yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes xss issue

Browse Source
This commit is contained in:
Shannon
2013-12-03 15:40:12 +11:00
parent e981776e6d
commit a7e32e97e3
7 changed files with 212 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Umbraco.Core/StringExtensions.cs
View File

@@ -842,7 +842,7 @@ namespace Umbraco.Core
/// This allows you to replace strings like & , etc.. with your replacement character before the automatic
/// reduction.
/// </remarks>
[UmbracoWillObsolete("This method should be removed. Use ToUrlSegment instead.")]
[Obsolete("This method should be removed. Use ToUrlSegment instead.")]
public static string ToUrlAlias(this string value, IDictionary<string, string> charReplacements, bool replaceDoubleDashes, bool stripNonAscii, bool urlEncode)
{
var helper = ShortStringHelper;
@@ -866,7 +866,7 @@ namespace Umbraco.Core
/// and <c>UmbracoSettings.RemoveDoubleDashesFromUrlReplacing</c>.</para>
/// <para>Other helpers may use different parameters.</para>
/// </remarks>
[UmbracoWillObsolete("This method should be removed. Use ToUrlSegment instead.")]
[Obsolete("This method should be removed. Use ToUrlSegment instead.")]
public static string FormatUrl(this string url)
{
var helper = ShortStringHelper;
@@ -933,7 +933,7 @@ namespace Umbraco.Core
/// <param name="removeSpaces">Indicates whether spaces should be removed. THIS PARAMETER IS IGNORED.</param>
/// <returns>The safe alias.</returns>
/// <remarks>CamelCase, and remove spaces, whatever the parameters.</remarks>
[UmbracoWillObsolete("This method should be removed. Use ToSafeAlias instead.")]
[Obsolete("This method should be removed. Use ToSafeAlias instead.")]
public static string ToUmbracoAlias(this string phrase, StringAliasCaseType caseType = StringAliasCaseType.CamelCase, bool removeSpaces = false)
{
var helper = ShortStringHelper;
@@ -978,7 +978,7 @@ namespace Umbraco.Core
/// <para>This is the legacy method, so we can't really change it, although it has issues (see unit tests).</para>
/// <para>It does more than "converting the case", and also remove spaces, etc.</para>
/// </remarks>
[UmbracoWillObsolete("This method should be removed. Use CleanString instead.")]
[Obsolete("This method should be removed. Use CleanString instead.")]
public static string ConvertCase(this string phrase, StringAliasCaseType cases)
{
var helper = ShortStringHelper;

35
src/Umbraco.Web.UI/umbraco/Umbraco.aspx.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
@@ -6,8 +7,11 @@ using System.Text.RegularExpressions;
using System.Web;
using System.Web.UI;
using Umbraco.Core.IO;
using Umbraco.Core.Logging;
using Umbraco.Core.Strings;
using umbraco;
using Umbraco.Core;
using umbraco.BusinessLogic;
namespace Umbraco.Web.UI.Umbraco
{
@@ -15,7 +19,36 @@ namespace Umbraco.Web.UI.Umbraco
{
public string DefaultApp { get; private set; }
protected void Page_Load(object sender, System.EventArgs e)
protected string InitApp
{
get
{
var app = Request.GetCleanedItem("app");
//validate the app
if (global::umbraco.BusinessLogic.Application.getAll().Any(x => x.alias.InvariantEquals(app)) == false)
{
LogHelper.Warn<Umbraco>("A requested app: " + Request.GetItemAsString("app") + " was not found");
return string.Empty;
}
return app;
}
}
protected string RightAction
{
get
{
//manually clean the string, we need to allow / and other url chars but ensure to strip any other potential xss chars.
return Request.GetItemAsString("rightAction").StripHtml().ExceptChars(new HashSet<char>("(){}[];:<>\\'\"".ToCharArray()));
}
}
protected string RightActionId
{
get { return Request.GetCleanedItem("id").ReplaceNonAlphanumericChars('-'); }
}
protected void Page_Load(object sender, EventArgs e)
{
var apps = UmbracoUser.Applications.ToList();
bool userHasAccesstodefaultApp = apps.Any(x => x.alias == Constants.Applications.Content);

