Update AntiXSS Protection
This commit is contained in:
Virtuworks
parent
27fab29a16
commit
3e5581611c
63 changed files with 636 additions and 183 deletions
Binary file not shown.
|
|
@ -0,0 +1,59 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
using System;
|
||||
//using System.Collections.Generic;
|
||||
//using System.Linq;
|
||||
using System.Web;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
//usage
|
||||
//<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
//using WebsitePanel.Portal;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
public class PortalAntiXSS
|
||||
{
|
||||
public static string Encode(string input)
|
||||
{
|
||||
return Encoder.HtmlEncode(input);
|
||||
}
|
||||
|
||||
public static string EncodeOld(string input)
|
||||
{
|
||||
return Encoder.HtmlEncode(HttpUtility.HtmlDecode(input)); // HtmlDecode is used for compatability reasons with WSP pre-1.2.2 versions
|
||||
}
|
||||
|
||||
public static string DecodeOld(string input)
|
||||
{
|
||||
return HttpUtility.HtmlDecode(input); // HtmlDecode is used for compatability reasons with WSP pre-1.2.2 versions
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -35,7 +35,6 @@ using System.Security.Cryptography;
|
|||
using System.Runtime.Serialization;
|
||||
using System.Globalization;
|
||||
using System.Text;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.WebPortal
|
||||
{
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ using System.Web.UI.WebControls;
|
|||
using System.Web.UI.WebControls.WebParts;
|
||||
using System.Web.UI.HtmlControls;
|
||||
using System.Globalization;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.Portal;
|
||||
|
||||
namespace WebsitePanel.WebPortal
|
||||
{
|
||||
|
|
@ -387,7 +387,7 @@ namespace WebsitePanel.WebPortal
|
|||
{
|
||||
Label lbl = new Label();
|
||||
lbl.Text =
|
||||
Microsoft.Security.Application.Encoder.HtmlEncode("<div style=\"height:300px;overflow:auto;\">" + message.Replace("\n", "<br>") +
|
||||
PortalAntiXSS.Encode("<div style=\"height:300px;overflow:auto;\">" + message.Replace("\n", "<br>") +
|
||||
"</div>");
|
||||
lbl.ForeColor = Color.Red;
|
||||
lbl.Font.Bold = true;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@
|
|||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
using System;
|
||||
using Microsoft.Security.Application;
|
||||
using WSP = WebsitePanel.Portal;
|
||||
using WebsitePanel.Ecommerce.EnterpriseServer;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ using System;
|
|||
using System.Data;
|
||||
using System.Text;
|
||||
using System.Web.UI.WebControls;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ using System.Web.UI;
|
|||
using System.Web.UI.WebControls;
|
||||
using System.Web.UI.WebControls.WebParts;
|
||||
using System.Web.UI.HtmlControls;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ using System.Web.UI.WebControls.WebParts;
|
|||
using System.Web.UI.HtmlControls;
|
||||
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -94,7 +93,7 @@ namespace WebsitePanel.Portal
|
|||
i++;
|
||||
}
|
||||
|
||||
litTotal.Text = Microsoft.Security.Application.Encoder.HtmlEncode(DiskspaceTotal.ToString());
|
||||
litTotal.Text = PortalAntiXSS.Encode(DiskspaceTotal.ToString());
|
||||
|
||||
// get summary
|
||||
gvSummary.DataSource = ds;
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.Providers.HostedSolution;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
|
||||
namespace WebsitePanel.Portal.ExchangeServer
|
||||
|
|
@ -64,7 +63,7 @@ namespace WebsitePanel.Portal.ExchangeServer
|
|||
ExchangeContact contact = ES.Services.ExchangeServer.GetContactGeneralSettings(PanelRequest.ItemID,
|
||||
PanelRequest.AccountID);
|
||||
|
||||
litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(contact.DisplayName);
|
||||
litDisplayName.Text = PortalAntiXSS.Encode(contact.DisplayName);
|
||||
|
||||
// bind form
|
||||
txtDisplayName.Text = contact.DisplayName;
|
||||
|
|
@ -146,7 +145,7 @@ namespace WebsitePanel.Portal.ExchangeServer
|
|||
return;
|
||||
}
|
||||
|
||||
litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtDisplayName.Text);
|
||||
litDisplayName.Text = PortalAntiXSS.Encode(txtDisplayName.Text);
|
||||
|
||||
messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_CONTACT_SETTINGS");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ using System.Web.UI.WebControls.WebParts;
|
|||
using System.Web.UI.HtmlControls;
|
||||
|
||||
using WebsitePanel.Providers.HostedSolution;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
|
||||
namespace WebsitePanel.Portal.ExchangeServer
|
||||
|
|
@ -63,7 +62,7 @@ namespace WebsitePanel.Portal.ExchangeServer
|
|||
ExchangeDistributionList dlist = ES.Services.ExchangeServer.GetDistributionListGeneralSettings(
|
||||
PanelRequest.ItemID, PanelRequest.AccountID);
|
||||
|
||||
litDisplayName.Text = dlist.DisplayName;
|
||||
litDisplayName.Text = PortalAntiXSS.Encode(dlist.DisplayName);
|
||||
|
||||
// bind form
|
||||
txtDisplayName.Text = dlist.DisplayName;
|
||||
|
|
@ -105,7 +104,7 @@ namespace WebsitePanel.Portal.ExchangeServer
|
|||
return;
|
||||
}
|
||||
|
||||
litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtDisplayName.Text);
|
||||
litDisplayName.Text = PortalAntiXSS.Encode(txtDisplayName.Text);
|
||||
|
||||
messageBox.ShowSuccessMessage("EXCHANGE_UPDATE_DLIST_SETTINGS");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using WebsitePanel.Providers.HostedSolution;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal.ExchangeServer
|
||||
{
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using WebsitePanel.Providers.HostedSolution;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
using System.Collections.Generic;
|
||||
using System.Text;
|
||||
using System.Reflection;
|
||||
|
|
@ -120,7 +119,7 @@ namespace WebsitePanel.Portal.ExchangeServer
|
|||
string origName = litDisplayName.Text;
|
||||
origName = origName.Substring(0, origName.LastIndexOf("\\"));
|
||||
|
||||
litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(origName + txtName.Text);
