Code:
/ Net / Net / 3.5.50727.3053 / DEVDIV / depot / DevDiv / releases / whidbey / netfxsp / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 7 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ConstNode.cs
- SapiRecognizer.cs
- TextRangeEditLists.cs
- ExeContext.cs
- ApplicationId.cs
- MsmqHostedTransportConfiguration.cs
- HandleRef.cs
- InputMethodStateChangeEventArgs.cs
- DataBindingList.cs
- AttributeData.cs
- SplineKeyFrames.cs
- ConstraintManager.cs
- CompoundFileStorageReference.cs
- Utilities.cs
- FileSystemWatcher.cs
- VirtualizingPanel.cs
- GridSplitterAutomationPeer.cs
- XmlExpressionDumper.cs
- ContractReference.cs
- WorkflowInlining.cs
- GeneralTransform3DGroup.cs
- VScrollProperties.cs
- ExpressionConverter.cs
- BrushValueSerializer.cs
- Renderer.cs
- OleStrCAMarshaler.cs
- HybridObjectCache.cs
- InfoCardTraceRecord.cs
- ActiveXContainer.cs
- CodeIdentifiers.cs
- InputManager.cs
- XmlnsPrefixAttribute.cs
- StringReader.cs
- GlyphElement.cs
- DataShape.cs
- WindowsStreamSecurityBindingElement.cs
- KeyValuePairs.cs
- LinkGrep.cs
- ElementHost.cs
- DataGridViewComboBoxColumn.cs
- ControlType.cs
- DataKeyCollection.cs
- WhiteSpaceTrimStringConverter.cs
- Ticks.cs
- XPathAxisIterator.cs
- Cursors.cs
- NotFiniteNumberException.cs
- StringValidatorAttribute.cs
- EntityClassGenerator.cs
- FixedTextContainer.cs
- StorageScalarPropertyMapping.cs
- CodeDirectiveCollection.cs
- FontResourceCache.cs
- FormsIdentity.cs
- KeyValueInternalCollection.cs
- SqlUdtInfo.cs
- DynamicVirtualDiscoSearcher.cs
- WindowsEditBoxRange.cs
- XmlMapping.cs
- NetworkInformationPermission.cs
- ContainerSelectorBehavior.cs
- CommonBehaviorsSection.cs
- RequestCache.cs
- TextTabProperties.cs
- PolyQuadraticBezierSegment.cs
- FormClosingEvent.cs
- SourceItem.cs
- TraceRecord.cs
- DataGridToolTip.cs
- SqlTypesSchemaImporter.cs
- EpmCustomContentDeSerializer.cs
- ListBoxItemAutomationPeer.cs
- SaveCardRequest.cs
- EditorAttribute.cs
- GZipDecoder.cs
- Exception.cs
- ToolStripProgressBar.cs
- DatagridviewDisplayedBandsData.cs
- XmlCodeExporter.cs
- PropertyTabAttribute.cs
- CacheOutputQuery.cs
- RestClientProxyHandler.cs
- SqlClientPermission.cs
- WebPartConnection.cs
- HtmlWindow.cs
- HttpCacheVary.cs
- WebPartDisplayModeCollection.cs
- SchemaElementDecl.cs
- OdbcParameter.cs
- ExpressionBuilder.cs
- Context.cs
- ButtonAutomationPeer.cs
- LinqDataSourceValidationException.cs
- AsmxEndpointPickerExtension.cs
- Function.cs
- AnnotationResourceCollection.cs
- HttpRawResponse.cs
- UnsafeNativeMethodsPenimc.cs
- MethodBuilder.cs
- Win32MouseDevice.cs