2
src/Umbraco.Web.UI/umbraco/dashboard.aspx
View File

@@ -1,4 +1,4 @@
<%@ Page language="c#" MasterPageFile="masterpages/umbracoPage.Master" Title="dashboard" Codebehind="dashboard.aspx.cs" AutoEventWireup="True" Inherits="umbraco.cms.presentation.dashboard" trace="false" validateRequest="false"%>
<%@ Page language="c#" MasterPageFile="masterpages/umbracoPage.Master" Title="dashboard" AutoEventWireup="True" Inherits="umbraco.cms.presentation.dashboard" trace="false" validateRequest="false"%>
<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
<asp:Content ContentPlaceHolderID="body" ID="ContentBody" runat="server">

10
src/Umbraco.Web.UI/umbraco/umbraco.aspx
View File

@@ -159,13 +159,13 @@
<script type="text/javascript">
//used for deeplinking to specific content whilst still showing the tree
var initApp = '<%=umbraco.presentation.UmbracoContext.Current.Request.QueryString["app"]%>';
var rightAction = '<%=umbraco.presentation.UmbracoContext.Current.Request.QueryString["rightAction"]%>';
var rightActionId = '<%=umbraco.presentation.UmbracoContext.Current.Request.QueryString["id"]%>';
var initApp = '<%=InitApp%>';
var rightAction = '<%=RightAction%>';
var rightActionId = '<%=RightActionId%>';
var base = '<%=string.Format("{0}/", Umbraco.Core.IO.IOHelper.ResolveUrl(Umbraco.Core.IO.SystemDirectories.Umbraco))%>';
var url = ''
var url = '';
if (rightActionId && rightActionId != '') {
url = base + rightAction + ".aspx?id=" + rightActionId
url = base + rightAction + ".aspx?id=" + rightActionId;
} else {
url = base + rightAction;
}

15
src/Umbraco.Web/HttpRequestExtensions.cs
View File

@@ -11,6 +11,21 @@ namespace Umbraco.Web
/// </summary>
public static class HttpRequestExtensions
{
/// <summary>
/// Extracts the value from the query string and cleans it to prevent xss attacks.
/// </summary>
/// <param name="request"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string GetCleanedItem(this HttpRequest request, string key)
{
var item = request.GetItemAsString(key);
//remove any html
item = item.StripHtml();
//strip out any potential chars involved with XSS
return item.ExceptChars(new HashSet<char>("(){}[];:%<>/\\|&'\"".ToCharArray()));
}
/// <summary>
/// Safely get a request item as string, if the item does not exist, an empty string is returned.
/// </summary>