|
||||
litDisplayName.Text = PortalAntiXSS.Encode(origName + txtName.Text);
|
||||
|
||||
BindSettings();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using WebsitePanel.Providers.HostedSolution;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.Providers.ResultObjects;
|
||||
|
||||
namespace WebsitePanel.Portal.HostedSolution
|
||||
|
|
@ -70,7 +69,7 @@ namespace WebsitePanel.Portal.HostedSolution
|
|||
OrganizationUser user = ES.Services.Organizations.GetUserGeneralSettings(PanelRequest.ItemID,
|
||||
PanelRequest.AccountID);
|
||||
|
||||
litDisplayName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(user.DisplayName);
|
||||
litDisplayName.Text = PortalAntiXSS.Encode(user.DisplayName);
|
||||
|
||||
lblUserDomainName.Text = user.DomainUserName;
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ using System.Text;
|
|||
using System.Web;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.Providers.OS;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -243,7 +242,7 @@ function SetCreateZipFocus()
|
|||
{
|
||||
if (e.CommandName == "browse")
|
||||
{
|
||||
litPath.Text = HttpContext.Current.Server.HtmlEncode((string)e.CommandArgument);
|
||||
litPath.Text = PortalAntiXSS.Encode((string)e.CommandArgument);
|
||||
BindPath();
|
||||
}
|
||||
}
|
||||
|
|
@ -697,7 +696,7 @@ function SetCreateZipFocus()
|
|||
if (e.CommandName == "browse")
|
||||
{
|
||||
string fileName = (string)e.CommandArgument;
|
||||
litPath.Text += HttpContext.Current.Server.HtmlEncode((litPath.Text != "\\") ? ("\\" + fileName) : fileName);
|
||||
litPath.Text += PortalAntiXSS.Encode((litPath.Text != "\\") ? ("\\" + fileName) : fileName);
|
||||
BindPath();
|
||||
}
|
||||
else if (e.CommandName == "download")
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@
|
|||
<ItemStyle Width="100%"></ItemStyle>
|
||||
<ItemTemplate>
|
||||
<b><asp:hyperlink id="lnkEdit" runat="server" NavigateUrl='<%# EditUrl("PlanID", Eval("PlanID").ToString(), "edit_addon", "UserID=" + Eval("UserID").ToString()) %>'>
|
||||
<%# Eval("PlanName") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string) Eval("PlanName")) %>
|
||||
</asp:hyperlink></b><br />
|
||||
<%# Eval("PlanDescription") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string) Eval("PlanDescription")) %>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
<asp:TemplateField>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.3074
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using System.Web;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -79,8 +78,8 @@ namespace WebsitePanel.Portal
|
|||
}
|
||||
|
||||
// bind plan
|
||||
txtPlanName.Text = Server.HtmlDecode(plan.PlanName);
|
||||
txtPlanDescription.Text = Server.HtmlDecode(plan.PlanDescription);
|
||||
txtPlanName.Text = PortalAntiXSS.DecodeOld(plan.PlanName);
|
||||
txtPlanDescription.Text = PortalAntiXSS.DecodeOld(plan.PlanDescription);
|
||||
//chkAvailable.Checked = plan.Available;
|
||||
|
||||
//txtSetupPrice.Text = plan.SetupPrice.ToString("0.00");
|
||||
|
|
@ -107,8 +106,8 @@ namespace WebsitePanel.Portal
|
|||
plan.UserId = PanelSecurity.SelectedUserId;
|
||||
plan.PlanId = PanelRequest.PlanID;
|
||||
plan.IsAddon = true;
|
||||
plan.PlanName = Server.HtmlEncode(txtPlanName.Text);
|
||||
plan.PlanDescription = Server.HtmlEncode(txtPlanDescription.Text);
|
||||
plan.PlanName = txtPlanName.Text;
|
||||
plan.PlanDescription = txtPlanDescription.Text;
|
||||
plan.Available = true; // always available
|
||||
|
||||
plan.SetupPrice = 0;
|
||||
|
|
@ -144,7 +143,7 @@ namespace WebsitePanel.Portal
|
|||
try
|
||||
{
|
||||
PackageResult result = ES.Services.Packages.UpdateHostingPlan(plan);
|
||||
lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
if (result.Result < 0)
|
||||
{
|
||||
ShowResultMessage(result.Result);
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@
|
|||
<ItemStyle Width="100%"></ItemStyle>
|
||||
<ItemTemplate>
|
||||
<b><asp:hyperlink id="lnkEdit" runat="server" NavigateUrl='<%# EditUrl("PlanID", Eval("PlanID").ToString(), "edit_plan", "UserID=" + Eval("UserID").ToString()) %>'>
|
||||
<%# Eval("PlanName") %>
|
||||
<%# PortalAntiXSS.Encode((string)Eval("PlanName")) %>
|
||||
</asp:hyperlink></b><br />
|
||||
<%# Eval("PlanDescription") %>
|
||||
<%# PortalAntiXSS.Encode((string)Eval("PlanDescription")) %>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
<asp:TemplateField>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.3074
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ using System;
|
|||
using System.Web;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -104,8 +103,8 @@ namespace WebsitePanel.Portal
|
|||
}
|
||||
|
||||
// bind plan
|
||||
txtPlanName.Text = Server.HtmlDecode(plan.PlanName);
|
||||
txtPlanDescription.Text = Server.HtmlDecode(plan.PlanDescription);
|
||||
txtPlanName.Text = PortalAntiXSS.DecodeOld(plan.PlanName);
|
||||
txtPlanDescription.Text = PortalAntiXSS.DecodeOld(plan.PlanDescription);
|
||||
//chkAvailable.Checked = plan.Available;
|
||||
|
||||
//txtSetupPrice.Text = plan.SetupPrice.ToString("0.00");
|
||||
|
|
@ -137,8 +136,8 @@ namespace WebsitePanel.Portal
|
|||
plan.UserId = PanelSecurity.SelectedUserId;
|
||||
plan.PlanId = PanelRequest.PlanID;
|
||||
plan.IsAddon = false;
|
||||
plan.PlanName = Server.HtmlEncode(txtPlanName.Text);
|
||||
plan.PlanDescription = Server.HtmlEncode(txtPlanDescription.Text);
|
||||
plan.PlanName = txtPlanName.Text;
|
||||
plan.PlanDescription = txtPlanDescription.Text;
|
||||
plan.Available = true; // always available
|
||||
|
||||
plan.SetupPrice = 0;
|
||||
|
|
@ -196,7 +195,7 @@ namespace WebsitePanel.Portal
|
|||
if (result.Result < 0)
|
||||
{
|
||||
ShowResultMessage(result.Result);
|
||||
lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,8 +64,8 @@ namespace WebsitePanel.Portal
|
|||
userPassword.SetUserPolicy(user.UserId, UserSettings.WEBSITEPANEL_POLICY, "PasswordPolicy");
|
||||
|
||||
// account info
|
||||
txtFirstName.Text = Server.HtmlDecode(user.FirstName);
|
||||
