                         return;
                     }
                 }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/LoggedUserEditDetails.ascx.cs

@@ -64,8 +64,8 @@ namespace WebsitePanel.Portal
                 userPassword.SetUserPolicy(user.UserId, UserSettings.WEBSITEPANEL_POLICY, "PasswordPolicy");
 
                 // account info
-                txtFirstName.Text = Server.HtmlDecode(user.FirstName);
+                txtFirstName.Text = PortalAntiXSS.DecodeOld(user.FirstName);
-                txtLastName.Text = Server.HtmlDecode(user.LastName);
+                txtLastName.Text = PortalAntiXSS.DecodeOld(user.LastName);
                 txtEmail.Text = user.Email;
                 txtSecondaryEmail.Text = user.SecondaryEmail;
                 lblUsername.Text = user.Username;
@@ -106,8 +106,8 @@ namespace WebsitePanel.Portal
             {
                 // gather data from form
                 // account info
-                user.FirstName = Server.HtmlEncode(txtFirstName.Text);
+                user.FirstName = txtFirstName.Text;
-                user.LastName = Server.HtmlEncode(txtLastName.Text);
+                user.LastName = txtLastName.Text;
                 user.Email = txtEmail.Text;
                 user.SecondaryEmail = txtSecondaryEmail.Text;
                 user.HtmlMail = ddlMailFormat.SelectedIndex == 1;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/PeersEditPeer.ascx.cs

@@ -38,7 +38,6 @@ using System.Web.UI;
 using System.Web.UI.WebControls;
 using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
-using Microsoft.Security.Application;
 using WebsitePanel.EnterpriseServer;
 
 namespace WebsitePanel.Portal
@@ -111,8 +110,8 @@ namespace WebsitePanel.Portal
                 userPassword.ValidationGroup = "NewPassword";
 
                 // account info
-                txtFirstName.Text = Server.HtmlDecode(user.FirstName);
+                txtFirstName.Text = PortalAntiXSS.DecodeOld(user.FirstName);
-                txtLastName.Text = Server.HtmlDecode(user.LastName);
+                txtLastName.Text = PortalAntiXSS.DecodeOld(user.LastName);
                 txtEmail.Text = user.Email;
                 txtSecondaryEmail.Text = user.SecondaryEmail;
                 ddlMailFormat.SelectedIndex = user.HtmlMail ? 1 : 0;
@@ -189,8 +188,8 @@ namespace WebsitePanel.Portal
                 user.IsPeer = true;
 
                 // account info
-                user.FirstName = Server.HtmlEncode(txtFirstName.Text);
+                user.FirstName = txtFirstName.Text;
-                user.LastName = Server.HtmlEncode(txtLastName.Text);
+                user.LastName = txtLastName.Text;
                 user.Email = txtEmail.Text;
                 user.SecondaryEmail = txtSecondaryEmail.Text;
                 user.HtmlMail = ddlMailFormat.SelectedIndex == 1;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ProviderControls/SmarterMail60_EditList.ascx.cs

@@ -1,4 +1,4 @@
-// Copyright (c) 2012, Outercurve Foundation.
+// Copyright (c) 2012, Outercurve Foundation.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without modification,
@@ -30,7 +30,6 @@
 using System.Web.UI.WebControls;
 using WebsitePanel.Providers.Mail;
 using WebsitePanel.WebPortal.Code.Controls;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal.ProviderControls
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ProviderControls/SmarterMail_EditList.ascx.cs

@@ -30,7 +30,6 @@ using System;
 using System.Web.UI.WebControls;
 using WebsitePanel.Providers.Mail;
 using WebsitePanel.WebPortal.Code.Controls;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal.ProviderControls
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Schedules.ascx

@@ -3,6 +3,7 @@
 <%@ Register Src="UserControls/UserDetails.ascx" TagName="UserDetails" TagPrefix="uc2" %>
 <%@ Register Src="UserControls/SearchBox.ascx" TagName="SearchBox" TagPrefix="uc1" %>
 <%@ Register Src="UserControls/Quota.ascx" TagName="Quota" TagPrefix="uc4" %>
+<%@ Import Namespace="WebsitePanel.Portal" %>
 
 <div class="FormButtonsBar">
     <div class="Left">
@@ -24,7 +25,7 @@
 			<HeaderStyle Wrap="false" />
 			<ItemTemplate>
 				<asp:hyperlink id="lnkEdit" runat="server" NavigateUrl='<%# EditUrl("ScheduleID", Eval("ScheduleID").ToString(), "edit", "SpaceID=" + PanelSecurity.PackageId) %>'>
-					<%# Eval("ScheduleName") %>
+					<%# PortalAntiXSS.Encode((string)Eval("ScheduleName")) %>
 				</asp:hyperlink>
 			</ItemTemplate>
 		</asp:TemplateField>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Schedules.ascx.designer.cs

@@ -1,10 +1,37 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.1434
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SchedulesEditSchedule.ascx.cs

