Code:
/ Net / Net / 3.5.50727.3053 / DEVDIV / depot / DevDiv / releases / whidbey / netfxsp / ndp / fx / src / xsp / System / Web / HttpResponseHeader.cs / 7 / HttpResponseHeader.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * Single http header representation * * Copyright (c) 1998 Microsoft Corporation */ namespace System.Web { using System.Collections; using System.Text; /* * Response header (either known or unknown) */ internal class HttpResponseHeader { private String _unknownHeader; private int _knownHeaderIndex; private String _value; private static readonly string[] EncodingTable = new string[] { "%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f" }; internal HttpResponseHeader(int knownHeaderIndex, String value) { _unknownHeader = null; _knownHeaderIndex = knownHeaderIndex; // encode header value if if(HttpRuntime.EnableHeaderChecking) { _value = MaybeEncodeHeader(value); } else { _value = value; } } internal HttpResponseHeader(String unknownHeader, String value) { if(HttpRuntime.EnableHeaderChecking) { _unknownHeader = MaybeEncodeHeader(unknownHeader); _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = MaybeEncodeHeader(value); } else { _unknownHeader = unknownHeader; _knownHeaderIndex = HttpWorkerRequest.GetKnownResponseHeaderIndex(_unknownHeader); _value = value; } } internal virtual String Name { get { if (_unknownHeader != null) return _unknownHeader; else return HttpWorkerRequest.GetKnownResponseHeaderName(_knownHeaderIndex); } } internal String Value { get { return _value;} } internal void Send(HttpWorkerRequest wr) { if (_knownHeaderIndex >= 0) wr.SendKnownResponseHeader(_knownHeaderIndex, _value); else wr.SendUnknownResponseHeader(_unknownHeader, _value); } // Encode the header if it contains a CRLF pair // VSWhidbey 257154 internal static string MaybeEncodeHeader(string value) { string sanitizedHeader = value; if (NeedsEncoding(value)) { // DevDiv Bugs 146028 // Denial Of Service scenarios involving // control characters are possible. // We are encoding the following characters: // - All CTL characters except HT (horizontal tab) // - DEL character (\x7f) StringBuilder sb = new StringBuilder(); foreach (char c in value) { if (c < 32 && c != 9) { sb.Append(EncodingTable[c]); } else if (c == 127) { sb.Append("%7f"); } else { sb.Append(c); } } sanitizedHeader = sb.ToString(); } return sanitizedHeader; } // Returns true if the string contains a control character (other than horizontal tab) or the DEL character. internal static bool NeedsEncoding(string value) { foreach (char c in value) { if ((c < 32 && c != 9) || (c == 127)) { return true; } } return false; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XsdDuration.cs
- CodeSubDirectory.cs
- GeometryHitTestParameters.cs
- MultitargetUtil.cs
- CommonDialog.cs
- UInt64Storage.cs
- basenumberconverter.cs
- TTSEngineProxy.cs
- PathTooLongException.cs
- TextEvent.cs
- CreateRefExpr.cs
- PathStreamGeometryContext.cs
- PropertyValueChangedEvent.cs
- COM2DataTypeToManagedDataTypeConverter.cs
- SchemaMerger.cs
- SqlInternalConnection.cs
- ObjectDataSourceFilteringEventArgs.cs
- VariableDesigner.xaml.cs
- XmlAnyElementAttribute.cs
- HMACSHA1.cs
- TextTreeRootTextBlock.cs
- DefaultConfirmation.cs
- Attributes.cs
- __TransparentProxy.cs
- DoubleAnimationClockResource.cs
- X509Extension.cs
- PrintingPermission.cs
- DebugView.cs
- ValueQuery.cs
- ExchangeUtilities.cs
- ListViewGroupConverter.cs
- PathFigureCollection.cs
- TreeNodeStyleCollection.cs
- PinnedBufferMemoryStream.cs
- SecurityResources.cs
- ConnectionsZone.cs
- WindowsTab.cs
- BaseDataList.cs
- XamlRtfConverter.cs
- hebrewshape.cs
- ToolStripDropDownItemDesigner.cs
- recordstatescratchpad.cs
- ToolStripContextMenu.cs
- PropertyPathConverter.cs
- ApplicationTrust.cs
- ReadOnlyDictionary.cs
- GridViewDeleteEventArgs.cs
- Matrix3DStack.cs
- DataGridViewElement.cs
- XmlILConstructAnalyzer.cs
- shaperfactoryquerycachekey.cs
- ThreadPool.cs
- CreationContext.cs
- DataGridViewAutoSizeColumnsModeEventArgs.cs
- BindingNavigator.cs
- PackageProperties.cs
- ParameterElementCollection.cs
- AnimatedTypeHelpers.cs
- HiddenFieldPageStatePersister.cs
- FigureParagraph.cs
- CodeAccessPermission.cs
- VisualBrush.cs
- IndexingContentUnit.cs
- GreenMethods.cs
- ParameterReplacerVisitor.cs
- DefaultAsyncDataDispatcher.cs
- IfAction.cs
- CatalogPartCollection.cs
- Stackframe.cs
- ComPersistableTypeElement.cs
- StreamAsIStream.cs
- Win32Native.cs
- CannotUnloadAppDomainException.cs
- QilInvokeLateBound.cs
- PropertyGrid.cs
- CssClassPropertyAttribute.cs
- DataGridViewColumnDesigner.cs
- OdbcPermission.cs
- ConsumerConnectionPoint.cs
- WsatTransactionFormatter.cs
- PointCollection.cs
- PlaceHolder.cs
- Error.cs
- DataViewManagerListItemTypeDescriptor.cs
- HtmlImage.cs
- DropDownButton.cs
- DataGridViewDataConnection.cs
- WebPartActionVerb.cs
- SoapSchemaExporter.cs
- ToolStripOverflowButton.cs
- VectorValueSerializer.cs
- DataSet.cs
- UpdateRecord.cs
- StringHandle.cs
- SQLInt32.cs
- UpdateTracker.cs
- Identity.cs
- DeclarativeCatalogPart.cs
- XmlSerializerFactory.cs
- HttpServerVarsCollection.cs