txtLastName.Text = Server.HtmlDecode(user.LastName);
|
||||
txtFirstName.Text = PortalAntiXSS.DecodeOld(user.FirstName);
|
||||
txtLastName.Text = PortalAntiXSS.DecodeOld(user.LastName);
|
||||
txtEmail.Text = user.Email;
|
||||
txtSecondaryEmail.Text = user.SecondaryEmail;
|
||||
lblUsername.Text = user.Username;
|
||||
|
|
@ -106,8 +106,8 @@ namespace WebsitePanel.Portal
|
|||
{
|
||||
// gather data from form
|
||||
// account info
|
||||
user.FirstName = Server.HtmlEncode(txtFirstName.Text);
|
||||
user.LastName = Server.HtmlEncode(txtLastName.Text);
|
||||
user.FirstName = txtFirstName.Text;
|
||||
user.LastName = txtLastName.Text;
|
||||
user.Email = txtEmail.Text;
|
||||
user.SecondaryEmail = txtSecondaryEmail.Text;
|
||||
user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ using System.Web.UI;
|
|||
using System.Web.UI.WebControls;
|
||||
using System.Web.UI.WebControls.WebParts;
|
||||
using System.Web.UI.HtmlControls;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
|
|
@ -111,8 +110,8 @@ namespace WebsitePanel.Portal
|
|||
userPassword.ValidationGroup = "NewPassword";
|
||||
|
||||
// account info
|
||||
txtFirstName.Text = Server.HtmlDecode(user.FirstName);
|
||||
txtLastName.Text = Server.HtmlDecode(user.LastName);
|
||||
txtFirstName.Text = PortalAntiXSS.DecodeOld(user.FirstName);
|
||||
txtLastName.Text = PortalAntiXSS.DecodeOld(user.LastName);
|
||||
txtEmail.Text = user.Email;
|
||||
txtSecondaryEmail.Text = user.SecondaryEmail;
|
||||
ddlMailFormat.SelectedIndex = user.HtmlMail ? 1 : 0;
|
||||
|
|
@ -189,8 +188,8 @@ namespace WebsitePanel.Portal
|
|||
user.IsPeer = true;
|
||||
|
||||
// account info
|
||||
user.FirstName = Server.HtmlEncode(txtFirstName.Text);
|
||||
user.LastName = Server.HtmlEncode(txtLastName.Text);
|
||||
user.FirstName = txtFirstName.Text;
|
||||
user.LastName = txtLastName.Text;
|
||||
user.Email = txtEmail.Text;
|
||||
user.SecondaryEmail = txtSecondaryEmail.Text;
|
||||
user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
|
|
@ -30,7 +30,6 @@
|
|||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.Providers.Mail;
|
||||
using WebsitePanel.WebPortal.Code.Controls;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal.ProviderControls
|
||||
{
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ using System;
|
|||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.Providers.Mail;
|
||||
using WebsitePanel.WebPortal.Code.Controls;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal.ProviderControls
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
<%@ Register Src="UserControls/UserDetails.ascx" TagName="UserDetails" TagPrefix="uc2" %>
|
||||
<%@ Register Src="UserControls/SearchBox.ascx" TagName="SearchBox" TagPrefix="uc1" %>
|
||||
<%@ Register Src="UserControls/Quota.ascx" TagName="Quota" TagPrefix="uc4" %>
|
||||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
|
||||
<div class="FormButtonsBar">
|
||||
<div class="Left">
|
||||
|
|
@ -24,7 +25,7 @@
|
|||
<HeaderStyle Wrap="false" />
|
||||
<ItemTemplate>
|
||||
<asp:hyperlink id="lnkEdit" runat="server" NavigateUrl='<%# EditUrl("ScheduleID", Eval("ScheduleID").ToString(), "edit", "SpaceID=" + PanelSecurity.PackageId) %>'>
|
||||
<%# Eval("ScheduleName") %>
|
||||
<%# PortalAntiXSS.Encode((string)Eval("ScheduleName")) %>
|
||||
</asp:hyperlink>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.1434
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ using System.Web.UI.WebControls;
|
|||
using WebsitePanel.EnterpriseServer;
|
||||
using WebsitePanel.EnterpriseServer.Base.Scheduling;
|
||||
using WebsitePanel.Portal.Code.Framework;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -151,7 +150,7 @@ namespace WebsitePanel.Portal
|
|||
// The view does not provide ability to set and get parameters.
|
||||
return null;
|
||||
}
|
||||
view.ID = Microsoft.Security.Application.Encoder.HtmlEncode(taskId);
|
||||
view.ID = taskId;
|
||||
view.Visible = visible;
|
||||
view.EnableTheming = true;
|
||||
this.TaskParametersPlaceHolder.Controls.Add(view);
|
||||
|
|
@ -198,7 +197,7 @@ namespace WebsitePanel.Portal
|
|||
ApplyPackageContextRestrictions(sc.PackageId);
|
||||
PackageId = sc.PackageId;
|
||||
|
||||
txtTaskName.Text = Server.HtmlDecode(sc.ScheduleName);
|
||||
txtTaskName.Text = sc.ScheduleName;
|
||||
|
||||
Utils.SelectListItem(ddlTaskType, sc.TaskId);
|
||||
|
||||
|
|
@ -310,7 +309,7 @@ namespace WebsitePanel.Portal
|
|||
// gather form parameters
|
||||
ScheduleInfo sc = new ScheduleInfo();
|
||||
sc.ScheduleId = PanelRequest.ScheduleID;
|
||||
sc.ScheduleName = Server.HtmlEncode(txtTaskName.Text.Trim());
|
||||
sc.ScheduleName = txtTaskName.Text.Trim();
|
||||
sc.TaskId = ddlTaskType.SelectedValue;
|
||||
|
||||
sc.PackageId = PanelSecurity.PackageId;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="Servers.ascx.cs" Inherits="WebsitePanel.Portal.Servers" %>
|
||||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
<div class="FormButtonsBar">
|
||||
<asp:Button ID="btnAddItem" runat="server" meta:resourcekey="btnAddItem" Text="Add Server" CssClass="Button3" OnClick="btnAddItem_Click" /></td>
|
||||
</div>
|
||||
|
|
@ -11,13 +12,13 @@
|
|||
<td class="Big">
|
||||
<asp:hyperlink id=lnkEdit runat="server" CssClass="Black" NavigateUrl='<%# EditUrl("ServerID", Eval("ServerID").ToString(), "edit_server") %>'
|
||||
Width=100% Height=100%>
|
||||
<%# Eval("ServerName") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string)Eval("ServerName")) %>
|
||||
</asp:hyperlink>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="Normal">
|
||||
<%# Eval("Comments") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string)Eval("Comments")) %>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.42
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
@ -10,10 +37,43 @@
|
|||
|
||||
namespace WebsitePanel.Portal {
|
||||
|
||||
|
||||
public partial class Servers {
|
||||
protected System.Web.UI.WebControls.Button btnAddItem;
|
||||
protected System.Web.UI.WebControls.DataList dlServers;
|
||||
