yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/6.2.0' into 7.0.1

Browse Source 
Conflicts:
	src/Umbraco.Core/Persistence/Relators/PropertyTypePropertyGroupRelator.cs
	src/Umbraco.Core/Persistence/Repositories/MemberRepository.cs
	src/Umbraco.Core/PluginManager.cs
	src/Umbraco.Tests/Services/ContentServiceTests.cs
	src/Umbraco.Web.UI/install/Default.aspx.cs
	src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx
	src/Umbraco.Web.UI/umbraco/Umbraco.aspx.cs
	src/Umbraco.Web.UI/umbraco/dashboard.aspx
	src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx
	src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx
	src/Umbraco.Web.UI/umbraco/logout.aspx
	src/Umbraco.Web.UI/umbraco/umbraco.aspx
	src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs
	src/Umbraco.Web/Umbraco.Web.csproj
	src/Umbraco.Web/umbraco.presentation/install/LegacyClasses.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/dashboard.aspx.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/logout.aspx.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/umbraco.aspx.cs
	src/umbraco.cms/businesslogic/Packager/Installer.cs
	src/umbraco.providers/members/MembersMembershipProvider.cs
This commit is contained in:
Shannon
2013-12-03 18:10:00 +11:00
parent 9d90506265 d4514844f8
commit 2a05687c8b
27 changed files with 635 additions and 595 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Umbraco.Web/HttpRequestExtensions.cs
View File

@@ -11,6 +11,21 @@ namespace Umbraco.Web
/// </summary>
public static class HttpRequestExtensions
{
/// <summary>
/// Extracts the value from the query string and cleans it to prevent xss attacks.
/// </summary>
/// <param name="request"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string GetCleanedItem(this HttpRequest request, string key)
{
var item = request.GetItemAsString(key);
//remove any html
item = item.StripHtml();
//strip out any potential chars involved with XSS
return item.ExceptChars(new HashSet<char>("(){}[];:%<>/\\|&'\"".ToCharArray()));
}
/// <summary>
/// Safely get a request item as string, if the item does not exist, an empty string is returned.
/// </summary>