232
src/Umbraco.Web/umbraco.presentation/umbraco/dashboard.aspx.cs
View File

@@ -12,6 +12,7 @@ using System.Web.UI.HtmlControls;
using System.IO;
using System.Xml;
using System.Xml.XPath;
using Umbraco.Web;
using umbraco.uicontrols;
using Umbraco.Core.IO;
using umbraco.cms.helpers;
@@ -28,15 +29,15 @@ namespace umbraco.cms.presentation
private string _section = "";
protected void Page_Load(object sender, System.EventArgs e)
protected void Page_Load(object sender, EventArgs e)
{
// Put user code to initialize the page here
Panel2.Text = ui.Text("dashboard", "welcome", base.getUser()) + " " + this.getUser().Name;
Panel2.Text = ui.Text("dashboard", "welcome", UmbracoUser) + " " + UmbracoUser.Name;
}
private Control CreateDashBoardWrapperControl(Control control)
private static Control CreateDashBoardWrapperControl(Control control)
{
PlaceHolder placeHolder = new PlaceHolder();
var placeHolder = new PlaceHolder();
placeHolder.Controls.Add(new LiteralControl("<br/><fieldSet style=\"padding: 5px\">"));
placeHolder.Controls.Add(control);
placeHolder.Controls.Add(new LiteralControl("</fieldSet>"));
@@ -48,78 +49,89 @@ namespace umbraco.cms.presentation
base.OnInit(e);
// Load dashboard content
if (helper.Request("app") != "")
_section = helper.Request("app");
else if (getUser().Applications.Length > 0)
if (Request.GetItemAsString("app") != "")
{
_section = Request.GetItemAsString("app");
}
else if (UmbracoUser.Applications.Length > 0)
{
_section = "default";
}
else
_section = getUser().Applications[0].alias;
{
_section = UmbracoUser.Applications[0].alias;
}
XmlDocument dashBoardXml = new XmlDocument();
var dashBoardXml = new XmlDocument();
dashBoardXml.Load(IOHelper.MapPath(SystemFiles.DashboardConfig));
// test for new tab interface
foreach (XmlNode section in dashBoardXml.DocumentElement.SelectNodes("//section [areas/area = '" + _section.ToLower() + "']"))
if (dashBoardXml.DocumentElement == null) return;
var nodeList = dashBoardXml.DocumentElement.SelectNodes("//section [areas/area = '" + _section.ToLower() + "']");
if (nodeList == null) return;
foreach (XmlNode section in nodeList)
{
if (section != null && validateAccess(section))
if (section != null && ValidateAccess(section))
{
Panel2.Visible = false;
dashboardTabs.Visible = true;
foreach (XmlNode entry in section.SelectNodes("./tab"))
var xmlNodeList = section.SelectNodes("./tab");
if (xmlNodeList != null)
{
if (validateAccess(entry))
foreach (XmlNode entry in xmlNodeList)
{
TabPage tab = dashboardTabs.NewTabPage(entry.Attributes.GetNamedItem("caption").Value);
if (ValidateAccess(entry) == false) continue;
if (entry.Attributes == null) continue;
var tab = dashboardTabs.NewTabPage(entry.Attributes.GetNamedItem("caption").Value);
tab.HasMenu = true;
tab.Style.Add("padding", "0 10px");
foreach (XmlNode uc in entry.SelectNodes("./control"))
var selectNodes = entry.SelectNodes("./control");
if (selectNodes == null) continue;
foreach (XmlNode uc in selectNodes)
{
if (validateAccess(uc))
if (ValidateAccess(uc) == false) continue;
var control = GetFirstText(uc).Trim(' ', '\r', '\n');
var path = IOHelper.FindFile(control);
try
{
string control = getFirstText(uc).Trim(' ', '\r', '\n');
string path = IOHelper.FindFile(control);
var c = LoadControl(path);
try
// set properties
var type = c.GetType();
if (uc.Attributes != null)
{
Control c = LoadControl(path);
// set properties
Type type = c.GetType();
if (type != null)
foreach (XmlAttribute att in uc.Attributes)
{
foreach (XmlAttribute att in uc.Attributes)
var attributeName = att.Name;
var attributeValue = ParseControlValues(att.Value).ToString();
// parse special type of values
var prop = type.GetProperty(attributeName);
if (prop == null)
{
string attributeName = att.Name;
string attributeValue = parseControlValues(att.Value).ToString();
// parse special type of values
PropertyInfo prop = type.GetProperty(attributeName);
if (prop == null)
{
continue;
}
prop.SetValue(c, Convert.ChangeType(attributeValue, prop.PropertyType),
null);
continue;
}
}
//resolving files from dashboard config which probably does not map to a virtual fi
tab.Controls.Add(AddPanel(uc, c));
}
catch (Exception ee)
{
tab.Controls.Add(
new LiteralControl(
"<p class=\"umbracoErrorMessage\">Could not load control: '" + path +
"'. <br/><span class=\"guiDialogTiny\"><strong>Error message:</strong> " +
ee.ToString() + "</span></p>"));
prop.SetValue(c, Convert.ChangeType(attributeValue, prop.PropertyType), null);
}
}
//resolving files from dashboard config which probably does not map to a virtual fi
tab.Controls.Add(AddPanel(uc, c));
}
catch (Exception ee)
{
tab.Controls.Add(
new LiteralControl(