protected System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
|
||||
protected System.Web.UI.WebControls.Label lblEmptyList;
|
||||
|
||||
/// <summary>
|
||||
/// btnAddItem control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Button btnAddItem;
|
||||
|
||||
/// <summary>
|
||||
/// dlServers control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.DataList dlServers;
|
||||
|
||||
/// <summary>
|
||||
/// tblEmptyList control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
|
||||
|
||||
/// <summary>
|
||||
/// lblEmptyList control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblEmptyList;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ namespace WebsitePanel.Portal
|
|||
return;
|
||||
|
||||
ServerInfo server = new ServerInfo();
|
||||
server.ServerName = Server.HtmlEncode(txtName.Text.Trim());
|
||||
server.ServerName = txtName.Text.Trim();
|
||||
server.ServerUrl = txtUrl.Text.Trim();
|
||||
server.Password = serverPassword.Password;
|
||||
server.Comments = "";
|
||||
|
|
|
|||
|
|
@ -84,8 +84,8 @@ namespace WebsitePanel.Portal
|
|||
RedirectToBrowsePage();
|
||||
|
||||
// header
|
||||
txtName.Text = Server.HtmlDecode(server.ServerName);
|
||||
txtComments.Text = Server.HtmlDecode(server.Comments);
|
||||
txtName.Text = PortalAntiXSS.DecodeOld(server.ServerName);
|
||||
txtComments.Text = PortalAntiXSS.DecodeOld(server.Comments);
|
||||
|
||||
|
||||
// connection
|
||||
|
|
@ -122,8 +122,8 @@ namespace WebsitePanel.Portal
|
|||
|
||||
// header
|
||||
server.ServerId = PanelRequest.ServerId;
|
||||
server.ServerName = Server.HtmlEncode(txtName.Text);
|
||||
server.Comments = Server.HtmlEncode(txtComments.Text);
|
||||
server.ServerName = txtName.Text;
|
||||
server.Comments = txtComments.Text;
|
||||
|
||||
// connection
|
||||
server.ServerUrl = txtUrl.Text;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
<%@ Register Src="UserControls/CollapsiblePanel.ascx" TagName="CollapsiblePanel" TagPrefix="wsp" %>
|
||||
<%@ Register Src="UserControls/SimpleMessageBox.ascx" TagName="SimpleMessageBox" TagPrefix="wsp" %>
|
||||
<%@ Register Src="UserControls/EnableAsyncTasksSupport.ascx" TagName="EnableAsyncTasksSupport" TagPrefix="wsp" %>
|
||||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
|
||||
<wsp:EnableAsyncTasksSupport id="asyncTasks" runat="server"/>
|
||||
<wsp:SimpleMessageBox id="messageBox" runat="server" />
|
||||
|
|
@ -23,7 +24,7 @@
|
|||
<asp:TemplateField HeaderText="gvMailboxPlan">
|
||||
<ItemStyle Width="70%"></ItemStyle>
|
||||
<ItemTemplate>
|
||||
<asp:Label id="lnkDisplayMailboxPlan" runat="server" EnableViewState="true" ><%# Eval("MailboxPlan")%></asp:Label>
|
||||
<asp:Label id="lnkDisplayMailboxPlan" runat="server" EnableViewState="true" ><%# PortalAntiXSS.Encode((string)Eval("MailboxPlan"))%></asp:Label>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
<asp:TemplateField>
|
||||
|
|
|
|||
|
|
@ -473,8 +473,5 @@ namespace WebsitePanel.Portal
|
|||
|
||||
BindMailboxPlans();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -26,7 +26,6 @@
|
|||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
|
|
|
|||
|
|
@ -78,11 +78,11 @@ namespace WebsitePanel.Portal.SkinControls
|
|||
spanSpace.Visible = true;
|
||||
pnlViewSpace.Visible = true;
|
||||
|
||||
lnkSpace.Text = package.PackageName;
|
||||
lnkSpace.Text = PortalAntiXSS.EncodeOld(package.PackageName);
|
||||
lnkSpace.NavigateUrl = PortalUtils.GetSpaceHomePageUrl(package.PackageId);
|
||||
|
||||
cmdSpaceName.Text = package.PackageName;
|
||||
lblSpaceDescription.Text = package.PackageComments;
|
||||
cmdSpaceName.Text = PortalAntiXSS.EncodeOld(package.PackageName);
|
||||
lblSpaceDescription.Text = PortalAntiXSS.EncodeOld(package.PackageComments);
|
||||
|
||||
lnkCurrentPage.NavigateUrl = PortalUtils.NavigatePageURL(
|
||||
PortalUtils.GetCurrentPageId(), "SpaceID", PanelSecurity.PackageId.ToString());
|
||||
|
|
@ -134,7 +134,7 @@ namespace WebsitePanel.Portal.SkinControls
|
|||
{
|
||||
// update space
|
||||
int result = ES.Services.Packages.UpdatePackageName(PanelSecurity.PackageId,
|
||||
Server.HtmlEncode(txtName.Text), lblSpaceDescription.Text);
|
||||
txtName.Text, lblSpaceDescription.Text);
|
||||
|
||||
if (result < 0)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ namespace WebsitePanel.Portal
|
|||
PackageInfo package = ES.Services.Packages.GetPackage(PanelSecurity.PackageId);
|
||||
if (package != null)
|
||||
{
|
||||
litSpaceName.Text = package.PackageName;
|
||||
litSpaceName.Text = PortalAntiXSS.EncodeOld(package.PackageName);
|
||||
|
||||
// bind space status
|
||||
PackageStatus status = (PackageStatus)package.StatusId;
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -55,7 +54,16 @@ namespace WebsitePanel.Portal
|
|||
|
||||
private void BindAddons(int userId)
|
||||
{
|
||||
ddlPlan.DataSource = ES.Services.Packages.GetUserAvailableHostingAddons(userId);
|
||||
HostingPlanInfo[] hpi = ES.Services.Packages.GetUserAvailableHostingAddons(userId);
|
||||
|
||||
// Next code is user for decoding incorectly stored plan names and descriptions with pre 1.2.2 installations
|
||||
for (int i = 0; i < hpi.Length; i++)
|
||||
{
|
||||
hpi[i].PlanDescription = PortalAntiXSS.DecodeOld(hpi[i].PlanDescription);
|
||||
hpi[i].PlanName = PortalAntiXSS.DecodeOld(hpi[i].PlanName);
|
||||
}
|
||||
|
||||
ddlPlan.DataSource = hpi;
|
||||
ddlPlan.DataBind();
|
||||
|
||||
ddlPlan.Items.Insert(0, new ListItem(GetLocalizedString("SelectHostingPlan.Text"), ""));
|
||||
|
|
@ -137,7 +145,7 @@ namespace WebsitePanel.Portal
|
|||
if (result.Result < 0)
|
||||
{
|
||||
ShowResultMessage(result.Result);
|
||||
lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
@ -156,7 +164,7 @@ namespace WebsitePanel.Portal
|
|||
if (result.Result < 0)
|
||||
{
|
||||
ShowResultMessage(result.Result);
|
||||
lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.42
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
@ -10,22 +37,151 @@
|
|||
|
||||
namespace WebsitePanel.Portal {
|
||||
|
||||
|
||||
public partial class SpaceEditAddon {