@@ -34,7 +34,6 @@ using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
 using WebsitePanel.EnterpriseServer.Base.Scheduling;
 using WebsitePanel.Portal.Code.Framework;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -151,7 +150,7 @@ namespace WebsitePanel.Portal
 					// The view does not provide ability to set and get parameters.
 					return null;
 				}
-				view.ID = Microsoft.Security.Application.Encoder.HtmlEncode(taskId);
+				view.ID = taskId;
 				view.Visible = visible;
 				view.EnableTheming = true;
 				this.TaskParametersPlaceHolder.Controls.Add(view);
@@ -198,7 +197,7 @@ namespace WebsitePanel.Portal
                 ApplyPackageContextRestrictions(sc.PackageId);
                 PackageId = sc.PackageId;
 
-                txtTaskName.Text = Server.HtmlDecode(sc.ScheduleName);
+                txtTaskName.Text = sc.ScheduleName;
 
                 Utils.SelectListItem(ddlTaskType, sc.TaskId);
 
@@ -310,7 +309,7 @@ namespace WebsitePanel.Portal
             // gather form parameters
             ScheduleInfo sc = new ScheduleInfo();
             sc.ScheduleId = PanelRequest.ScheduleID;
-            sc.ScheduleName = Server.HtmlEncode(txtTaskName.Text.Trim());
+            sc.ScheduleName = txtTaskName.Text.Trim();
             sc.TaskId = ddlTaskType.SelectedValue;
 
             sc.PackageId = PanelSecurity.PackageId;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Servers.ascx

@@ -1,4 +1,5 @@
 <%@ Control Language="C#" AutoEventWireup="true" CodeBehind="Servers.ascx.cs" Inherits="WebsitePanel.Portal.Servers" %>
+<%@ Import Namespace="WebsitePanel.Portal" %>
 <div class="FormButtonsBar">
 	<asp:Button ID="btnAddItem" runat="server" meta:resourcekey="btnAddItem" Text="Add Server" CssClass="Button3" OnClick="btnAddItem_Click" /></td>
 </div>
@@ -11,13 +12,13 @@
 				<td class="Big">
 					<asp:hyperlink id=lnkEdit runat="server" CssClass="Black" NavigateUrl='<%# EditUrl("ServerID", Eval("ServerID").ToString(), "edit_server") %>'
 						Width=100% Height=100%>
-						<%# Eval("ServerName") %>
+						<%# PortalAntiXSS.EncodeOld((string)Eval("ServerName")) %>
 					</asp:hyperlink>
 				</td>
 			</tr>
 			<tr>
 				<td class="Normal">
-					<%# Eval("Comments") %>
+					<%# PortalAntiXSS.EncodeOld((string)Eval("Comments")) %>
 				</td>
 			</tr>
 			<tr>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Servers.ascx.designer.cs

@@ -1,19 +1,79 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.42
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 
 namespace WebsitePanel.Portal {
     
+    
     public partial class Servers {
-        protected System.Web.UI.WebControls.Button btnAddItem;
+        
-        protected System.Web.UI.WebControls.DataList dlServers;
+        /// <summary>
-        protected System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
+        /// btnAddItem control.
-        protected System.Web.UI.WebControls.Label lblEmptyList;
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnAddItem;
+        
+        /// <summary>
+        /// dlServers control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.DataList dlServers;
+        
+        /// <summary>
+        /// tblEmptyList control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
+        
+        /// <summary>
+        /// lblEmptyList control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblEmptyList;
     }
 }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ServersAddServer.ascx.cs

@@ -54,7 +54,7 @@ namespace WebsitePanel.Portal
                 return;
 
             ServerInfo server = new ServerInfo();
-            server.ServerName = Server.HtmlEncode(txtName.Text.Trim());
+            server.ServerName = txtName.Text.Trim();
             server.ServerUrl = txtUrl.Text.Trim();
             server.Password = serverPassword.Password;
             server.Comments = "";

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ServersEditServer.ascx.cs

@@ -84,8 +84,8 @@ namespace WebsitePanel.Portal
 				RedirectToBrowsePage();
 
             // header
-            txtName.Text = Server.HtmlDecode(server.ServerName);
+            txtName.Text = PortalAntiXSS.DecodeOld(server.ServerName);
-            txtComments.Text = Server.HtmlDecode(server.Comments);
+            txtComments.Text = PortalAntiXSS.DecodeOld(server.Comments);
 
             
             // connection
@@ -122,8 +122,8 @@ namespace WebsitePanel.Portal
 
             // header
             server.ServerId = PanelRequest.ServerId;
-            server.ServerName = Server.HtmlEncode(txtName.Text);
+            server.ServerName = txtName.Text;
-            server.Comments = Server.HtmlEncode(txtComments.Text);
+            server.Comments = txtComments.Text;
 
             // connection
             server.ServerUrl = txtUrl.Text;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SettingsExchangeMailboxPlansPolicy.ascx

@@ -4,6 +4,7 @@
 <%@ Register Src="UserControls/CollapsiblePanel.ascx" TagName="CollapsiblePanel" TagPrefix="wsp" %>
 <%@ Register Src="UserControls/SimpleMessageBox.ascx" TagName="SimpleMessageBox" TagPrefix="wsp" %>
 <%@ Register Src="UserControls/EnableAsyncTasksSupport.ascx" TagName="EnableAsyncTasksSupport" TagPrefix="wsp" %>
+<%@ Import Namespace="WebsitePanel.Portal" %>
 
