Code:
/ Dotnetfx_Vista_SP2 / Dotnetfx_Vista_SP2 / 8.0.50727.4016 / DEVDIV / depot / DevDiv / releases / whidbey / NetFxQFE / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 1 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlDocumentType.cs
- HostingEnvironment.cs
- DataServiceRequestOfT.cs
- EncodingNLS.cs
- odbcmetadatacollectionnames.cs
- LinearGradientBrush.cs
- TemplatedWizardStep.cs
- DescriptionAttribute.cs
- DoWorkEventArgs.cs
- BasicHttpSecurityElement.cs
- OptimalTextSource.cs
- listitem.cs
- FixedTextView.cs
- WebPartDisplayModeCollection.cs
- EventNotify.cs
- DateTimeOffset.cs
- mediaeventargs.cs
- ActivityMarkupSerializer.cs
- SqlConnectionPoolGroupProviderInfo.cs
- OleDbTransaction.cs
- EditingCommands.cs
- HtmlEncodedRawTextWriter.cs
- DataGridViewCheckBoxColumn.cs
- MimeTypeAttribute.cs
- __Error.cs
- ObjectAnimationBase.cs
- AssemblyLoader.cs
- PeerNameRecord.cs
- Interfaces.cs
- UnaryNode.cs
- PatternMatchRules.cs
- SqlPersonalizationProvider.cs
- HttpListenerRequest.cs
- TrustManagerMoreInformation.cs
- Qualifier.cs
- SelfIssuedAuthRSAPKCS1SignatureFormatter.cs
- QilUnary.cs
- mediapermission.cs
- DesignerView.Commands.cs
- ContractInferenceHelper.cs
- InterleavedZipPartStream.cs
- ConfigurationManagerInternalFactory.cs
- DataGridViewCell.cs
- XmlAnyElementAttribute.cs
- CardSpaceSelector.cs
- _LoggingObject.cs
- WsatServiceAddress.cs
- CfgParser.cs
- UnsafeNativeMethodsTablet.cs
- WebServiceData.cs
- ComplusTypeValidator.cs
- HtmlLabelAdapter.cs
- SchemaNamespaceManager.cs
- XamlFilter.cs
- MDIWindowDialog.cs
- HashMembershipCondition.cs
- SqlServices.cs
- ToolStripSystemRenderer.cs
- RelationshipNavigation.cs
- basevalidator.cs
- ProvideValueServiceProvider.cs
- SystemException.cs
- PenContexts.cs
- SpellerStatusTable.cs
- CachingHintValidation.cs
- DataProtectionSecurityStateEncoder.cs
- IisHelper.cs
- SignatureToken.cs
- EntityClassGenerator.cs
- XamlRtfConverter.cs
- DataObjectMethodAttribute.cs
- SqlCacheDependencyDatabaseCollection.cs
- PeerSecurityManager.cs
- KernelTypeValidation.cs
- SqlDeflator.cs
- DataTableNewRowEvent.cs
- XmlSchemaAnnotation.cs
- Calendar.cs
- ACL.cs
- ColumnMap.cs
- MaskInputRejectedEventArgs.cs
- ReceiveCompletedEventArgs.cs
- XmlComplianceUtil.cs
- InputScopeConverter.cs
- Comparer.cs
- OpenFileDialog.cs
- StylusPointPropertyInfo.cs
- TraceSource.cs
- SqlRowUpdatingEvent.cs
- DesignTimeTemplateParser.cs
- FixedElement.cs
- SafeNativeMethodsCLR.cs
- ImageAttributes.cs
- ListBox.cs
- ByteStreamGeometryContext.cs
- ScriptReference.cs
- XmlSubtreeReader.cs
- OutputCacheSection.cs
- WorkflowMarkupSerializationManager.cs
- ParserHooks.cs