|
||||
protected System.Web.UI.WebControls.Label lblMessage;
|
||||
protected System.Web.UI.WebControls.Label lblAddon;
|
||||
protected System.Web.UI.WebControls.DropDownList ddlPlan;
|
||||
protected System.Web.UI.WebControls.RequiredFieldValidator planValidator;
|
||||
protected System.Web.UI.WebControls.Label lblQuantity;
|
||||
protected System.Web.UI.WebControls.TextBox txtQuantity;
|
||||
protected System.Web.UI.WebControls.RequiredFieldValidator valQuantity;
|
||||
protected System.Web.UI.WebControls.Label lblStatus;
|
||||
protected System.Web.UI.WebControls.DropDownList ddlStatus;
|
||||
protected System.Web.UI.WebControls.Label lblCreationDate;
|
||||
protected WebsitePanel.Portal.CalendarControl PurchaseDate;
|
||||
protected System.Web.UI.WebControls.Label lblComments;
|
||||
protected System.Web.UI.WebControls.TextBox txtComments;
|
||||
protected System.Web.UI.WebControls.Button btnSave;
|
||||
protected System.Web.UI.WebControls.Button btnCancel;
|
||||
protected System.Web.UI.WebControls.Button btnDelete;
|
||||
|
||||
/// <summary>
|
||||
/// lblMessage control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblMessage;
|
||||
|
||||
/// <summary>
|
||||
/// lblAddon control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblAddon;
|
||||
|
||||
/// <summary>
|
||||
/// ddlPlan control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.DropDownList ddlPlan;
|
||||
|
||||
/// <summary>
|
||||
/// planValidator control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.RequiredFieldValidator planValidator;
|
||||
|
||||
/// <summary>
|
||||
/// lblQuantity control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblQuantity;
|
||||
|
||||
/// <summary>
|
||||
/// txtQuantity control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.TextBox txtQuantity;
|
||||
|
||||
/// <summary>
|
||||
/// valQuantity control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.RequiredFieldValidator valQuantity;
|
||||
|
||||
/// <summary>
|
||||
/// lblStatus control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblStatus;
|
||||
|
||||
/// <summary>
|
||||
/// ddlStatus control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.DropDownList ddlStatus;
|
||||
|
||||
/// <summary>
|
||||
/// lblCreationDate control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblCreationDate;
|
||||
|
||||
/// <summary>
|
||||
/// PurchaseDate control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::WebsitePanel.Portal.CalendarControl PurchaseDate;
|
||||
|
||||
/// <summary>
|
||||
/// lblComments control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblComments;
|
||||
|
||||
/// <summary>
|
||||
/// txtComments control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.TextBox txtComments;
|
||||
|
||||
/// <summary>
|
||||
/// btnSave control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Button btnSave;
|
||||
|
||||
/// <summary>
|
||||
/// btnCancel control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Button btnCancel;
|
||||
|
||||
/// <summary>
|
||||
/// btnDelete control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Button btnDelete;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -53,8 +52,8 @@ namespace WebsitePanel.Portal
|
|||
BindHostingPlans();
|
||||
|
||||
// bind space
|
||||
txtName.Text = Server.HtmlDecode(package.PackageName);
|
||||
txtComments.Text = Server.HtmlDecode(package.PackageComments);
|
||||
txtName.Text = PortalAntiXSS.DecodeOld(package.PackageName);
|
||||
txtComments.Text = PortalAntiXSS.DecodeOld(package.PackageComments);
|
||||
PurchaseDate.SelectedDate = package.PurchaseDate;
|
||||
serverDetails.ServerId = package.ServerId;
|
||||
Utils.SelectListItem(ddlPlan, package.PlanId);
|
||||
|
|
@ -110,8 +109,8 @@ namespace WebsitePanel.Portal
|
|||
package = ES.Services.Packages.GetPackage(PanelSecurity.PackageId);
|
||||
|
||||
package.PackageId = PanelSecurity.PackageId;
|
||||
package.PackageName = Server.HtmlEncode(txtName.Text);
|
||||
package.PackageComments = Server.HtmlEncode(txtComments.Text);
|
||||
package.PackageName = txtName.Text;
|
||||
package.PackageComments = txtComments.Text;
|
||||
package.PlanId = Utils.ParseInt(ddlPlan.SelectedValue, 0);
|
||||
package.PurchaseDate = PurchaseDate.SelectedDate;
|
||||
|
||||
|
|
@ -129,7 +128,7 @@ namespace WebsitePanel.Portal
|
|||
if (result.Result < 0)
|
||||
{
|
||||
ShowResultMessage(result.Result);
|
||||
lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ using System.Web.UI.WebControls.WebParts;
|
|||
using System.Web.UI.HtmlControls;
|
||||
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -60,7 +59,7 @@ namespace WebsitePanel.Portal
|
|||
DataSet dsSpaces = ES.Services.Packages.GetNestedPackagesSummary(PanelSecurity.PackageId);
|
||||
|
||||
// all customers
|
||||
lnkAllSpaces.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Format("All Spaces ({0})", dsSpaces.Tables[0].Rows[0]["PackagesNumber"]));
|
||||
lnkAllSpaces.Text = String.Format("All Spaces ({0})", dsSpaces.Tables[0].Rows[0]["PackagesNumber"]);
|
||||
|
||||
// by status
|
||||
repSpaceStatuses.DataSource = dsSpaces.Tables[1];
|
||||
|
|
|
|||
|
|
@ -60,8 +60,8 @@ namespace WebsitePanel.Portal
|
|||
|
||||
// bind account details
|
||||
litUsername.Text = user.Username;
|
||||
litFullName.Text = Utils.EllipsisString(user.FirstName + " " + user.LastName, 25);
|
||||
litSubscriberNumber.Text = Server.HtmlDecode(user.SubscriberNumber);
|
||||
litFullName.Text = Utils.EllipsisString(PortalAntiXSS.Encode(user.FirstName) + " " + PortalAntiXSS.Encode(user.LastName), 25);
|
||||
litSubscriberNumber.Text = PortalAntiXSS.Encode(user.SubscriberNumber);
|
||||
litRole.Text = PanelFormatter.GetUserRoleName(user.RoleId);
|
||||
litCreated.Text = user.Created.ToString();
|
||||
litUpdated.Text = user.Changed.ToString();
|
||||
|
|
|
|||
|
|
@ -75,9 +75,9 @@ namespace WebsitePanel.Portal
|
|||
rowDemo.Visible = !editAdminAccount;
|
||||
|
||||
// account info
|
||||
txtFirstName.Text = Server.HtmlDecode(user.FirstName);
|
||||
