Code:
/ FX-1434 / FX-1434 / 1.0 / untmp / whidbey / REDBITS / ndp / fx / src / xsp / System / Web / UI / WebParts / ImportCatalogPart.cs / 4 / ImportCatalogPart.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- namespace System.Web.UI.WebControls.WebParts { using System; using System.Collections; using System.ComponentModel; using System.Drawing; using System.Globalization; using System.IO; using System.Security; using System.Security.Permissions; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.Util; using System.Xml; ////// [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] public sealed class ImportCatalogPart : CatalogPart { private WebPart _availableWebPart; private string _importedPartDescription; private WebPartDescriptionCollection _availableWebPartDescriptions; private FileUpload _upload; private Button _uploadButton; private string _importErrorMessage; private const int baseIndex = 0; private const int importedPartDescriptionIndex = 1; private const int controlStateArrayLength = 2; private const string TitlePropertyName = "Title"; private const string DescriptionPropertyName = "Description"; private const string IconPropertyName = "CatalogIconImageUrl"; private const string ImportedWebPartID = "ImportedWebPart"; private static readonly WebPartDescriptionCollection DesignModeAvailableWebPart = new WebPartDescriptionCollection(new WebPartDescription[] { new WebPartDescription("webpart1", String.Format(CultureInfo.CurrentCulture, SR.GetString(SR.CatalogPart_SampleWebPartTitle), "1"), null, null)}); [WebCategory("Appearance")] [WebSysDefaultValue(SR.ImportCatalogPart_Browse)] [WebSysDescription(SR.ImportCatalogPart_BrowseHelpText)] public string BrowseHelpText { get { object o = ViewState["BrowseHelpText"]; return (o != null) ? (string)o : SR.GetString(SR.ImportCatalogPart_Browse); } set { ViewState["BrowseHelpText"] = value; } } [Browsable(false), EditorBrowsable(EditorBrowsableState.Never), Themeable(false)] public override string DefaultButton { get { return base.DefaultButton; } set { base.DefaultButton = value; } } [WebCategory("Appearance")] [WebSysDefaultValue(SR.ImportCatalogPart_ImportedPartLabel)] [WebSysDescription(SR.ImportCatalogPart_ImportedPartLabelText)] public string ImportedPartLabelText { get { object o = ViewState["ImportedPartLabelText"]; return (o != null) ? (string)o : SR.GetString(SR.ImportCatalogPart_ImportedPartLabel); } set { ViewState["ImportedPartLabelText"] = value; } } [WebCategory("Appearance")] [WebSysDefaultValue(SR.ImportCatalogPart_ImportedPartErrorLabel)] [WebSysDescription(SR.ImportCatalogPart_PartImportErrorLabelText)] public string PartImportErrorLabelText { get { object o = ViewState["PartImportErrorLabelText"]; return (o != null) ? (string)o : SR.GetString(SR.ImportCatalogPart_ImportedPartErrorLabel); } set { ViewState["PartImportErrorLabelText"] = value; } } [ WebSysDefaultValue(SR.ImportCatalogPart_PartTitle), ] public override string Title { get { string s = (string)ViewState["Title"]; return (s != null) ? s : SR.GetString(SR.ImportCatalogPart_PartTitle); } set { ViewState["Title"] = value; } } [WebCategory("Appearance")] [WebSysDefaultValue(SR.ImportCatalogPart_UploadButton)] [WebSysDescription(SR.ImportCatalogPart_UploadButtonText)] public string UploadButtonText { get { object o = ViewState["UploadButtonText"]; return (o != null) ? (string)o : SR.GetString(SR.ImportCatalogPart_UploadButton); } set { ViewState["UploadButtonText"] = value; } } [WebCategory("Appearance")] [WebSysDefaultValue(SR.ImportCatalogPart_Upload)] [WebSysDescription(SR.ImportCatalogPart_UploadHelpText)] public string UploadHelpText { get { object o = ViewState["UploadHelpText"]; return (o != null) ? (string)o : SR.GetString(SR.ImportCatalogPart_Upload); } set { ViewState["UploadHelpText"] = value; } } protected internal override void CreateChildControls() { Controls.Clear(); _upload = new FileUpload(); Controls.Add(_upload); _uploadButton = new Button(); _uploadButton.ID = "Upload"; _uploadButton.CommandName = "upload"; _uploadButton.Click += new EventHandler(OnUpload); Controls.Add(_uploadButton); if (!DesignMode && Page != null) { IScriptManager scriptManager = Page.ScriptManager; if (scriptManager != null) { scriptManager.RegisterPostBackControl(_uploadButton); } } } public override WebPartDescriptionCollection GetAvailableWebPartDescriptions() { if (DesignMode) { return DesignModeAvailableWebPart; } CreateAvailableWebPartDescriptions(); return _availableWebPartDescriptions; } private void CreateAvailableWebPartDescriptions() { if (_availableWebPartDescriptions != null) { return; } if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) { _availableWebPartDescriptions = new WebPartDescriptionCollection(); return; } // Run in minimal trust PermissionSet pset = new PermissionSet(PermissionState.None); // add in whatever perms are appropriate pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); pset.PermitOnly(); bool permitOnly = true; string title = null; string description = null; string icon = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { // Get the WebPart description from its saved XML description. using (StringReader sr = new StringReader(_importedPartDescription)) { using (XmlTextReader reader = new XmlTextReader(sr)) { if (reader != null) { reader.MoveToContent(); // Check if imported part is authorized // Get to the metadata reader.MoveToContent(); reader.ReadStartElement(WebPartManager.ExportRootElement); reader.ReadStartElement(WebPartManager.ExportPartElement); reader.ReadStartElement(WebPartManager.ExportMetaDataElement); // Get the type name string partTypeName = null; string userControlTypeName = null; while (reader.Name != WebPartManager.ExportTypeElement) { reader.Skip(); if (reader.EOF) { throw new EndOfStreamException(); } } if (reader.Name == WebPartManager.ExportTypeElement) { partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute); userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute); } // If we are in shared scope, we are importing a shared WebPart bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared); if (!String.IsNullOrEmpty(partTypeName)) { // Need medium trust to call BuildManager.GetType() PermissionSet mediumPset = new PermissionSet(PermissionState.None); mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; mediumPset.PermitOnly(); permitOnly = true; Type partType = WebPartUtil.DeserializeType(partTypeName, true); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; pset.PermitOnly(); permitOnly = true; // First check if the type is authorized if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } // If the type is not a webpart, create a generic Web Part if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) { // We only allow for Controls (VSWhidbey 428511) _importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl); return; } } else { // Check if the path is authorized if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } } while (!reader.EOF) { while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element && reader.Name == WebPartManager.ExportPropertyElement)) { reader.Read(); } if (reader.EOF) { break; } string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute); if (name == TitlePropertyName) { title = reader.ReadElementString(); } else if (name == DescriptionPropertyName) { description = reader.ReadElementString(); } else if (name == IconPropertyName) { string url = reader.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) { icon = url; } } else { reader.Read(); continue; } if (title != null && description != null && icon != null) { break; } reader.Read(); } } } if (String.IsNullOrEmpty(title)) { title = SR.GetString(SR.Part_Untitled); } _availableWebPartDescriptions = new WebPartDescriptionCollection( new WebPartDescription[] {new WebPartDescription(ImportedWebPartID, title, description, icon)}); } } catch (XmlException) { _importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat); return; } catch { _importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ? _importErrorMessage : SR.GetString(SR.WebPart_DefaultImportErrorMessage); return; } finally { if (permitOnly) { // revert if you're not just exiting the stack frame anyway CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } } public override WebPart GetWebPart(WebPartDescription description) { if (description == null) { throw new ArgumentNullException("description"); } WebPartDescriptionCollection webPartDescriptions = GetAvailableWebPartDescriptions(); if (!webPartDescriptions.Contains(description)) { throw new ArgumentException(SR.GetString(SR.CatalogPart_UnknownDescription), "description"); } if (_availableWebPart != null) { return _availableWebPart; } // Import the WebPart from its saved XML description. using (XmlTextReader reader = new XmlTextReader(new StringReader(_importedPartDescription))) { if (reader != null && WebPartManager != null) { _availableWebPart = WebPartManager.ImportWebPart(reader, out _importErrorMessage); } } // If import failed, clear the cached description if (_availableWebPart == null) { _importedPartDescription = null; _availableWebPartDescriptions = null; } return _availableWebPart; } ////// protected internal override void LoadControlState(object savedState) { if (savedState == null) { base.LoadControlState(null); } else { object[] myState = (object[])savedState; if (myState.Length != controlStateArrayLength) { throw new ArgumentException(SR.GetString(SR.Invalid_ControlState)); } base.LoadControlState(myState[baseIndex]); if (myState[importedPartDescriptionIndex] != null) { _importedPartDescription = (string)myState[importedPartDescriptionIndex]; // Calling this method to be sure to emit any import error message in time: // Otherwise, the descriptions will only be constructed (and the error messages // generated) when the list of imported parts is rendered, which happens after // the importcatalogpart itself is rendered. The error message being rendered // by the ICP, we have to call this now GetAvailableWebPartDescriptions(); } } } ///Loads the control state for those properties that should persist across postbacks /// even when EnableViewState=false. ////// Registers the ImportCatalogPart for control state. /// protected internal override void OnInit(EventArgs e) { base.OnInit(e); Page.RegisterRequiresControlState(this); } internal void OnUpload(object sender, EventArgs e) { string fileName = _upload.FileName; Stream contents = _upload.FileContent; if (!String.IsNullOrEmpty(fileName) && contents != null) { using (StreamReader sr = new StreamReader(contents, true)) { _importedPartDescription = sr.ReadToEnd(); // Clear cache _availableWebPart = null; _availableWebPartDescriptions = null; _importErrorMessage = null; if (String.IsNullOrEmpty(_importedPartDescription)) { _importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName); } else { GetAvailableWebPartDescriptions(); } } } else { _importErrorMessage = SR.GetString(SR.ImportCatalogPart_NoFileName); } } ////// protected internal override object SaveControlState() { object[] myState = new object[controlStateArrayLength]; myState[baseIndex] = base.SaveControlState(); myState[importedPartDescriptionIndex] = _importedPartDescription; for (int i=0; i < controlStateArrayLength; i++) { if (myState[i] != null) { return myState; } } // More performant to return null than an array of null values return null; } protected internal override void Render(HtmlTextWriter writer) { if (Page != null) { Page.VerifyRenderingInServerForm(this); } base.Render(writer); } protected internal override void RenderContents(HtmlTextWriter writer) { // HACK: Need this for child controls to be created at design-time when control is inside template EnsureChildControls(); CatalogZoneBase zone = Zone; if (zone != null && !zone.LabelStyle.IsEmpty) { zone.LabelStyle.AddAttributesToRender(writer, this); } writer.AddAttribute(HtmlTextWriterAttribute.For, _upload.ClientID); writer.RenderBeginTag(HtmlTextWriterTag.Label); writer.Write(BrowseHelpText); writer.RenderEndTag(); writer.WriteBreak(); if (zone != null && !zone.EditUIStyle.IsEmpty) { _upload.ApplyStyle(zone.EditUIStyle); } _upload.RenderControl(writer); writer.WriteBreak(); if (zone != null && !zone.LabelStyle.IsEmpty) { zone.LabelStyle.AddAttributesToRender(writer, this); } writer.RenderBeginTag(HtmlTextWriterTag.Span); writer.Write(UploadHelpText); writer.RenderEndTag(); writer.WriteBreak(); if (zone != null && !zone.EditUIStyle.IsEmpty) { _uploadButton.ApplyStyle(zone.EditUIStyle); } _uploadButton.Text = UploadButtonText; _uploadButton.RenderControl(writer); if (_importedPartDescription != null || _importErrorMessage != null || DesignMode) { writer.WriteBreak(); if (_importErrorMessage != null) { if (zone != null && !zone.ErrorStyle.IsEmpty) { zone.ErrorStyle.AddAttributesToRender(writer, this); } writer.RenderBeginTag(HtmlTextWriterTag.Span); writer.Write(PartImportErrorLabelText); writer.RenderEndTag(); writer.RenderBeginTag(HtmlTextWriterTag.Hr); writer.RenderEndTag(); if (zone != null && !zone.ErrorStyle.IsEmpty) { zone.ErrorStyle.AddAttributesToRender(writer, this); } writer.RenderBeginTag(HtmlTextWriterTag.Span); // We encode the error message because it is user-provided via the import file. writer.WriteEncodedText(_importErrorMessage); writer.RenderEndTag(); } else { if (zone != null && !zone.LabelStyle.IsEmpty) { zone.LabelStyle.AddAttributesToRender(writer, this); } writer.RenderBeginTag(HtmlTextWriterTag.Span); writer.Write(ImportedPartLabelText); writer.RenderEndTag(); writer.RenderBeginTag(HtmlTextWriterTag.Hr); writer.RenderEndTag(); } } } } }Saves the control state for those properties that should persist across postbacks /// even when EnableViewState=false. ///
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- IISUnsafeMethods.cs
- HttpClientChannel.cs
- DeclarativeCatalogPart.cs
- AncillaryOps.cs
- WebPartZoneBase.cs
- DataGridViewDataErrorEventArgs.cs
- FileIOPermission.cs
- TextLineResult.cs
- WebControlsSection.cs
- EntityDataSourceState.cs
- ActivityTypeResolver.xaml.cs
- SoapCodeExporter.cs
- MdImport.cs
- GridViewCancelEditEventArgs.cs
- BoolExpressionVisitors.cs
- Aggregates.cs
- WebPartDisplayModeEventArgs.cs
- PanelDesigner.cs
- OrCondition.cs
- WebColorConverter.cs
- CounterCreationDataCollection.cs
- UrlMappingCollection.cs
- Aggregates.cs
- HeaderedContentControl.cs
- SeekStoryboard.cs
- DelayedRegex.cs
- XmlSchemaException.cs
- DesignerActionPanel.cs
- TypeSource.cs
- ColumnResizeUndoUnit.cs
- DocumentPage.cs
- WSHttpBindingBase.cs
- XmlReaderSettings.cs
- WindowsListViewScroll.cs
- GenericTextProperties.cs
- PrimarySelectionGlyph.cs
- PrintSchema.cs
- Win32MouseDevice.cs
- TemplateParser.cs
- ApplicationDirectory.cs
- CqlWriter.cs
- Region.cs
- ComboBoxRenderer.cs
- EngineSiteSapi.cs
- SchemaImporterExtensionsSection.cs
- AdPostCacheSubstitution.cs
- _Events.cs
- precedingquery.cs
- KeyNotFoundException.cs
- WindowsAuthenticationEventArgs.cs
- Configuration.cs
- ToolbarAUtomationPeer.cs
- BuildProvider.cs
- AttachedPropertyMethodSelector.cs
- DataGrid.cs
- WebContentFormatHelper.cs
- AQNBuilder.cs
- IncomingWebResponseContext.cs
- ProxyWebPartManagerDesigner.cs
- UnicastIPAddressInformationCollection.cs
- CodeIndexerExpression.cs
- ETagAttribute.cs
- StorageAssociationSetMapping.cs
- XmlSchemaChoice.cs
- OleAutBinder.cs
- IdentityValidationException.cs
- CoTaskMemUnicodeSafeHandle.cs
- DeleteStoreRequest.cs
- NamespaceQuery.cs
- SafeRightsManagementSessionHandle.cs
- CompiledRegexRunnerFactory.cs
- SoapMessage.cs
- ImageIndexConverter.cs
- IdentitySection.cs
- WizardStepBase.cs
- StylusCollection.cs
- UrlMappingCollection.cs
- QueryCacheEntry.cs
- RSAPKCS1SignatureFormatter.cs
- CompilationSection.cs
- CacheVirtualItemsEvent.cs
- EditorPart.cs
- Domain.cs
- OperationContextScope.cs
- DbgCompiler.cs
- PropertyMap.cs
- AttributeXamlType.cs
- TimerTable.cs
- XmlNamespaceDeclarationsAttribute.cs
- DigitShape.cs
- TextBoxView.cs
- SystemIPv6InterfaceProperties.cs
- Pts.cs
- RSACryptoServiceProvider.cs
- XMLSyntaxException.cs
- PackWebRequestFactory.cs
- Underline.cs
- GridItemPattern.cs
- EventSinkHelperWriter.cs
- PropertyGrid.cs