Code:
/ FXUpdate3074 / FXUpdate3074 / 1.1 / DEVDIV / depot / DevDiv / releases / whidbey / QFE / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 3 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TableCellCollection.cs
- DelegatingTypeDescriptionProvider.cs
- SqlDataSourceCommandEventArgs.cs
- ResizeGrip.cs
- TreeView.cs
- DrawingAttributes.cs
- ClusterSafeNativeMethods.cs
- AvTraceDetails.cs
- ViewStateModeByIdAttribute.cs
- EncryptedHeaderXml.cs
- StylusDevice.cs
- DecoratedNameAttribute.cs
- MyContact.cs
- SpnEndpointIdentityExtension.cs
- DataGridColumnHeaderAutomationPeer.cs
- VirtualizingPanel.cs
- DataGridViewCellValueEventArgs.cs
- RangeBase.cs
- TypeHelpers.cs
- BuildProvidersCompiler.cs
- MarshalDirectiveException.cs
- ResourcePart.cs
- SelectedGridItemChangedEvent.cs
- SyndicationDeserializer.cs
- WebPartEditorOkVerb.cs
- Rijndael.cs
- _NativeSSPI.cs
- ImageBrush.cs
- DataBinding.cs
- ConfigurationCollectionAttribute.cs
- RectValueSerializer.cs
- PageTheme.cs
- AutomationPatternInfo.cs
- recordstatefactory.cs
- RelationshipConverter.cs
- ListMarkerLine.cs
- DataGridViewLayoutData.cs
- _SslState.cs
- ListMarkerLine.cs
- RsaSecurityTokenParameters.cs
- CachedPathData.cs
- InvalidComObjectException.cs
- RowUpdatingEventArgs.cs
- PlainXmlDeserializer.cs
- CommonRemoteMemoryBlock.cs
- ConfigXmlSignificantWhitespace.cs
- SmtpDigestAuthenticationModule.cs
- CodeCommentStatementCollection.cs
- GetPageNumberCompletedEventArgs.cs
- HandlerFactoryCache.cs
- GlyphRun.cs
- AgileSafeNativeMemoryHandle.cs
- SmtpNtlmAuthenticationModule.cs
- VirtualDirectoryMapping.cs
- PointF.cs
- IisTraceListener.cs
- DBBindings.cs
- Errors.cs
- KeyValueSerializer.cs
- MbpInfo.cs
- Composition.cs
- XPathPatternParser.cs
- CanonicalFontFamilyReference.cs
- SwitchAttribute.cs
- SafeSystemMetrics.cs
- ProxyGenerationError.cs
- PageBuildProvider.cs
- EventEntry.cs
- Pkcs7Recipient.cs
- Symbol.cs
- RadioButtonBaseAdapter.cs
- FrameworkRichTextComposition.cs
- ToolStripLocationCancelEventArgs.cs
- UTF8Encoding.cs
- Soap12ProtocolImporter.cs
- RepeaterCommandEventArgs.cs
- StorageFunctionMapping.cs
- EmbeddedObject.cs
- PageClientProxyGenerator.cs
- ItemList.cs
- FontWeightConverter.cs
- UshortList2.cs
- FileLogRecordHeader.cs
- HttpRequest.cs
- DataGridAddNewRow.cs
- DefaultValueTypeConverter.cs
- ConnectionPointCookie.cs
- WindowsListViewGroupHelper.cs
- WebPartEditorCancelVerb.cs
- ExternalException.cs
- ModelTreeManager.cs
- BitmapEffectRenderDataResource.cs
- HttpCacheParams.cs
- WorkerRequest.cs
- DatatypeImplementation.cs
- ListCardsInFileRequest.cs
- TableAdapterManagerHelper.cs
- GC.cs
- DbConnectionPoolGroupProviderInfo.cs
- SecurityState.cs