txtLastName.Text = Server.HtmlDecode(user.LastName);
|
||||
txtSubscriberNumber.Text = Server.HtmlDecode(user.SubscriberNumber);
|
||||
txtFirstName.Text = PortalAntiXSS.DecodeOld(user.FirstName);
|
||||
txtLastName.Text = PortalAntiXSS.DecodeOld(user.LastName);
|
||||
txtSubscriberNumber.Text = PortalAntiXSS.DecodeOld(user.SubscriberNumber);
|
||||
txtEmail.Text = user.Email;
|
||||
txtSecondaryEmail.Text = user.SecondaryEmail;
|
||||
ddlMailFormat.SelectedIndex = user.HtmlMail ? 1 : 0;
|
||||
|
|
@ -127,9 +127,9 @@ namespace WebsitePanel.Portal
|
|||
user.LoginStatusId = loginStatus.SelectedIndex;
|
||||
|
||||
// account info
|
||||
user.FirstName = Server.HtmlEncode(txtFirstName.Text);
|
||||
user.LastName = Server.HtmlEncode(txtLastName.Text);
|
||||
user.SubscriberNumber = Server.HtmlEncode(txtSubscriberNumber.Text);
|
||||
user.FirstName = txtFirstName.Text;
|
||||
user.LastName = txtLastName.Text;
|
||||
user.SubscriberNumber = txtSubscriberNumber.Text;
|
||||
user.Email = txtEmail.Text;
|
||||
user.SecondaryEmail = txtSecondaryEmail.Text;
|
||||
user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="AuditLogControl.ascx.cs" Inherits="WebsitePanel.Portal.UserControls.AuditLogControl" %>
|
||||
<%@ Register Src="PopupHeader.ascx" TagName="PopupHeader" TagPrefix="wsp" %>
|
||||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
|
||||
<table cellpadding="5" width="100%">
|
||||
<tr>
|
||||
|
|
@ -136,10 +137,10 @@
|
|||
</asp:LinkButton>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
<asp:TemplateField SortExpression="ItemName" HeaderText="gvLogItemName">
|
||||
<asp:TemplateField SortExpression="ItemName" HeaderText="gvLogItemName" >
|
||||
<ItemStyle Wrap="false" />
|
||||
<ItemTemplate>
|
||||
<%# Eval("ItemName")%>
|
||||
<%# PortalAntiXSS.Encode((string)Eval("ItemName"))%>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
<asp:TemplateField SortExpression="Username" HeaderText="gvLogUser">
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ using System.Text;
|
|||
using System.Web.UI.WebControls;
|
||||
using System.Xml;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
using WebsitePanel.Portal;
|
||||
|
||||
namespace WebsitePanel.Portal.UserControls
|
||||
{
|
||||
|
|
@ -185,9 +185,9 @@ namespace WebsitePanel.Portal.UserControls
|
|||
GetAuditLogSourceName((string)dr["SourceName"]));
|
||||
// Task
|
||||
sb.AppendFormat("\"{0}\",",
|
||||
Microsoft.Security.Application.Encoder.HtmlEncode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"])));
|
||||
PortalAntiXSS.Encode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"])));
|
||||
// Item-Name
|
||||
sb.AppendFormat("\"{0}\",", Microsoft.Security.Application.Encoder.HtmlEncode(dr["ItemName"].ToString()));
|
||||
sb.AppendFormat("\"{0}\",", PortalAntiXSS.Encode(dr["ItemName"].ToString()));
|
||||
// Execution-Log
|
||||
string executionLog = FormatPlainTextExecutionLog(
|
||||
dr["ExecutionLog"].ToString(), DateTime.Parse(dr["StartDate"].ToString()));
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
//------------------------------------------------------------------------------
|
||||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.3053
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ namespace WebsitePanel.Portal
|
|||
|
||||
try
|
||||
{
|
||||
int result = ES.Services.Comments.AddComment(ItemTypeId, ItemId, Server.HtmlEncode(txtComments.Text), 2);
|
||||
int result = ES.Services.Comments.AddComment(ItemTypeId, ItemId, txtComments.Text, 2);
|
||||
if (result < 0)
|
||||
{
|
||||
HostModule.ShowResultMessage(result);
|
||||
|
|
@ -125,7 +125,7 @@ namespace WebsitePanel.Portal
|
|||
|
||||
public string WrapComment(string text)
|
||||
{
|
||||
return (text != null) ? text.Replace("\n", "<br/>") : text;
|
||||
return (text != null) ? PortalAntiXSS.EncodeOld(text.Replace("\n", "<br/>")) : text;
|
||||
}
|
||||
|
||||
protected void gvComments_RowDeleting(object sender, GridViewDeleteEventArgs e)
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ using System.Web.UI.WebControls.WebParts;
|
|||
using System.Web.UI.HtmlControls;
|
||||
|
||||
using System.Web.Services.Protocols;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -81,7 +80,7 @@ namespace WebsitePanel.Portal
|
|||
try
|
||||
{
|
||||
// technical details
|
||||
litPageUrl.Text = Microsoft.Security.Application.Encoder.HtmlEncode(Request.Url.ToString());
|
||||
litPageUrl.Text = PortalAntiXSS.Encode(Request.Url.ToString());
|
||||
litLoggedUser.Text = PanelSecurity.LoggedUser.Username;
|
||||
litSelectedUser.Text = PanelSecurity.SelectedUser.Username;
|
||||
litPackageName.Text = PanelSecurity.PackageId.ToString();
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ using System.Web.UI.WebControls.WebParts;
|
|||
using System.Web.UI.HtmlControls;
|
||||
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ using System;
|
|||
using System.Text;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -71,7 +70,7 @@ namespace WebsitePanel.Portal
|
|||
public string Text
|
||||
{
|
||||
get { return EditMode ? txtName.Text.Trim() : litPrefix.Text + txtName.Text.Trim() + litSuffix.Text; }
|
||||
set { txtName.Text = value; lblName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(value); }
|
||||
set { txtName.Text = value; lblName.Text = PortalAntiXSS.Encode(value); }
|
||||
}
|
||||
|
||||
private UserInfo PolicyUser
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using System.Web.UI.WebControls;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -136,7 +135,7 @@ namespace WebsitePanel.Portal
|
|||
if (result.Result < 0)
|
||||
{
|
||||
ShowResultMessage(result.Result);
|
||||
lblMessage.Text = Microsoft.Security.Application.Encoder.HtmlEncode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
lblMessage.Text = PortalAntiXSS.Encode(GetExceedingQuotasMessage(result.ExceedingQuotas));
|
||||
return;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@
|
|||
</asp:hyperlink>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
