Code:
/ Dotnetfx_Win7_3.5.1 / Dotnetfx_Win7_3.5.1 / 3.5.1 / DEVDIV / depot / DevDiv / releases / whidbey / NetFXspW7 / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 1 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- PeerResolverMode.cs
- Aes.cs
- XmlUrlResolver.cs
- FacetValueContainer.cs
- RichTextBox.cs
- ListBase.cs
- Latin1Encoding.cs
- DatePickerTextBox.cs
- ForEachAction.cs
- ObjectListItem.cs
- UnauthorizedWebPart.cs
- DataServiceQuery.cs
- MDIClient.cs
- Metafile.cs
- PostBackOptions.cs
- DocumentViewerHelper.cs
- _CacheStreams.cs
- SQLDoubleStorage.cs
- TabletDevice.cs
- SQLInt32Storage.cs
- ProfileManager.cs
- OrderByQueryOptionExpression.cs
- InternalMappingException.cs
- LineServicesCallbacks.cs
- ErrorLog.cs
- AspNetSynchronizationContext.cs
- ProtocolsSection.cs
- AmbientLight.cs
- PingOptions.cs
- TextChangedEventArgs.cs
- DataGridViewButtonCell.cs
- RawKeyboardInputReport.cs
- Timer.cs
- RawKeyboardInputReport.cs
- ToolStripArrowRenderEventArgs.cs
- Part.cs
- RootCodeDomSerializer.cs
- ConfigurationSectionCollection.cs
- EdmToObjectNamespaceMap.cs
- IconEditor.cs
- UnmanagedMemoryStream.cs
- HttpInputStream.cs
- ResourceContainer.cs
- AtomMaterializerLog.cs
- CompilerGlobalScopeAttribute.cs
- TextCharacters.cs
- UidManager.cs
- LinqDataSourceValidationException.cs
- AppendHelper.cs
- SafeTimerHandle.cs
- WindowInteractionStateTracker.cs
- versioninfo.cs
- SimpleType.cs
- TransformedBitmap.cs
- SimpleTextLine.cs
- RegisteredDisposeScript.cs
- BuildProviderCollection.cs
- UnionCqlBlock.cs
- NegationPusher.cs
- RecommendedAsConfigurableAttribute.cs
- WindowsGraphics.cs
- FileCodeGroup.cs
- DispatcherTimer.cs
- HMACSHA256.cs
- WebBrowserBase.cs
- NativeRightsManagementAPIsStructures.cs
- XmlSchemaIdentityConstraint.cs
- PagedDataSource.cs
- ThumbAutomationPeer.cs
- PeerContact.cs
- DbUpdateCommandTree.cs
- MsmqAppDomainProtocolHandler.cs
- PowerStatus.cs
- UserThread.cs
- Calendar.cs
- ComPlusInstanceProvider.cs
- DesignerTransactionCloseEvent.cs
- ObjectAnimationUsingKeyFrames.cs
- ByteViewer.cs
- RelationshipEndMember.cs
- SoapSchemaMember.cs
- IPPacketInformation.cs
- ClockGroup.cs
- SystemSounds.cs
- BoundPropertyEntry.cs
- MessageDecoder.cs
- XslTransform.cs
- mediaclock.cs
- DigestTraceRecordHelper.cs
- SqlClientWrapperSmiStream.cs
- SafeLibraryHandle.cs
- XslAst.cs
- KnownIds.cs
- CellTreeNodeVisitors.cs
- PolygonHotSpot.cs
- ObjectKeyFrameCollection.cs
- ContentPresenter.cs
- ImageListDesigner.cs
- ToolBarButtonDesigner.cs
- DefaultParameterValueAttribute.cs