public class DataSecurity
{
protected DataSecurity()
{
}
public static string ConvertToJavaScript(string str)
{
str = str.Replace(@"\", @"\\");
str = str.Replace("\n", @"\n");
str = str.Replace("\r", @"\r");
str = str.Replace("\"", "\\\"");
return str;
}
/// <summary>
/// 检查是否含有非法字符
/// </summary>
/// <param name="str">要检查的字符串</param>
/// <returns></returns>
public static bool ChkBadChar(string str)
{
bool result = false;
if (string.IsNullOrEmpty(str))
return result;
string strBadChar, tempChar;
string[] arrBadChar;
strBadChar = "@@,+,',--,%,^,&,?,(,),<,>,[,],{,},/,\\,;,:,\",\"\"";
arrBadChar = StringHelper.SplitString(strBadChar, ",");
tempChar = str;
for (int i = 0; i < arrBadChar.Length; i++)
{
if (tempChar.IndexOf(arrBadChar[i]) >= 0)
result = true;
}
return result;
}
/// <summary>
/// 过滤非法字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string ReplaceBadChar(string str)
{
if (string.IsNullOrEmpty(str))
return "";
string strBadChar, tempChar;
string[] arrBadChar;
strBadChar = "@@,+,',~,--,%,^,&,?,(,),<,>,[,],{,},/,\\,;,:,\",\"\"";
arrBadChar = StringHelper.SplitString(strBadChar, ",");
tempChar = str;
for (int i = 0; i < arrBadChar.Length; i++)
{
if (arrBadChar[i].Length > 0)
tempChar = tempChar.Replace(arrBadChar[i], "");
}
return tempChar;
}
/// <summary>
/// 替换sql语句中的有问题符号
/// </summary>
public static string ReplaceBadSQL(string str)
{
string str2 = "";
if (string.IsNullOrEmpty(str))
{
return "";
}
string str1 = str;
string[] strArray = new string[] { "'", "--", "exec", "insert", "select", "delete", "count", "update", "truncate", "master", "declare", "drop", "creat", "and", "use", "xp_" };
StringBuilder builder = new StringBuilder(str1);
for (int i = 0; i < strArray.Length; i++)
{
str2 = builder.Replace(strArray[i], "").ToString();
}
return builder.Replace("@@", "@").ToString();
}
public static string GetArrayValue(int index, string[] field)
{
if ((field != null) && ((index >= 0) && (index < field.Length)))
{
return field[index];
}
return string.Empty;
}
public static string GetArrayValue(int index, Collection<string> field)
{
if ((index >= 0) && (index < field.Count))
{
return field[index];
}
return string.Empty;
}
public static string HtmlDecode(object o)
{
if (o == null)
{
return null;
}
return HtmlDecode(o.ToString());
}
/// <summary>
/// 返回 HTML 字符串的解码结果
/// </summary>
/// <param name="str">字符串</param>
/// <returns>解码结果</returns>
public static string HtmlDecode(string fString)
{
if (!string.IsNullOrEmpty(fString))
{
try
{
fString = fString.Replace("'", "\'"); //单引号过滤
fString = fString.Replace("\"", "\""); //双引号过滤
fString = fString.Replace("<BR>", "\n"); //换行符
fString = fString.Replace("<br>", "\n");
fString = fString.Replace("<", "<"); //<过滤
fString = fString.Replace(">", ">"); //>过滤
fString = fString.Replace("&", "&"); //&过滤
fString = fString.Replace(" ", " "); //&过滤
fString = fString.Replace("\\\\", "\\"); //\过滤
fString = fString.Trim();
}
catch (Exception e)
{
return "发生错误:" + e.Message;
}
}
return HttpUtility.HtmlDecode(fString);
}
public static string HtmlEncode(object o)
{
if (o == null)
{
return null;
}
return HtmlEncode(o.ToString());
}
/// <summary>
/// 返回 字符串的HTML编码结果
/// </summary>
/// <param name="str">字符串</param>
/// <returns>编码结果</returns>
public static string HtmlEncode(string str)
{
if (!string.IsNullOrEmpty(str))
{
str = str.Replace("\r\n", "<br>");
str = str.Replace("\n", "<br>");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace(" ", " ");
str = str.Replace("'", "'");
str = str.Replace("\"", """);
}
return str;
}