<asp:BoundField DataField="FullName" HtmlEncode="false" SortExpression="FullName" HeaderText="gvUsersName">
|
||||
<asp:BoundField DataField="FullName" HtmlEncode="true" SortExpression="FullName" HeaderText="gvUsersName">
|
||||
<HeaderStyle Wrap="false" />
|
||||
<ItemStyle Wrap="False" />
|
||||
</asp:BoundField>
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ using System;
|
|||
using System.Data;
|
||||
using System.Web.UI;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal
|
||||
{
|
||||
|
|
@ -52,7 +51,7 @@ namespace WebsitePanel.Portal
|
|||
DataSet dsUsers = ES.Services.Users.GetUsersSummary(PanelSecurity.SelectedUserId);
|
||||
|
||||
// all customers
|
||||
lnkAllCustomers.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Format(GetLocalizedString("AllCustomers.Text"),
|
||||
lnkAllCustomers.Text = PortalAntiXSS.Encode(String.Format(GetLocalizedString("AllCustomers.Text"),
|
||||
dsUsers.Tables[0].Rows[0]["UsersNumber"]));
|
||||
|
||||
// by status
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
<%@ Register Src="UserControls/ServerDetails.ascx" TagName="ServerDetails" TagPrefix="uc3" %>
|
||||
<%@ Register Src="UserControls/Comments.ascx" TagName="Comments" TagPrefix="uc4" %>
|
||||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
|
||||
|
||||
<asp:Panel id="ButtonsPanel" runat="server" class="FormButtonsBar">
|
||||
|
|
@ -62,7 +63,7 @@
|
|||
<ItemStyle Width="40%"></ItemStyle>
|
||||
<ItemTemplate>
|
||||
<asp:hyperlink id=lnkEdit runat="server" CssClass="Medium" NavigateUrl='<%# GetSpaceHomePageUrl((int)Eval("PackageID")) %>'>
|
||||
<%# Eval("PackageName") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string) Eval("PackageName")) %>
|
||||
</asp:hyperlink>
|
||||
</ItemTemplate>
|
||||
</asp:TemplateField>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.3074
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using WebsitePanel.Providers.Virtualization;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal.VPS.RemoteDesktop
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
|
|
@ -35,7 +35,6 @@ using WebsitePanel.EnterpriseServer;
|
|||
using WebsitePanel.Providers.Virtualization;
|
||||
using WebsitePanel.Providers.Common;
|
||||
using WebsitePanel.Providers.ResultObjects;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal.VPS
|
||||
{
|
||||
|
|
@ -239,17 +238,17 @@ namespace WebsitePanel.Portal.VPS
|
|||
private void BindSummary()
|
||||
{
|
||||
// general
|
||||
litHostname.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
|
||||
litHostname.Text = PortalAntiXSS.Encode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
|
||||
litOperatingSystem.Text = listOperatingSystems.SelectedItem.Text;
|
||||
|
||||
litSummaryEmail.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSummaryEmail.Text.Trim());
|
||||
litSummaryEmail.Text = PortalAntiXSS.Encode(txtSummaryEmail.Text.Trim());
|
||||
SummSummaryEmailRow.Visible = chkSendSummary.Checked;
|
||||
|
||||
// config
|
||||
litCpu.Text = Microsoft.Security.Application.Encoder.HtmlEncode(ddlCpu.SelectedValue);
|
||||
litRam.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtRam.Text.Trim());
|
||||
litHdd.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtHdd.Text.Trim());
|
||||
litSnapshots.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSnapshots.Text.Trim());
|
||||
litCpu.Text = PortalAntiXSS.Encode(ddlCpu.SelectedValue);
|
||||
litRam.Text = PortalAntiXSS.Encode(txtRam.Text.Trim());
|
||||
litHdd.Text = PortalAntiXSS.Encode(txtHdd.Text.Trim());
|
||||
litSnapshots.Text = PortalAntiXSS.Encode(txtSnapshots.Text.Trim());
|
||||
optionDvdInstalled.Value = chkDvdInstalled.Checked;
|
||||
optionBootFromCd.Value = chkBootFromCd.Checked;
|
||||
optionNumLock.Value = chkNumLock.Checked;
|
||||
|
|
@ -262,23 +261,23 @@ namespace WebsitePanel.Portal.VPS
|
|||
// external network
|
||||
optionExternalNetwork.Value = chkExternalNetworkEnabled.Checked;
|
||||
SummExternalAddressesNumberRow.Visible = radioExternalRandom.Checked && chkExternalNetworkEnabled.Checked;
|
||||
litExternalAddressesNumber.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtExternalAddressesNumber.Text.Trim());
|
||||
litExternalAddressesNumber.Text = PortalAntiXSS.Encode(txtExternalAddressesNumber.Text.Trim());
|
||||
SummExternalAddressesListRow.Visible = radioExternalSelected.Checked && chkExternalNetworkEnabled.Checked;
|
||||
|
||||
List<string> ipAddresses = new List<string>();
|
||||
foreach (ListItem li in listExternalAddresses.Items)
|
||||
if (li.Selected)
|
||||
ipAddresses.Add(li.Text);
|
||||
litExternalAddresses.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Join(", ", ipAddresses.ToArray()));
|
||||
litExternalAddresses.Text = PortalAntiXSS.Encode(String.Join(", ", ipAddresses.ToArray()));
|
||||
|
||||
// private network
|
||||
optionPrivateNetwork.Value = chkPrivateNetworkEnabled.Checked;
|
||||
SummPrivateAddressesNumberRow.Visible = radioPrivateRandom.Checked && chkPrivateNetworkEnabled.Checked && (ViewState["DHCP"] == null);
|
||||
litPrivateAddressesNumber.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtPrivateAddressesNumber.Text.Trim());
|
||||
litPrivateAddressesNumber.Text = PortalAntiXSS.Encode(txtPrivateAddressesNumber.Text.Trim());
|
||||
SummPrivateAddressesListRow.Visible = radioPrivateSelected.Checked && chkPrivateNetworkEnabled.Checked && (ViewState["DHCP"] == null);
|
||||
|
||||
string[] privIps = Utils.ParseDelimitedString(txtPrivateAddressesList.Text, '\n', '\r', ' ', '\t');
|
||||
litPrivateAddressesList.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Join(", ", privIps));
|
||||
litPrivateAddressesList.Text = PortalAntiXSS.Encode(String.Join(", ", privIps));
|
||||
}
|
||||
|
||||
protected void wizard_FinishButtonClick(object sender, WizardNavigationEventArgs e)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
|
|
@ -29,7 +29,6 @@
|
|||
using System;
|
||||
using WebsitePanel.Providers.Virtualization;
|
||||
using WebsitePanel.EnterpriseServer;
|
||||
using Microsoft.Security.Application;
|
||||
|
||||
