(页面数据校验类)PageValidate.cs 基本通用。
using System; using System.Text; using System.Web; using System.Web.UI.WebControls; using System.Text.RegularExpressions; namespace Common { /// <summary> /// 页面数据校验类 /// </summary> public class PageValidate { private static Regex RegNumber = new Regex("^[0-9]+$"); private static Regex RegNumberSign = new Regex("^[+-]?[0-9]+$"); private static Regex RegDecimal = new Regex("^[0-9]+[.]?[0-9]+$"); private static Regex RegDecimalSign = new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?\d+[.]?\d+$ private static Regex RegEmail = new Regex("^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串,和 [a-zA-Z0-9] 语法一样 private static Regex RegCHZN = new Regex("[\u4e00-\u9fa5]"); public PageValidate() { } #region 数字字符串检查 /// <summary> /// 检查Request查询字符串的键值,是否是数字,最大长度限制 /// </summary> /// <param name="req">Request</param> /// <param name="inputKey">Request的键值</param> /// <param name="maxLen">最大长度</param> /// <returns>返回Request查询字符串</returns> public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen) { string retVal = string.Empty; if(inputKey != null && inputKey != string.Empty) { retVal = req.QueryString[inputKey]; if(null == retVal) retVal = req.Form[inputKey]; if(null != retVal) { retVal = SqlText(retVal, maxLen); if(!IsNumber(retVal)) retVal = string.Empty; } } if(retVal == null) retVal = string.Empty; return retVal; } /// <summary> /// 是否数字字符串 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsNumber(string inputData) { Match m = RegNumber.Match(inputData); return m.Success; } /// <summary> /// 是否数字字符串 可带正负号 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsNumberSign(string inputData) { Match m = RegNumberSign.Match(inputData); return m.Success; } /// <summary> /// 是否是浮点数 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsDecimal(string inputData) { Match m = RegDecimal.Match(inputData); return m.Success; } /// <summary> /// 是否是浮点数 可带正负号 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsDecimalSign(string inputData) { Match m = RegDecimalSign.Match(inputData); return m.Success; } #endregion #region 中文检测 /// <summary> /// 检测是否有中文字符 /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static bool IsHasCHZN(string inputData) { Match m = RegCHZN.Match(inputData); return m.Success; } #endregion #region 邮件地址 /// <summary> /// 是否是浮点数 可带正负号 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsEmail(string inputData) { Match m = RegEmail.Match(inputData); return m.Success; } #endregion #region 其他 /// <summary> /// 检查字符串最大长度,返回指定长度的串 /// </summary> /// <param name="sqlInput">输入字符串</param> /// <param name="maxLength">最大长度</param> /// <returns></returns> public static string SqlText(string sqlInput, int maxLength) { if(sqlInput != null && sqlInput != string.Empty) { sqlInput = sqlInput.Trim(); if(sqlInput.Length > maxLength)//按最大长度截取字符串 sqlInput = sqlInput.Substring(0, maxLength); } return sqlInput; } /// <summary> /// 字符串编码 /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static string HtmlEncode(string inputData) { return HttpUtility.HtmlEncode(inputData); } /// <summary> /// 设置Label显示Encode的字符串 /// </summary> /// <param name="lbl"></param> /// <param name="txtInput"></param> public static void SetLabel(Label lbl, string txtInput) { lbl.Text = HtmlEncode(txtInput); } public static void SetLabel(Label lbl, object inputObj) { SetLabel(lbl, inputObj.ToString()); } //字符串清理 public static string InputText(string inputString, int maxLength) { StringBuilder retVal = new StringBuilder(); // 检查是否为空 if ((inputString != null) && (inputString != String.Empty)) { inputString = inputString.Trim(); //检查长度 if (inputString.Length > maxLength) inputString = inputString.Substring(0, maxLength); //替换危险字符 for (int i = 0; i < inputString.Length; i++) { switch (inputString[i]) { case '"': retVal.Append("""); break; case '<': retVal.Append("<"); break; case '>': retVal.Append(">"); break; default: retVal.Append(inputString[i]); break; } } retVal.Replace("'", " ");// 替换单引号 } return retVal.ToString(); } /// <summary> /// 转换成 HTML code /// </summary> /// <param name="str">string</param> /// <returns>string</returns> public static string Encode(string str) { str = str.Replace("&","&"); str = str.Replace("'","''"); str = str.Replace("\"","""); str = str.Replace(" "," "); str = str.Replace("<","<"); str = str.Replace(">",">"); str = str.Replace("\n","<br>"); return str; } /// <summary> ///解析html成 普通文本 /// </summary> /// <param name="str">string</param> /// <returns>string</returns> public static string Decode(string str) { str = str.Replace("<br>","\n"); str = str.Replace(">",">"); str = str.Replace("<","<"); str = str.Replace(" "," "); str = str.Replace(""","\""); return str; } #endregion } }
通用文件(Global.asax),保存为Global.asax文件名 放到网站根木马下即可。
<mce:script language="C#" runat="server"><!-- protected void Application_BeginRequest(Object sender, EventArgs e) { StartProcessRequest(); } /// <summary> /// 处理用户提交的请求 /// </summary> private void StartProcessRequest() { try { string getkeys = ""; if (System.Web.HttpContext.Current.Request.QueryString != null) { for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++) { getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i]; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys])) { System.Web.HttpContext.Current.Response.Write("Get,出现错误,包含非法字符串"); System.Web.HttpContext.Current.Response.End(); } } } if (System.Web.HttpContext.Current.Request.Form != null) { for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++) { getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i]; if (getkeys == "__VIEWSTATE") continue; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys])) { System.Web.HttpContext.Current.Response.Write("Post,出现错误,包含非法字符串"); System.Web.HttpContext.Current.Response.End(); } } } if(System.Web.HttpContext.Current.Request.Cookies!=null) { for (int i = 0; i < System.Web.HttpContext.Current.Request.Cookies.Count; i++) { getkeys = System.Web.HttpContext.Current.Request.Cookies.Keys[i]; if (getkeys == "__VIEWSTATE") continue; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Cookies[getkeys].Value)) { System.Web.HttpContext.Current.Response.Write("Cookies,出现错误,包含非法字符串"); System.Web.HttpContext.Current.Response.End(); } } } } catch { // 错误处理: 处理用户提交信息! } } /// <summary> /// 分析用户请求是否正常 /// </summary> /// <param name="Str">传入用户提交数据 </param> /// <returns>返回是否含有SQL注入式攻击代码 </returns> private bool ProcessSqlStr(string Str) { bool ReturnValue = true; try { if (Str.Trim() != "") { string SqlStr = "select|insert|delete|update|declare|sysobjects|syscolumns|cast|truncate|master|mid|exec"; string[] anySqlStr = SqlStr.Split('|'); foreach (string ss in anySqlStr) { if (Str.ToLower().IndexOf(ss) >= 0) { ReturnValue = false; break; } } } } catch { ReturnValue = false; } return ReturnValue; } // --></mce:script>