Code:
/ Net / Net / 3.5.50727.3053 / DEVDIV / depot / DevDiv / releases / whidbey / netfxsp / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 7 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- UIElementCollection.cs
- CellLabel.cs
- LazyInitializer.cs
- WebPartTransformer.cs
- ListViewPagedDataSource.cs
- Grammar.cs
- EventSetterHandlerConverter.cs
- ItemAutomationPeer.cs
- DesignerDataSourceView.cs
- Pool.cs
- DesignTimeParseData.cs
- DBSchemaTable.cs
- HttpServerProtocol.cs
- Char.cs
- UrlEncodedParameterWriter.cs
- ErrorEventArgs.cs
- MouseEventArgs.cs
- StateDesigner.LayoutSelectionGlyph.cs
- ServiceObjectContainer.cs
- DecoratedNameAttribute.cs
- StreamResourceInfo.cs
- DataServiceQueryProvider.cs
- ConstrainedDataObject.cs
- BuildProvider.cs
- validationstate.cs
- SpeechUI.cs
- PersonalizationState.cs
- AsyncOperation.cs
- ProcessModuleCollection.cs
- FormCollection.cs
- GeneratedCodeAttribute.cs
- HttpContext.cs
- RectangleF.cs
- DynamicMethod.cs
- ThemeDictionaryExtension.cs
- httpstaticobjectscollection.cs
- XmlLangPropertyAttribute.cs
- CodeDirectiveCollection.cs
- SplashScreenNativeMethods.cs
- DtrList.cs
- ToolStripRendererSwitcher.cs
- SafeRegistryHandle.cs
- SafeNativeMethodsOther.cs
- SecurityKeyType.cs
- SignerInfo.cs
- BitFlagsGenerator.cs
- FieldAccessException.cs
- AnnotationService.cs
- TextRange.cs
- HMACSHA1.cs
- ItemsChangedEventArgs.cs
- EntitySetRetriever.cs
- _ContextAwareResult.cs
- CryptoConfig.cs
- PropertyGridCommands.cs
- DeviceContexts.cs
- ApplicationSecurityInfo.cs
- ParallelEnumerableWrapper.cs
- LaxModeSecurityHeaderElementInferenceEngine.cs
- AssemblyBuilder.cs
- EnumerableCollectionView.cs
- COM2PropertyPageUITypeConverter.cs
- CollectionsUtil.cs
- SubstitutionList.cs
- SQLByteStorage.cs
- FontStretchConverter.cs
- SafeSystemMetrics.cs
- TreeViewImageIndexConverter.cs
- EventManager.cs
- SecureUICommand.cs
- ToolStripControlHost.cs
- PageSettings.cs
- TypeSystem.cs
- StateDesignerConnector.cs
- SchemaComplexType.cs
- TemplateAction.cs
- IdentitySection.cs
- AxHost.cs
- AppSettingsExpressionEditor.cs
- compensatingcollection.cs
- SecurityDescriptor.cs
- InputBindingCollection.cs
- RegisteredExpandoAttribute.cs
- TimeEnumHelper.cs
- BuildProviderAppliesToAttribute.cs
- TextTreeTextBlock.cs
- FlatButtonAppearance.cs
- JoinElimination.cs
- SqlDataSourceWizardForm.cs
- AttributeAction.cs
- NullableIntSumAggregationOperator.cs
- ClientOptions.cs
- XmlSerializableReader.cs
- IssuedTokenClientElement.cs
- NamespaceExpr.cs
- WebPartVerbsEventArgs.cs
- DataBoundLiteralControl.cs
- CodeGotoStatement.cs
- OdbcCommandBuilder.cs
- BinarySerializer.cs