namespace WebsitePanel.Portal.VPSForPC.RemoteDesktop
|
||||
{
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ using WebsitePanel.EnterpriseServer;
|
|||
using WebsitePanel.Providers.Virtualization;
|
||||
using WebsitePanel.Providers.Common;
|
||||
using WebsitePanel.Providers.ResultObjects;
|
||||
using Microsoft.Security.Application;
|
||||
using System.Resources;
|
||||
|
||||
namespace WebsitePanel.Portal.VPSForPC
|
||||
|
|
@ -264,17 +263,17 @@ namespace WebsitePanel.Portal.VPSForPC
|
|||
{
|
||||
// general
|
||||
litHostname.Text = txtVmName.Text.Trim();
|
||||
// litHostname.Text = Microsoft.Security.Application.Encoder.HtmlEncode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
|
||||
// litHostname.Text = PortalAntiXSS.Decode(String.Format("{0}.{1}", txtHostname.Text.Trim(), txtDomain.Text.Trim()));
|
||||
litOperatingSystem.Text = listOperatingSystems.SelectedItem.Text;
|
||||
|
||||
litSummaryEmail.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSummaryEmail.Text.Trim());
|
||||
litSummaryEmail.Text = PortalAntiXSS.Encode(txtSummaryEmail.Text.Trim());
|
||||
SummSummaryEmailRow.Visible = chkSendSummary.Checked;
|
||||
|
||||
// config
|
||||
litCpu.Text = Microsoft.Security.Application.Encoder.HtmlEncode(ddlCpu.SelectedValue);
|
||||
litRam.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtRam.Text.Trim());
|
||||
litHdd.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtHdd.Text.Trim());
|
||||
//litSnapshots.Text = Microsoft.Security.Application.Encoder.HtmlEncode(txtSnapshots.Text.Trim());
|
||||
litCpu.Text = PortalAntiXSS.Encode(ddlCpu.SelectedValue);
|
||||
litRam.Text = PortalAntiXSS.Encode(txtRam.Text.Trim());
|
||||
litHdd.Text = PortalAntiXSS.Encode(txtHdd.Text.Trim());
|
||||
//litSnapshots.Text = PortalAntiXSS.Decode(txtSnapshots.Text.Trim());
|
||||
//optionDvdInstalled.Value = chkDvdInstalled.Checked;
|
||||
//optionBootFromCd.Value = chkBootFromCd.Checked;
|
||||
//optionNumLock.Value = chkNumLock.Checked;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="VirtualServers.ascx.cs" Inherits="WebsitePanel.Portal.VirtualServers" %>
|
||||
<%@ Import Namespace="WebsitePanel.Portal" %>
|
||||
<div class="FormButtonsBar">
|
||||
<asp:Button ID="btnAddItem" runat="server" meta:resourcekey="btnAddItem" Text="Add Server" CssClass="Button3" OnClick="btnAddItem_Click" />
|
||||
</div>
|
||||
|
|
@ -11,13 +12,13 @@
|
|||
<td class="Big">
|
||||
<asp:hyperlink id=lnkEdit CssClass="Black" runat="server" NavigateUrl='<%# EditUrl("ServerID", Eval("ServerID").ToString(), "edit_server") %>'
|
||||
Width=100% Height=100%>
|
||||
<%# Eval("ServerName") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string)Eval("ServerName")) %>
|
||||
</asp:hyperlink>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="Normal">
|
||||
<%# Eval("Comments") %>
|
||||
<%# PortalAntiXSS.EncodeOld((string)Eval("Comments")) %>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,34 @@
|
|||
// Copyright (c) 2012, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:2.0.50727.42
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
|
|
@ -10,10 +37,43 @@
|
|||
|
||||
namespace WebsitePanel.Portal {
|
||||
|
||||
|
||||
public partial class VirtualServers {
|
||||
protected System.Web.UI.WebControls.Button btnAddItem;
|
||||
protected System.Web.UI.WebControls.DataList dlServers;
|
||||
protected System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
|
||||
protected System.Web.UI.WebControls.Label lblEmptyList;
|
||||
|
||||
/// <summary>
|
||||
/// btnAddItem control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Button btnAddItem;
|
||||
|
||||
/// <summary>
|
||||
/// dlServers control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.DataList dlServers;
|
||||
|
||||
/// <summary>
|
||||
/// tblEmptyList control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.HtmlControls.HtmlTable tblEmptyList;
|
||||
|
||||
/// <summary>
|
||||
/// lblEmptyList control.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Auto-generated field.
|
||||
/// To modify move field declaration from designer file to code-behind file.
|
||||
/// </remarks>
|
||||
protected global::System.Web.UI.WebControls.Label lblEmptyList;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,8 +54,8 @@ namespace WebsitePanel.Portal
|
|||
return;
|
||||
|
||||
ServerInfo server = new ServerInfo();
|
||||
server.ServerName = Server.HtmlEncode(txtName.Text.Trim());
|
||||
server.Comments = Server.HtmlEncode(txtComments.Text);
|
||||
server.ServerName = txtName.Text.Trim();
|
||||
server.Comments = txtComments.Text;
|
||||
server.VirtualServer = true;
|
||||
|
||||
int serverId = 0;
|
||||
|
|
|
|||
|
|
@ -75,8 +75,8 @@ namespace WebsitePanel.Portal
|
|||
RedirectToBrowsePage();
|
||||
|
||||
// header
|
||||
txtName.Text = Server.HtmlDecode(server.ServerName);
|
||||
txtComments.Text = Server.HtmlDecode(server.Comments);
|
||||
txtName.Text = PortalAntiXSS.DecodeOld(server.ServerName);
|
||||
txtComments.Text = PortalAntiXSS.DecodeOld(server.Comments);
|
||||
|
||||
Utils.SelectListItem(ddlPrimaryGroup, server.PrimaryGroupId);
|
||||
|
||||
|
|
@ -175,8 +175,8 @@ namespace WebsitePanel.Portal
|
|||
|
||||
// header
|
||||
server.ServerId = PanelRequest.ServerId;
|
||||
server.ServerName = Server.HtmlEncode(txtName.Text);
|
||||
server.Comments = Server.HtmlEncode(txtComments.Text);
|
||||
server.ServerName = txtName.Text;
|
||||
server.Comments = txtComments.Text;
|
||||
server.PrimaryGroupId = Utils.ParseInt(ddlPrimaryGroup.SelectedValue, 0);
|
||||
|
||||
// instant alias
|
||||
|
|
|
|||
|
|
@ -172,6 +172,7 @@
|
|||
<Compile Include="Code\Adapters\WebControlAdapterExtender.cs" />
|
||||
<Compile Include="Code\ContentPane.cs" />
|
||||
<Compile Include="Code\Controls\DesktopContextValidator.cs" />
|
||||
<Compile Include="Code\PortalAntiXSS.cs" />
|
||||
<Compile Include="Code\PortalUtils.cs" />
|
||||
<Compile Include="Code\SecureSessionModule.cs" />
|
||||
<Compile Include="Code\WebPortalControlBase.cs">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue