糖果代码库GitCandy

发布20200115 
v3.1.2020.0115   X组件内部目录统一使用BasePath,支持命令行参数与环境变量,便于函数计算
大石头 编写于 2020-01-15 01:22:07
4.00 KiB
提交记录 原文件
NewLife.Cube
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Script.Serialization;
using System.Xml.Serialization;
using NewLife.Collections;
using NewLife.Web;

namespace NewLife.Cube
{
    /// <summary>页面助手</summary>
    public static class PagerHelper
    {
        #region 名称
        /// <summary>名称类。用户可根据需要修改Url参数名</summary>
        public class __
        {
            /// <summary>排序字段</summary>
            public String Sort = "Sort";

            /// <summary>是否降序</summary>
            public String Desc = "Desc";

            /// <summary>页面索引</summary>
            public String PageIndex = "PageIndex";

            /// <summary>页面大小</summary>
            public String PageSize = "PageSize";
        }

        /// <summary>名称类。用户可根据需要修改Url参数名</summary>
        [XmlIgnore, ScriptIgnore]
        public static __ _ = new __();
        #endregion

        /// <summary>获取表单提交的Url</summary>
        /// <param name="pager">页面</param>
        /// <param name="action">动作</param>
        /// <returns></returns>
        public static String GetFormAction(this Pager pager, String action = null)
        {
            var req = HttpContext.Current?.Request;
            if (req == null) return action;

            // 表单提交,不需要排序、分页,不需要表单提交上来的数据,只要请求字符串过来的数据
#if __CORE__
            var query = req.Query;
            var forms = new HashSet<String>();
            if (req.HasFormContentType)
            {
                forms = new HashSet<String>(req.Form.Select(s => s.Key), StringComparer.OrdinalIgnoreCase);
            }
            var excludes = new HashSet<String>(new[] { "Sort", "Desc", "PageIndex", "PageSize" }, StringComparer.OrdinalIgnoreCase);

            var url = Pool.StringBuilder.Get();
            foreach (var item in query.Select(s => s.Key))
            {
                // 只要查询字符串,不要表单
                if (forms.Contains(item)) continue;

                // 排除掉排序和分页
                if (excludes.Contains(item)) continue;

                // 内容为空也不要
                var v = query[item];
                if (v.Count < 1) continue;

                url.UrlParam(item, v);
            }
#else
            var query = req.QueryString;

            var forms = new HashSet<String>(req.Form.AllKeys, StringComparer.OrdinalIgnoreCase);
            var excludes = new HashSet<String>(new[] { _.Sort, _.Desc, _.PageIndex, _.PageSize }, StringComparer.OrdinalIgnoreCase);

            var url = Pool.StringBuilder.Get();
            foreach (var item in query.AllKeys)
            {
                // 只要查询字符串,不要表单
                if (forms.Contains(item)) continue;

                // 排除掉排序和分页
                if (excludes.Contains(item)) continue;

                // 内容为空也不要
                var v = HttpUtility.UrlEncode(query[item]);
                if (v.IsNullOrEmpty()) continue;

                var key = HttpUtility.UrlEncode(item);
                url.UrlParam(key, v);
            }
#endif


            if (url.Length == 0) return action;
            if (action != null && !action.Contains('?')) action += '?';

            return action + url.Put(true);
        }

        /// <summary>过滤特殊字符,避免注入</summary>
        /// <param name="dic"></param>
        /// <returns></returns>
        public static Dictionary<String, String> FilterSpecialChar(IDictionary<String, String> dic)
        {
            // 过滤部分特殊字符避免XSS
            var ndic = new Dictionary<String, String>();

            foreach (var kv in dic)
            {
                var value = HttpUtility.UrlEncode(kv.Value);
                var key = HttpUtility.UrlEncode(kv.Key); ;

                ndic.Add(key, value);
            }

            return ndic;
        }
    }
}
Chinese (China) - 中文(简体)(中国)

© 2002-2024 新生命开发团队