     <wsp:EnableAsyncTasksSupport id="asyncTasks" runat="server"/>
     <wsp:SimpleMessageBox id="messageBox" runat="server" />
@@ -23,7 +24,7 @@
 			<asp:TemplateField HeaderText="gvMailboxPlan">
 				<ItemStyle Width="70%"></ItemStyle>
 				<ItemTemplate>
-					<asp:Label id="lnkDisplayMailboxPlan" runat="server" EnableViewState="true" ><%# Eval("MailboxPlan")%></asp:Label>
+					<asp:Label id="lnkDisplayMailboxPlan" runat="server" EnableViewState="true" ><%# PortalAntiXSS.Encode((string)Eval("MailboxPlan"))%></asp:Label>
                  </ItemTemplate>
 			</asp:TemplateField>
 			<asp:TemplateField>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SettingsExchangeMailboxPlansPolicy.ascx.cs

@@ -56,7 +56,7 @@ namespace WebsitePanel.Portal
         public void BindSettings(UserSettings settings)
         {
             BindMailboxPlans();
-
+            
             txtStatus.Visible = false;
         }
 
@@ -473,8 +473,5 @@ namespace WebsitePanel.Portal
 
             BindMailboxPlans();
         }
-
-
     }
-
 }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SettingsExchangeMailboxPlansPolicy.ascx.designer.cs

@@ -26,7 +26,6 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SkinControls/UserSpaceBreadcrumb.ascx.cs

@@ -78,11 +78,11 @@ namespace WebsitePanel.Portal.SkinControls
                     spanSpace.Visible = true;
                     pnlViewSpace.Visible = true;
 
-                    lnkSpace.Text = package.PackageName;
+                    lnkSpace.Text = PortalAntiXSS.EncodeOld(package.PackageName);
                     lnkSpace.NavigateUrl = PortalUtils.GetSpaceHomePageUrl(package.PackageId);
 
-					cmdSpaceName.Text = package.PackageName;
+                    cmdSpaceName.Text = PortalAntiXSS.EncodeOld(package.PackageName);
-					lblSpaceDescription.Text = package.PackageComments;
+                    lblSpaceDescription.Text = PortalAntiXSS.EncodeOld(package.PackageComments);
 
                     lnkCurrentPage.NavigateUrl = PortalUtils.NavigatePageURL(
                         PortalUtils.GetCurrentPageId(), "SpaceID", PanelSecurity.PackageId.ToString());
@@ -134,7 +134,7 @@ namespace WebsitePanel.Portal.SkinControls
         {
             // update space
             int result = ES.Services.Packages.UpdatePackageName(PanelSecurity.PackageId,
-                Server.HtmlEncode(txtName.Text), lblSpaceDescription.Text);
+                txtName.Text, lblSpaceDescription.Text);
 
             if (result < 0)
             {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SpaceDetails.ascx.cs

@@ -54,7 +54,7 @@ namespace WebsitePanel.Portal
             PackageInfo package = ES.Services.Packages.GetPackage(PanelSecurity.PackageId);
             if (package != null)
             {
-                litSpaceName.Text = package.PackageName;
+                litSpaceName.Text = PortalAntiXSS.EncodeOld(package.PackageName);
 
                 // bind space status
                 PackageStatus status = (PackageStatus)package.StatusId;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SpaceEditAddon.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -55,7 +54,16 @@ namespace WebsitePanel.Portal
 
         private void BindAddons(int userId)
         {
-            ddlPlan.DataSource = ES.Services.Packages.GetUserAvailableHostingAddons(userId);
+            HostingPlanInfo[] hpi = ES.Services.Packages.GetUserAvailableHostingAddons(userId);
+
+            // Next code is user for decoding incorectly stored plan names and descriptions with pre 1.2.2 installations
+            for (int i = 0; i < hpi.Length; i++)
+            {
+                hpi[i].PlanDescription = PortalAntiXSS.DecodeOld(hpi[i].PlanDescription);
+                hpi[i].PlanName = PortalAntiXSS.DecodeOld(hpi[i].PlanName);
+            }
+
+            ddlPlan.DataSource = hpi;
             ddlPlan.DataBind();
 
             ddlPlan.Items.Insert(0, new ListItem(GetLocalizedString("SelectHostingPlan.Text"), ""));
@@ -137,7 +145,7 @@ namespace WebsitePanel.Portal
                     if (result.Result < 0)
                     {
                         ShowResultMessage(result.Result);
-                        lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
+                        lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
                         return;
                     }
                 }
@@ -156,7 +164,7 @@ namespace WebsitePanel.Portal
                     if (result.Result < 0)
                     {
                         ShowResultMessage(result.Result);
-                        lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
+                        lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
                         return;
                     }
                 }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SpaceEditAddon.ascx.designer.cs

@@ -1,31 +1,187 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.42
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 
 namespace WebsitePanel.Portal {
     
