Code:
/ FXUpdate3074 / FXUpdate3074 / 1.1 / DEVDIV / depot / DevDiv / releases / whidbey / QFE / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 3 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- FileDetails.cs
- SqlProfileProvider.cs
- Context.cs
- RadioButtonAutomationPeer.cs
- CompositeFontParser.cs
- COM2ComponentEditor.cs
- PrintController.cs
- ImmutableObjectAttribute.cs
- mediapermission.cs
- XamlSerializer.cs
- Task.cs
- IconConverter.cs
- documentsequencetextcontainer.cs
- Rule.cs
- HttpCachePolicy.cs
- Win32NamedPipes.cs
- MaterialGroup.cs
- DrawingBrush.cs
- HierarchicalDataBoundControl.cs
- StructuredTypeEmitter.cs
- TextRunCache.cs
- UnmanagedMemoryStreamWrapper.cs
- LeafCellTreeNode.cs
- StrokeCollectionDefaultValueFactory.cs
- FontFaceLayoutInfo.cs
- GeneralTransform2DTo3D.cs
- ErrorWrapper.cs
- LifetimeServices.cs
- MasterPage.cs
- GenericEnumConverter.cs
- ProtocolException.cs
- DataPagerField.cs
- WsrmFault.cs
- IdentityReference.cs
- TimeSpanValidator.cs
- TempFiles.cs
- ViewManagerAttribute.cs
- Size3D.cs
- XmlToDatasetMap.cs
- Rules.cs
- FixUp.cs
- DrawingGroup.cs
- WorkflowOperationContext.cs
- ConfigurationManagerInternalFactory.cs
- AdapterDictionary.cs
- ProviderCommandInfoUtils.cs
- WebPartAddingEventArgs.cs
- NetPipeSection.cs
- XmlCharType.cs
- WCFServiceClientProxyGenerator.cs
- FolderNameEditor.cs
- ScopelessEnumAttribute.cs
- RowToFieldTransformer.cs
- XmlSchemaComplexContentRestriction.cs
- AccessibilityApplicationManager.cs
- AudioDeviceOut.cs
- GeometryGroup.cs
- CompiledQuery.cs
- SoapObjectInfo.cs
- AuthenticatedStream.cs
- XhtmlBasicTextBoxAdapter.cs
- XAMLParseException.cs
- autovalidator.cs
- GPPOINT.cs
- StylusPointPropertyInfoDefaults.cs
- RenderingEventArgs.cs
- WebPartEditorApplyVerb.cs
- unitconverter.cs
- DefaultSettingsSection.cs
- OAVariantLib.cs
- SafeCryptoHandles.cs
- FlowPosition.cs
- DataKeyCollection.cs
- AttachedAnnotation.cs
- CodeVariableReferenceExpression.cs
- ToolStripDropDownButton.cs
- Pool.cs
- returneventsaver.cs
- PersonalizationProviderHelper.cs
- DataGridPageChangedEventArgs.cs
- DataGridViewColumnCollectionEditor.cs
- SystemResourceHost.cs
- SectionRecord.cs
- NativeWindow.cs
- BufferedReadStream.cs
- InputBuffer.cs
- TypeSystemHelpers.cs
- EntityTypeEmitter.cs
- MissingManifestResourceException.cs
- MemoryMappedViewAccessor.cs
- DesignerView.Commands.cs
- BinaryFormatterWriter.cs
- WindowsFormsDesignerOptionService.cs
- ScrollBarRenderer.cs
- XPathExpr.cs
- DBSqlParserTable.cs
- WriteTimeStream.cs
- WebAdminConfigurationHelper.cs
- HttpListenerResponse.cs
- CollectionChangeEventArgs.cs