Code:
/ Dotnetfx_Vista_SP2 / Dotnetfx_Vista_SP2 / 8.0.50727.4016 / DEVDIV / depot / DevDiv / releases / whidbey / NetFxQFE / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 1 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- Vector3DIndependentAnimationStorage.cs
- WbemException.cs
- Hyperlink.cs
- ToolStripItemClickedEventArgs.cs
- InteropEnvironment.cs
- DrawingContextWalker.cs
- ILGenerator.cs
- TransactionsSectionGroup.cs
- CompilerError.cs
- ToolStripItemCollection.cs
- UIPropertyMetadata.cs
- DesignerExtenders.cs
- EmptyCollection.cs
- EventLogPermission.cs
- TrustLevel.cs
- FrameworkContentElement.cs
- XmlSchemaSimpleContentRestriction.cs
- OverrideMode.cs
- OperatorExpressions.cs
- ToolStripItemRenderEventArgs.cs
- BaseAsyncResult.cs
- StylusOverProperty.cs
- X500Name.cs
- RegexTree.cs
- BindingOperations.cs
- WindowsFormsLinkLabel.cs
- DrawingImage.cs
- UnionCqlBlock.cs
- MediaScriptCommandRoutedEventArgs.cs
- WebPartTracker.cs
- DriveInfo.cs
- UnitySerializationHolder.cs
- CharacterShapingProperties.cs
- Utils.cs
- TransformerTypeCollection.cs
- ItemTypeToolStripMenuItem.cs
- LinkConverter.cs
- FontEmbeddingManager.cs
- HandleCollector.cs
- ProviderConnectionPointCollection.cs
- BitmapMetadataBlob.cs
- Math.cs
- SymbolUsageManager.cs
- HttpWriter.cs
- Mutex.cs
- ThicknessAnimation.cs
- ToolStripPanelRenderEventArgs.cs
- RSAPKCS1SignatureDeformatter.cs
- ListViewTableCell.cs
- RegexWriter.cs
- TextSimpleMarkerProperties.cs
- VisualBrush.cs
- ISAPIWorkerRequest.cs
- DashStyle.cs
- ThicknessAnimationUsingKeyFrames.cs
- SchemeSettingElement.cs
- SqlFunctionAttribute.cs
- EncoderParameter.cs
- HasCopySemanticsAttribute.cs
- StoryFragments.cs
- WebPartTransformerAttribute.cs
- processwaithandle.cs
- WindowsButton.cs
- ActivityPreviewDesigner.cs
- InteropAutomationProvider.cs
- DataGridTextBox.cs
- PlatformCulture.cs
- StringUtil.cs
- MetadataItem_Static.cs
- SqlDelegatedTransaction.cs
- CrossContextChannel.cs
- CallbackValidatorAttribute.cs
- FontClient.cs
- Visual.cs
- SingleStorage.cs
- Menu.cs
- Rfc4050KeyFormatter.cs
- RelatedEnd.cs
- SchemaImporterExtension.cs
- WebPartsPersonalization.cs
- PromptEventArgs.cs
- WebRequestModuleElementCollection.cs
- ADMembershipProvider.cs
- AnimationClock.cs
- Parsers.cs
- DbConnectionHelper.cs
- DataSysAttribute.cs
- AuthenticateEventArgs.cs
- SerializationEventsCache.cs
- XmlText.cs
- BulletedListEventArgs.cs
- TextViewBase.cs
- safemediahandle.cs
- SAPICategories.cs
- ZoneButton.cs
- FileLoadException.cs
- BuildResult.cs
- FieldInfo.cs
- CachedTypeface.cs
- ToolStripRenderer.cs