+    
     public partial class SpaceEditAddon {
-        protected System.Web.UI.WebControls.Label lblMessage;
+        
-        protected System.Web.UI.WebControls.Label lblAddon;
+        /// <summary>
-        protected System.Web.UI.WebControls.DropDownList ddlPlan;
+        /// lblMessage control.
-        protected System.Web.UI.WebControls.RequiredFieldValidator planValidator;
+        /// </summary>
-        protected System.Web.UI.WebControls.Label lblQuantity;
+        /// <remarks>
-        protected System.Web.UI.WebControls.TextBox txtQuantity;
+        /// Auto-generated field.
-        protected System.Web.UI.WebControls.RequiredFieldValidator valQuantity;
+        /// To modify move field declaration from designer file to code-behind file.
-        protected System.Web.UI.WebControls.Label lblStatus;
+        /// </remarks>
-        protected System.Web.UI.WebControls.DropDownList ddlStatus;
+        protected global::System.Web.UI.WebControls.Label lblMessage;
-        protected System.Web.UI.WebControls.Label lblCreationDate;
+        
-        protected WebsitePanel.Portal.CalendarControl PurchaseDate;
+        /// <summary>
-        protected System.Web.UI.WebControls.Label lblComments;
+        /// lblAddon control.
-        protected System.Web.UI.WebControls.TextBox txtComments;
+        /// </summary>
-        protected System.Web.UI.WebControls.Button btnSave;
+        /// <remarks>
-        protected System.Web.UI.WebControls.Button btnCancel;
+        /// Auto-generated field.
-        protected System.Web.UI.WebControls.Button btnDelete;
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblAddon;
+        
+        /// <summary>
+        /// ddlPlan control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.DropDownList ddlPlan;
+        
+        /// <summary>
+        /// planValidator control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.RequiredFieldValidator planValidator;
+        
+        /// <summary>
+        /// lblQuantity control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblQuantity;
+        
+        /// <summary>
+        /// txtQuantity control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.TextBox txtQuantity;
+        
+        /// <summary>
+        /// valQuantity control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.RequiredFieldValidator valQuantity;
+        
+        /// <summary>
+        /// lblStatus control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblStatus;
+        
+        /// <summary>
+        /// ddlStatus control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.DropDownList ddlStatus;
+        
+        /// <summary>
+        /// lblCreationDate control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblCreationDate;
+        
+        /// <summary>
+        /// PurchaseDate control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::WebsitePanel.Portal.CalendarControl PurchaseDate;
+        
+        /// <summary>
+        /// lblComments control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblComments;
+        
+        /// <summary>
+        /// txtComments control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.TextBox txtComments;
+        
+        /// <summary>
+        /// btnSave control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnSave;
+        
+        /// <summary>
+        /// btnCancel control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnCancel;
+        
+        /// <summary>
+        /// btnDelete control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnDelete;
     }
 }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SpaceEditDetails.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -53,8 +52,8 @@ namespace WebsitePanel.Portal
                 BindHostingPlans();
 
                 // bind space
-                txtName.Text = Server.HtmlDecode(package.PackageName);
+                txtName.Text = PortalAntiXSS.DecodeOld(package.PackageName);
-                txtComments.Text = Server.HtmlDecode(package.PackageComments);
+                txtComments.Text = PortalAntiXSS.DecodeOld(package.PackageComments);
                 PurchaseDate.SelectedDate = package.PurchaseDate;
                 serverDetails.ServerId = package.ServerId;
                 Utils.SelectListItem(ddlPlan, package.PlanId);
@@ -110,8 +109,8 @@ namespace WebsitePanel.Portal
                 package = ES.Services.Packages.GetPackage(PanelSecurity.PackageId);
 
             package.PackageId = PanelSecurity.PackageId;
-            package.PackageName = Server.HtmlEncode(txtName.Text);
+            package.PackageName = txtName.Text;
-            package.PackageComments = Server.HtmlEncode(txtComments.Text);
+            package.PackageComments = txtComments.Text;
             package.PlanId = Utils.ParseInt(ddlPlan.SelectedValue, 0);
             package.PurchaseDate = PurchaseDate.SelectedDate;
 
@@ -129,7 +128,7 @@ namespace WebsitePanel.Portal
                 if (result.Result < 0)
                 {
                     ShowResultMessage(result.Result);
-                    lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
+                    lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
                     return;
                 }
             }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/SpaceNestedSpacesSummary.ascx.cs

@@ -38,7 +38,6 @@ using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
 
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -60,7 +59,7 @@ namespace WebsitePanel.Portal
             DataSet dsSpaces = ES.Services.Packages.GetNestedPackagesSummary(PanelSecurity.PackageId);
 
             // all customers
-            lnkAllSpaces.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Format("All Spaces ({0})", dsSpaces.Tables[0].Rows[0]["PackagesNumber"]));
+            lnkAllSpaces.Text = String.Format("All Spaces ({0})", dsSpaces.Tables[0].Rows[0]["PackagesNumber"]);
 
             // by status
             repSpaceStatuses.DataSource = dsSpaces.Tables[1];

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserAccountDetails.ascx.cs

@@ -60,8 +60,8 @@ namespace WebsitePanel.Portal
 
                 // bind account details
                 litUsername.Text = user.Username;
-                litFullName.Text = Utils.EllipsisString(user.FirstName + " " + user.LastName, 25);
+                litFullName.Text = Utils.EllipsisString(PortalAntiXSS.Encode(user.FirstName) + " " + PortalAntiXSS.Encode(user.LastName), 25);
-                litSubscriberNumber.Text = Server.HtmlDecode(user.SubscriberNumber);
+                litSubscriberNumber.Text = PortalAntiXSS.Encode(user.SubscriberNumber);
                 litRole.Text = PanelFormatter.GetUserRoleName(user.RoleId);
                 litCreated.Text = user.Created.ToString();
                 litUpdated.Text = user.Changed.ToString();