public static string MakeFileRndName()
{
return (DateTime.Now.ToString("yyyyMMddHHmmss") + MakeRandomString("0123456789", 4));
}
public static string MakeFolderName()
{
return DateTime.Now.ToString("yyyyMM");
}
public static string MakeRandomString(int pwdlen)
{
return MakeRandomString("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_*", pwdlen);
}
public static string MakeRandomString(string pwdchars, int pwdlen)
{
StringBuilder builder = new StringBuilder();
Random random = new Random();
for (int i = 0; i < pwdlen; i++)
{
int num = random.Next(pwdchars.Length);
builder.Append(pwdchars[num]);
}
return builder.ToString();
}
public static string RandomNum()
{
return RandomNum(4);
}
public static string RandomNum(int intlong)
{
Random random = new Random();
StringBuilder builder = new StringBuilder("");
for (int i = 0; i < intlong; i++)
{
builder.Append(random.Next(10));
}
return builder.ToString();
}
public static string RestrictedUrl(Uri url)
{
Uri uri;
if (url == null)
{
return null;
}
Uri.TryCreate(url.AbsolutePath, UriKind.Absolute, out uri);
return (RestrictedUrl(uri) + url.Query);
}
public static string RngCspNum(int strLength)
{
if (strLength > 0)
{
strLength--;
}
else
{
strLength = 5;
}
byte[] data = new byte[strLength];
new RNGCryptoServiceProvider().GetBytes(data);
return BitConverter.ToInt32(data, 0).ToString();
}
public static string Strings(string ichar, int i)
{
StringBuilder builder = new StringBuilder("");
for (int j = 0; j < i; j++)
{
builder.Append(ichar);
}
return builder.ToString();
}
public static string UnrestrictedUrl(string path)
{
if (string.IsNullOrEmpty(path))
{
return path;
}
if (VirtualPathUtility.IsAppRelative(path))
{
path = VirtualPathUtility.ToAbsolute(path);
}
int num = 80;
string host = HttpContext.Current.Request.Url.Host;
string str2 = (num != 80) ? string.Format(":{0}", num) : "";
Uri baseUri = new Uri(string.Format("http://{0}{1}", host, str2));
return new Uri(baseUri, path).ToString();
}
/// <summary>
/// 检测是否有危险的可能用于链接的字符串
/// </summary>
/// <param name="str">要判断字符串</param>
/// <returns>判断结果</returns>
public static bool IsSafeUserInfoString(string str)
{
return !Regex.IsMatch(str, @"/^\s*$|^c:\\con\\con$|[%,\*" + "\"" + @"\s\t\<\>\&]|$guestexp/is");
}
public static string UrlEncode(object urlObj)
{
if (urlObj == null)
{
return null;
}
return UrlEncode(urlObj.ToString());
}
/// <summary>
/// 检测是否有Sql危险字符
/// </summary>
/// <param name="str">要判断字符串</param>
/// <returns>判断结果</returns>
public static bool IsSafeSqlString(string str)
{
return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']");
}
/// <summary>
/// 改正sql语句中的转义字符
/// </summary>
public static string mashSQL(string str)
{
string str2;
if (str == null)
{
str2 = "";
}
else
{
str = str.Replace("\'", "'");
str2 = str;
}
return str2;
}
public static string UrlEncode(string urlStr)
{
if (string.IsNullOrEmpty(urlStr))
{
return null;
}
return Regex.Replace(urlStr, @"[^a-zA-Z0-9,-_\.]+", new MatchEvaluator(DataSecurity.UrlEncodeMatch));
}
private static string UrlEncodeMatch(Match match)
{
string str = match.ToString();
if (str.Length < 1)
{
return str;
}
StringBuilder builder = new StringBuilder();
foreach (char ch in str)
{
if (ch > '\x007f')
{
builder.AppendFormat("%u{0:X4}", (int)ch);
}
else
{
builder.AppendFormat("%{0:X2}", (int)ch);
}
}
return builder.ToString();
}
public static string XmlEncode(string str)
{
if (!string.IsNullOrEmpty(str))
{
str = str.Replace("&", "&");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("'", "'");
str = str.Replace("\"", """);
}
return str;
}
}
{
protected DataSecurity()
{
}
public static string ConvertToJavaScript(string str)
{
str = str.Replace(@"\", @"\\");
str = str.Replace("\n", @"\n");
str = str.Replace("\r", @"\r");
str = str.Replace("\"", "\\\"");
return str;
}
/// <summary>
/// 检查是否含有非法字符
/// </summary>
/// <param name="str">要检查的字符串</param>
/// <returns></returns>
public static bool ChkBadChar(string str)
{
bool result = false;
if (string.IsNullOrEmpty(str))
return result;
string strBadChar, tempChar;
string[] arrBadChar;
strBadChar = "@@,+,',--,%,^,&,?,(,),<,>,[,],{,},/,\\,;,:,\",\"\"";
arrBadChar = StringHelper.SplitString(strBadChar, ",");
tempChar = str;
for (int i = 0; i < arrBadChar.Length; i++)
{
if (tempChar.IndexOf(arrBadChar[i]) >= 0)
result = true;
}
return result;
}
/// <summary>
/// 过滤非法字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string ReplaceBadChar(string str)
{
if (string.IsNullOrEmpty(str))
return "";
string strBadChar, tempChar;
string[] arrBadChar;
strBadChar = "@@,+,',~,--,%,^,&,?,(,),<,>,[,],{,},/,\\,;,:,\",\"\"";
arrBadChar = StringHelper.SplitString(strBadChar, ",");
tempChar = str;
for (int i = 0; i < arrBadChar.Length; i++)
{
if (arrBadChar[i].Length > 0)
tempChar = tempChar.Replace(arrBadChar[i], "");
}
return tempChar;
}
/// <summary>
/// 替换sql语句中的有问题符号
/// </summary>
public static string ReplaceBadSQL(string str)
{
string str2 = "";
if (string.IsNullOrEmpty(str))
{
return "";
}
string str1 = str;
string[] strArray = new string[] { "'", "--", "exec", "insert", "select", "delete", "count", "update", "truncate", "master", "declare", "drop", "creat", "and", "use", "xp_" };
StringBuilder builder = new StringBuilder(str1);
for (int i = 0; i < strArray.Length; i++)
{
str2 = builder.Replace(strArray[i], "").ToString();
}
return builder.Replace("@@", "@").ToString();
}
public static string GetArrayValue(int index, string[] field)
{
if ((field != null) && ((index >= 0) && (index < field.Length)))
{
return field[index];
}
return string.Empty;
}
public static string GetArrayValue(int index, Collection<string> field)
{
if ((index >= 0) && (index < field.Count))
{
return field[index];
}
return string.Empty;
}
public static string HtmlDecode(object o)
{
if (o == null)
{
return null;
}
return HtmlDecode(o.ToString());
}
/// <summary>
/// 返回 HTML 字符串的解码结果
/// </summary>
/// <param name="str">字符串</param>
/// <returns>解码结果</returns>
public static string HtmlDecode(string fString)
{
if (!string.IsNullOrEmpty(fString))
{
try
{
fString = fString.Replace("'", "\'"); //单引号过滤
fString = fString.Replace("\"", "\""); //双引号过滤
fString = fString.Replace("<BR>", "\n"); //换行符
fString = fString.Replace("<br>", "\n");
fString = fString.Replace("<", "<"); //<过滤
fString = fString.Replace(">", ">"); //>过滤
fString = fString.Replace("&", "&"); //&过滤
fString = fString.Replace(" ", " "); //&过滤
fString = fString.Replace("\\\\", "\\"); //\过滤
fString = fString.Trim();
}
catch (Exception e)
{
return "发生错误:" + e.Message;
}
}
return HttpUtility.HtmlDecode(fString);
}
public static string HtmlEncode(object o)
{
if (o == null)
{
return null;
}
return HtmlEncode(o.ToString());
}
/// <summary>
/// 返回 字符串的HTML编码结果
/// </summary>
/// <param name="str">字符串</param>
/// <returns>编码结果</returns>
public static string HtmlEncode(string str)
{
if (!string.IsNullOrEmpty(str))
{
str = str.Replace("\r\n", "<br>");
str = str.Replace("\n", "<br>");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace(" ", " ");
str = str.Replace("'", "'");
str = str.Replace("\"", """);
}
return str;
}
public static string MakeFileRndName()
{
return (DateTime.Now.ToString("yyyyMMddHHmmss") + MakeRandomString("0123456789", 4));
}
public static string MakeFolderName()
{
return DateTime.Now.ToString("yyyyMM");
}
public static string MakeRandomString(int pwdlen)
{
return MakeRandomString("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_*", pwdlen);
}
public static string MakeRandomString(string pwdchars, int pwdlen)
{
StringBuilder builder = new StringBuilder();
Random random = new Random();
for (int i = 0; i < pwdlen; i++)
{
int num = random.Next(pwdchars.Length);
builder.Append(pwdchars[num]);
}
return builder.ToString();
}
public static string RandomNum()
{
return RandomNum(4);
}
public static string RandomNum(int intlong)
{
Random random = new Random();
StringBuilder builder = new StringBuilder("");
for (int i = 0; i < intlong; i++)
{
builder.Append(random.Next(10));
}
return builder.ToString();
}
public static string RestrictedUrl(Uri url)
{
Uri uri;
if (url == null)
{
return null;
}
Uri.TryCreate(url.AbsolutePath, UriKind.Absolute, out uri);
return (RestrictedUrl(uri) + url.Query);
}
public static string RngCspNum(int strLength)
{
if (strLength > 0)
{
strLength--;
}
else
{
strLength = 5;
}
byte[] data = new byte[strLength];
new RNGCryptoServiceProvider().GetBytes(data);
return BitConverter.ToInt32(data, 0).ToString();
}
public static string Strings(string ichar, int i)
{
StringBuilder builder = new StringBuilder("");
for (int j = 0; j < i; j++)
{
builder.Append(ichar);
}
return builder.ToString();
}
public static string UnrestrictedUrl(string path)
{
if (string.IsNullOrEmpty(path))
{
return path;
}
if (VirtualPathUtility.IsAppRelative(path))
{
path = VirtualPathUtility.ToAbsolute(path);
}
int num = 80;
string host = HttpContext.Current.Request.Url.Host;
string str2 = (num != 80) ? string.Format(":{0}", num) : "";
Uri baseUri = new Uri(string.Format("http://{0}{1}", host, str2));
return new Uri(baseUri, path).ToString();
}
/// <summary>
/// 检测是否有危险的可能用于链接的字符串
/// </summary>
/// <param name="str">要判断字符串</param>
/// <returns>判断结果</returns>
public static bool IsSafeUserInfoString(string str)
{
return !Regex.IsMatch(str, @"/^\s*$|^c:\\con\\con$|[%,\*" + "\"" + @"\s\t\<\>\&]|$guestexp/is");
}
public static string UrlEncode(object urlObj)
{
if (urlObj == null)
{
return null;
}
return UrlEncode(urlObj.ToString());
}
/// <summary>
/// 检测是否有Sql危险字符
/// </summary>
/// <param name="str">要判断字符串</param>
/// <returns>判断结果</returns>
public static bool IsSafeSqlString(string str)
{
return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']");
}
/// <summary>
/// 改正sql语句中的转义字符
/// </summary>
public static string mashSQL(string str)
{
string str2;
if (str == null)
{
str2 = "";
}
else
{
str = str.Replace("\'", "'");
str2 = str;
}
return str2;
}
public static string UrlEncode(string urlStr)
{
if (string.IsNullOrEmpty(urlStr))
{
return null;
}
return Regex.Replace(urlStr, @"[^a-zA-Z0-9,-_\.]+", new MatchEvaluator(DataSecurity.UrlEncodeMatch));
}
private static string UrlEncodeMatch(Match match)
{
string str = match.ToString();
if (str.Length < 1)
{
return str;
}
StringBuilder builder = new StringBuilder();
foreach (char ch in str)
{
if (ch > '\x007f')
{
builder.AppendFormat("%u{0:X4}", (int)ch);
}
else
{
builder.AppendFormat("%{0:X2}", (int)ch);
}
}
return builder.ToString();
}
public static string XmlEncode(string str)
{
if (!string.IsNullOrEmpty(str))
{
str = str.Replace("&", "&");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("'", "'");
str = str.Replace("\"", """);
}
return str;
}
}