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserAccountEditDetails.ascx.cs

@@ -75,9 +75,9 @@ namespace WebsitePanel.Portal
                     rowDemo.Visible = !editAdminAccount;
 
                     // account info
-                    txtFirstName.Text = Server.HtmlDecode(user.FirstName);
+                    txtFirstName.Text = PortalAntiXSS.DecodeOld(user.FirstName);
-                    txtLastName.Text = Server.HtmlDecode(user.LastName);
+                    txtLastName.Text = PortalAntiXSS.DecodeOld(user.LastName);
-                    txtSubscriberNumber.Text = Server.HtmlDecode(user.SubscriberNumber);
+                    txtSubscriberNumber.Text = PortalAntiXSS.DecodeOld(user.SubscriberNumber);
                     txtEmail.Text = user.Email;
                     txtSecondaryEmail.Text = user.SecondaryEmail;
                     ddlMailFormat.SelectedIndex = user.HtmlMail ? 1 : 0;
@@ -127,9 +127,9 @@ namespace WebsitePanel.Portal
                 user.LoginStatusId = loginStatus.SelectedIndex;
                 
                 // account info
-                user.FirstName = Server.HtmlEncode(txtFirstName.Text);
+                user.FirstName = txtFirstName.Text;
-                user.LastName = Server.HtmlEncode(txtLastName.Text);
+                user.LastName = txtLastName.Text;
-                user.SubscriberNumber = Server.HtmlEncode(txtSubscriberNumber.Text);
+                user.SubscriberNumber = txtSubscriberNumber.Text;
                 user.Email = txtEmail.Text;
                 user.SecondaryEmail = txtSecondaryEmail.Text;
                 user.HtmlMail = ddlMailFormat.SelectedIndex == 1;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/AuditLogControl.ascx

@@ -1,5 +1,6 @@
 <%@ Control Language="C#" AutoEventWireup="true" CodeBehind="AuditLogControl.ascx.cs" Inherits="WebsitePanel.Portal.UserControls.AuditLogControl" %>
 <%@ Register Src="PopupHeader.ascx" TagName="PopupHeader" TagPrefix="wsp" %>
+<%@ Import Namespace="WebsitePanel.Portal" %>
 
 <table cellpadding="5" width="100%">
     <tr>
@@ -136,10 +137,10 @@
 		        </asp:LinkButton>
             </ItemTemplate>
         </asp:TemplateField>
-        <asp:TemplateField SortExpression="ItemName" HeaderText="gvLogItemName">
+        <asp:TemplateField SortExpression="ItemName" HeaderText="gvLogItemName" >
             <ItemStyle Wrap="false" />
             <ItemTemplate>
-		         <%# Eval("ItemName")%>
+		         <%# PortalAntiXSS.Encode((string)Eval("ItemName"))%>
             </ItemTemplate>
         </asp:TemplateField>
         <asp:TemplateField SortExpression="Username" HeaderText="gvLogUser">

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/AuditLogControl.ascx.cs

@@ -32,7 +32,7 @@ using System.Text;
 using System.Web.UI.WebControls;
 using System.Xml;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
+using WebsitePanel.Portal;
 
 namespace WebsitePanel.Portal.UserControls
 {
@@ -185,9 +185,9 @@ namespace WebsitePanel.Portal.UserControls
 					GetAuditLogSourceName((string)dr["SourceName"]));
                 // Task
 				sb.AppendFormat("\"{0}\",", 
-					Microsoft.Security.Application.Encoder.HtmlEncode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"])));
+					PortalAntiXSS.Encode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"])));
 				// Item-Name
-                sb.AppendFormat("\"{0}\",", Microsoft.Security.Application.Encoder.HtmlEncode(dr["ItemName"].ToString()));
+                sb.AppendFormat("\"{0}\",", PortalAntiXSS.Encode(dr["ItemName"].ToString()));
 				// Execution-Log
 				string executionLog = FormatPlainTextExecutionLog(
 					dr["ExecutionLog"].ToString(), DateTime.Parse(dr["StartDate"].ToString()));

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/AuditLogControl.ascx.designer.cs

@@ -1,10 +1,37 @@
-//------------------------------------------------------------------------------
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+//------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3053
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/EditItemComments.ascx.cs

@@ -103,7 +103,7 @@ namespace WebsitePanel.Portal
 
             try
             {
-                int result = ES.Services.Comments.AddComment(ItemTypeId, ItemId, Server.HtmlEncode(txtComments.Text), 2);
+                int result = ES.Services.Comments.AddComment(ItemTypeId, ItemId, txtComments.Text, 2);
                 if (result < 0)
                 {
                     HostModule.ShowResultMessage(result);
@@ -125,7 +125,7 @@ namespace WebsitePanel.Portal
 
         public string WrapComment(string text)
         {
-            return (text != null) ? text.Replace("\n", "<br/>") : text;
+            return (text != null) ? PortalAntiXSS.EncodeOld(text.Replace("\n", "<br/>")) : text;
         }
 
         protected void gvComments_RowDeleting(object sender, GridViewDeleteEventArgs e)

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/MessageBox.ascx.cs

@@ -39,7 +39,6 @@ using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
 
 using System.Web.Services.Protocols;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -81,7 +80,7 @@ namespace WebsitePanel.Portal
                 try
                 {
                     // technical details
-                    litPageUrl.Text = Microsoft.Security.Application.Encoder.HtmlEncode(Request.Url.ToString());
+                    litPageUrl.Text = PortalAntiXSS.Encode(Request.Url.ToString());
                     litLoggedUser.Text = PanelSecurity.LoggedUser.Username;
                     litSelectedUser.Text = PanelSecurity.SelectedUser.Username;
                     litPackageName.Text = PanelSecurity.PackageId.ToString();

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/PasswordControl.ascx.cs

@@ -41,7 +41,6 @@ using System.Web.UI.WebControls.WebParts;
 using System.Web.UI.HtmlControls;
 
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/UsernameControl.ascx.cs

@@ -30,7 +30,6 @@ using System;
 using System.Text;
 using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -71,7 +70,7 @@ namespace WebsitePanel.Portal
         public string Text
         {
             get { return EditMode ? txtName.Text.Trim() : litPrefix.Text + txtName.Text.Trim() + litSuffix.Text; }
-            set { txtName.Text = value; lblName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(value); }
+            set { txtName.Text = value; lblName.Text = PortalAntiXSS.Encode(value); }
         }
 
         private UserInfo PolicyUser

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserCreateSpace.ascx.cs

@@ -29,7 +29,6 @@
 using System;
 using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -136,7 +135,7 @@ namespace WebsitePanel.Portal
                 if (result.Result < 0)
                 {
                     ShowResultMessage(result.Result);
-                    lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
+                    lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
                     return;
                 }
                 else

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserCustomers.ascx

@@ -63,7 +63,7 @@
 				</asp:hyperlink>
 			</ItemTemplate>
 		</asp:TemplateField>
-		<asp:BoundField DataField="FullName" HtmlEncode="false" SortExpression="FullName" HeaderText="gvUsersName">
+		<asp:BoundField DataField="FullName" HtmlEncode="true" SortExpression="FullName" HeaderText="gvUsersName">
 		    <HeaderStyle Wrap="false" />
             <ItemStyle Wrap="False" />
         </asp:BoundField>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserCustomersSummary.ascx.cs

@@ -30,7 +30,6 @@ using System;
 using System.Data;
 using System.Web.UI;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal
 {
@@ -52,7 +51,7 @@ namespace WebsitePanel.Portal
             DataSet dsUsers = ES.Services.Users.GetUsersSummary(PanelSecurity.SelectedUserId);
 
             // all customers
-			lnkAllCustomers.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Format(GetLocalizedString("AllCustomers.Text"),
+			lnkAllCustomers.Text = PortalAntiXSS.Encode(String.Format(GetLocalizedString("AllCustomers.Text"),
 				dsUsers.Tables[0].Rows[0]["UsersNumber"]));
 
             // by status

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserSpaces.ascx

@@ -2,6 +2,7 @@
 <%@ Import Namespace="WebsitePanel.Portal" %>
 <%@ Register Src="UserControls/ServerDetails.ascx" TagName="ServerDetails" TagPrefix="uc3" %>
 <%@ Register Src="UserControls/Comments.ascx" TagName="Comments" TagPrefix="uc4" %>
+<%@ Import Namespace="WebsitePanel.Portal" %>
 
 
 <asp:Panel id="ButtonsPanel" runat="server" class="FormButtonsBar">
@@ -62,7 +63,7 @@
             <ItemStyle Width="40%"></ItemStyle>
             <ItemTemplate>
 	            <asp:hyperlink id=lnkEdit runat="server" CssClass="Medium" NavigateUrl='<%# GetSpaceHomePageUrl((int)Eval("PackageID")) %>'>
-		            <%# Eval("PackageName") %>
+		            <%# PortalAntiXSS.EncodeOld((string) Eval("PackageName")) %>
 	            </asp:hyperlink>
             </ItemTemplate>
         </asp:TemplateField>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserSpaces.ascx.designer.cs

@@ -1,10 +1,37 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3074
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VPS/RemoteDesktop/Connect.aspx.cs

@@ -1,4 +1,4 @@
-// Copyright (c) 2012, Outercurve Foundation.
+// Copyright (c) 2012, Outercurve Foundation.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without modification,
@@ -29,7 +29,6 @@
 using System;
 using WebsitePanel.Providers.Virtualization;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal.VPS.RemoteDesktop
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VPS/VdcCreateServer.ascx.cs

@@ -1,4 +1,4 @@
-// Copyright (c) 2012, Outercurve Foundation.
+// Copyright (c) 2012, Outercurve Foundation.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without modification,
@@ -35,7 +35,6 @@ using WebsitePanel.EnterpriseServer;
 using WebsitePanel.Providers.Virtualization;
 using WebsitePanel.Providers.Common;
 using WebsitePanel.Providers.ResultObjects;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal.VPS
 {
@@ -239,17 +238,17 @@ namespace WebsitePanel.Portal.VPS
         private void BindSummary()
         {
             // general
-            litHostname.Text =  Microsoft.Security.Application.Encoder.HtmlEncode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
+            litHostname.Text =  PortalAntiXSS.Encode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
             litOperatingSystem.Text = listOperatingSystems.SelectedItem.Text;
 
-            litSummaryEmail.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSummaryEmail.Text.Trim());
+            litSummaryEmail.Text = PortalAntiXSS.Encode(txtSummaryEmail.Text.Trim());
             SummSummaryEmailRow.Visible = chkSendSummary.Checked;
 
             // config
-            litCpu.Text = Microsoft.Security.Application.Encoder.HtmlEncode(ddlCpu.SelectedValue);
+            litCpu.Text = PortalAntiXSS.Encode(ddlCpu.SelectedValue);
-            litRam.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtRam.Text.Trim());
+            litRam.Text = PortalAntiXSS.Encode(txtRam.Text.Trim());
-            litHdd.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtHdd.Text.Trim());
+            litHdd.Text = PortalAntiXSS.Encode(txtHdd.Text.Trim());
-            litSnapshots.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSnapshots.Text.Trim());
+            litSnapshots.Text = PortalAntiXSS.Encode(txtSnapshots.Text.Trim());
             optionDvdInstalled.Value = chkDvdInstalled.Checked;
             optionBootFromCd.Value = chkBootFromCd.Checked;
             optionNumLock.Value = chkNumLock.Checked;
@@ -262,23 +261,23 @@ namespace WebsitePanel.Portal.VPS
             // external network
             optionExternalNetwork.Value = chkExternalNetworkEnabled.Checked;
             SummExternalAddressesNumberRow.Visible = radioExternalRandom.Checked && chkExternalNetworkEnabled.Checked;
-            litExternalAddressesNumber.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtExternalAddressesNumber.Text.Trim());
+            litExternalAddressesNumber.Text = PortalAntiXSS.Encode(txtExternalAddressesNumber.Text.Trim());
             SummExternalAddressesListRow.Visible = radioExternalSelected.Checked && chkExternalNetworkEnabled.Checked;
 
             List<string> ipAddresses = new List<string>();
             foreach (ListItem li in listExternalAddresses.Items)
                 if (li.Selected)
                     ipAddresses.Add(li.Text);
-            litExternalAddresses.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Join(", ", ipAddresses.ToArray()));
+            litExternalAddresses.Text = PortalAntiXSS.Encode(String.Join(", ", ipAddresses.ToArray()));
 
             // private network
             optionPrivateNetwork.Value = chkPrivateNetworkEnabled.Checked;
             SummPrivateAddressesNumberRow.Visible = radioPrivateRandom.Checked && chkPrivateNetworkEnabled.Checked && (ViewState["DHCP"] == null);
-            litPrivateAddressesNumber.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtPrivateAddressesNumber.Text.Trim());
+            litPrivateAddressesNumber.Text = PortalAntiXSS.Encode(txtPrivateAddressesNumber.Text.Trim());
             SummPrivateAddressesListRow.Visible = radioPrivateSelected.Checked && chkPrivateNetworkEnabled.Checked && (ViewState["DHCP"] == null);
 
             string[] privIps = Utils.ParseDelimitedString(txtPrivateAddressesList.Text, '\n', '\r', ' ', '\t');
-            litPrivateAddressesList.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Join(", ", privIps));
+            litPrivateAddressesList.Text = PortalAntiXSS.Encode(String.Join(", ", privIps));
         }
 
         protected void wizard_FinishButtonClick(object sender, WizardNavigationEventArgs e)

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VPSForPC/RemoteDesktop/Connect.aspx.cs

@@ -1,4 +1,4 @@
-// Copyright (c) 2012, Outercurve Foundation.
+// Copyright (c) 2012, Outercurve Foundation.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without modification,
@@ -29,7 +29,6 @@
 using System;
 using WebsitePanel.Providers.Virtualization;
 using WebsitePanel.EnterpriseServer;
-using Microsoft.Security.Application;
 
 namespace WebsitePanel.Portal.VPSForPC.RemoteDesktop
 {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VPSForPC/VdcCreateServer.ascx.cs

@@ -35,7 +35,6 @@ using WebsitePanel.EnterpriseServer;
 using WebsitePanel.Providers.Virtualization;
 using WebsitePanel.Providers.Common;
 using WebsitePanel.Providers.ResultObjects;
-using Microsoft.Security.Application;
 using System.Resources;
 
 namespace WebsitePanel.Portal.VPSForPC
@@ -264,17 +263,17 @@ namespace WebsitePanel.Portal.VPSForPC
 		{
 			// general
 			litHostname.Text = txtVmName.Text.Trim();
-			//            litHostname.Text =  Microsoft.Security.Application.Encoder.HtmlEncode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
+			//            litHostname.Text =  PortalAntiXSS.Decode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
 			litOperatingSystem.Text = listOperatingSystems.SelectedItem.Text;
 
-			litSummaryEmail.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSummaryEmail.Text.Trim());
+			litSummaryEmail.Text = PortalAntiXSS.Encode(txtSummaryEmail.Text.Trim());
 			SummSummaryEmailRow.Visible = chkSendSummary.Checked;
 
 			// config
-			litCpu.Text = Microsoft.Security.Application.Encoder.HtmlEncode(ddlCpu.SelectedValue);
+            litCpu.Text = PortalAntiXSS.Encode(ddlCpu.SelectedValue);
-			litRam.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtRam.Text.Trim());
+            litRam.Text = PortalAntiXSS.Encode(txtRam.Text.Trim());
-			litHdd.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtHdd.Text.Trim());
+            litHdd.Text = PortalAntiXSS.Encode(txtHdd.Text.Trim());
-			//litSnapshots.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSnapshots.Text.Trim());
+			//litSnapshots.Text = PortalAntiXSS.Decode(txtSnapshots.Text.Trim());
 			//optionDvdInstalled.Value = chkDvdInstalled.Checked;
 			//optionBootFromCd.Value = chkBootFromCd.Checked;
 			//optionNumLock.Value = chkNumLock.Checked;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VirtualServers.ascx

@@ -1,4 +1,5 @@
 <%@ Control Language="C#" AutoEventWireup="true" CodeBehind="VirtualServers.ascx.cs" Inherits="WebsitePanel.Portal.VirtualServers" %>
+<%@ Import Namespace="WebsitePanel.Portal" %>
 <div class="FormButtonsBar">
 	<asp:Button ID="btnAddItem" runat="server" meta:resourcekey="btnAddItem" Text="Add Server" CssClass="Button3" OnClick="btnAddItem_Click" />
 </div>
@@ -11,13 +12,13 @@
 				<td class="Big">
 					<asp:hyperlink id=lnkEdit CssClass="Black" runat="server" NavigateUrl='<%# EditUrl("ServerID", Eval("ServerID").ToString(), "edit_server") %>'
 						Width=100% Height=100%>
-						<%# Eval("ServerName") %>
+						<%# PortalAntiXSS.EncodeOld((string)Eval("ServerName")) %>
 					</asp:hyperlink>
 				</td>
 			</tr>
 			<tr>
 				<td class="Normal">
-					<%# Eval("Comments") %>
+					<%# PortalAntiXSS.EncodeOld((string)Eval("Comments")) %>
 				</td>
 			</tr>
 			<tr>

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VirtualServers.ascx.designer.cs

@@ -1,19 +1,79 @@
+// Copyright (c) 2012, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.42
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
+//     the code is regenerated. 
 // </auto-generated>
 //------------------------------------------------------------------------------
 
 namespace WebsitePanel.Portal {
     
+    
     public partial class VirtualServers {
-        protected System.Web.UI.WebControls.Button btnAddItem;
+        
-        protected System.Web.UI.WebControls.DataList dlServers;
+        /// <summary>
-        protected System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
+        /// btnAddItem control.
-        protected System.Web.UI.WebControls.Label lblEmptyList;
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnAddItem;
+        
+        /// <summary>
+        /// dlServers control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.DataList dlServers;
+        
+        /// <summary>
+        /// tblEmptyList control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
+        
+        /// <summary>
+        /// lblEmptyList control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label lblEmptyList;
     }
 }

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VirtualServersAddServer.ascx.cs

@@ -54,8 +54,8 @@ namespace WebsitePanel.Portal
                 return;
 
             ServerInfo server = new ServerInfo();
-            server.ServerName = Server.HtmlEncode(txtName.Text.Trim());
+            server.ServerName = txtName.Text.Trim();
-            server.Comments = Server.HtmlEncode(txtComments.Text);
+            server.Comments = txtComments.Text;
             server.VirtualServer = true;
 
             int serverId = 0;

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/VirtualServersEditServer.ascx.cs

@@ -75,8 +75,8 @@ namespace WebsitePanel.Portal
                 RedirectToBrowsePage();
 
             // header
-            txtName.Text = Server.HtmlDecode(server.ServerName);
+            txtName.Text = PortalAntiXSS.DecodeOld(server.ServerName);
-            txtComments.Text = Server.HtmlDecode(server.Comments);
+            txtComments.Text = PortalAntiXSS.DecodeOld(server.Comments);
 
             Utils.SelectListItem(ddlPrimaryGroup, server.PrimaryGroupId);
 
@@ -175,8 +175,8 @@ namespace WebsitePanel.Portal
 
             // header
             server.ServerId = PanelRequest.ServerId;
-            server.ServerName = Server.HtmlEncode(txtName.Text);
+            server.ServerName = txtName.Text;
-            server.Comments = Server.HtmlEncode(txtComments.Text);
+            server.Comments = txtComments.Text;
             server.PrimaryGroupId = Utils.ParseInt(ddlPrimaryGroup.SelectedValue, 0);
 
             // instant alias

WebsitePanel/Sources/WebsitePanel.WebPortal/WebsitePanel.WebPortal.csproj

@@ -172,6 +172,7 @@
     <Compile Include="Code\Adapters\WebControlAdapterExtender.cs" />
     <Compile Include="Code\ContentPane.cs" />
     <Compile Include="Code\Controls\DesktopContextValidator.cs" />
+    <Compile Include="Code\PortalAntiXSS.cs" />
     <Compile Include="Code\PortalUtils.cs" />
     <Compile Include="Code\SecureSessionModule.cs" />
     <Compile Include="Code\WebPortalControlBase.cs">