"<p class=\"umbracoErrorMessage\">Could not load control: '" + path +
"'. <br/><span class=\"guiDialogTiny\"><strong>Error message:</strong> " +
ee + "</span></p>"));
}
}
}
@@ -127,44 +139,45 @@ namespace umbraco.cms.presentation
}
else
{
foreach (
XmlNode entry in dashBoardXml.SelectNodes("//entry [@section='" + _section.ToLower() + "']"))
var xmlNodeList = dashBoardXml.SelectNodes("//entry [@section='" + _section.ToLower() + "']");
if (xmlNodeList != null)
{
PlaceHolder placeHolder = new PlaceHolder();
if (entry == null || entry.FirstChild == null)
foreach (XmlNode entry in xmlNodeList)
{
placeHolder.Controls.Add(
CreateDashBoardWrapperControl(new LiteralControl("Error loading DashBoard Content")));
}
else
{
string path = IOHelper.FindFile(entry.FirstChild.Value);
var placeHolder = new PlaceHolder();
if (entry == null || entry.FirstChild == null)
{
placeHolder.Controls.Add(
CreateDashBoardWrapperControl(new LiteralControl("Error loading DashBoard Content")));
}
else
{
var path = IOHelper.FindFile(entry.FirstChild.Value);
try
{
placeHolder.Controls.Add(CreateDashBoardWrapperControl(LoadControl(path)));
}
catch (Exception err)
{
Trace.Warn("Dashboard", string.Format("error loading control '{0}'",
path), err);
placeHolder.Controls.Clear();
placeHolder.Controls.Add(CreateDashBoardWrapperControl(new LiteralControl(string.Format(
"Error loading DashBoard Content '{0}'; {1}", path,
err.Message))));
try
{
placeHolder.Controls.Add(CreateDashBoardWrapperControl(LoadControl(path)));
}
catch (Exception err)
{
Trace.Warn("Dashboard", string.Format("error loading control '{0}'",
path), err);
placeHolder.Controls.Clear();
placeHolder.Controls.Add(CreateDashBoardWrapperControl(new LiteralControl(string.Format(
"Error loading DashBoard Content '{0}'; {1}", path,
err.Message))));
}
}
dashBoardContent.Controls.Add(placeHolder);
}
dashBoardContent.Controls.Add(placeHolder);
}
}
}
}
private object parseControlValues(string value)
private static object ParseControlValues(string value)
{
if (!String.IsNullOrEmpty(value))
if (string.IsNullOrEmpty(value) == false)
{
if (value.StartsWith("[#"))
{
@@ -190,18 +203,18 @@ namespace umbraco.cms.presentation
return value;
}
private Control AddPanel(XmlNode node, Control c)
private static Control AddPanel(XmlNode node, Control c)
{
LiteralControl hide = AddShowOnceLink(node);
var hide = AddShowOnceLink(node);
if (node.Attributes.GetNamedItem("addPanel") != null &&
node.Attributes.GetNamedItem("addPanel").Value == "true")
{
Pane p = new Pane();
PropertyPanel pp = new PropertyPanel();
var p = new Pane();
var pp = new PropertyPanel();
if (node.Attributes.GetNamedItem("panelCaption") != null &&
!String.IsNullOrEmpty(node.Attributes.GetNamedItem("panelCaption").Value))
string.IsNullOrEmpty(node.Attributes.GetNamedItem("panelCaption").Value) == false)
{
string panelCaption = node.Attributes.GetNamedItem("panelCaption").Value;
var panelCaption = node.Attributes.GetNamedItem("panelCaption").Value;
if (panelCaption.StartsWith("#"))
{
panelCaption = ui.Text(panelCaption.Substring(1));
@@ -209,7 +222,7 @@ namespace umbraco.cms.presentation
pp.Text = panelCaption;
}
// check for hide in the future link
if (!String.IsNullOrEmpty(hide.Text))
if (string.IsNullOrEmpty(hide.Text) == false)
{
pp.Controls.Add(hide);
}
@@ -218,47 +231,46 @@ namespace umbraco.cms.presentation
return p;
}
if (!String.IsNullOrEmpty(hide.Text))
if (string.IsNullOrEmpty(hide.Text) == false)
{
PlaceHolder ph = new PlaceHolder();
var ph = new PlaceHolder();
ph.Controls.Add(hide);
ph.Controls.Add(c);
return ph;
}
else
{
return c;
}
return c;
}
private LiteralControl AddShowOnceLink(XmlNode node)
private static LiteralControl AddShowOnceLink(XmlNode node)
{
LiteralControl onceLink = new LiteralControl();
var onceLink = new LiteralControl();
if (node.Attributes.GetNamedItem("showOnce") != null &&
node.Attributes.GetNamedItem("showOnce").Value.ToLower() == "true")
{
onceLink.Text = "<a class=\"dashboardHideLink\" onclick=\"if(confirm('Are you sure you want remove this dashboard item?')){jQuery.cookie('" + generateCookieKey(node) + "','true'); jQuery(this).closest('.propertypane').fadeOut();return false;}\">" + ui.Text("dashboard", "dontShowAgain") + "</a>";
onceLink.Text = "<a class=\"dashboardHideLink\" onclick=\"if(confirm('Are you sure you want remove this dashboard item?')){jQuery.cookie('" + GenerateCookieKey(node) + "','true'); jQuery(this).closest('.propertypane').fadeOut();return false;}\">" + ui.Text("dashboard", "dontShowAgain") + "</a>";
}
return onceLink;
}
private string getFirstText(XmlNode node)
private static string GetFirstText(XmlNode node)
{
foreach (XmlNode n in node.ChildNodes)
{
if (n.NodeType == XmlNodeType.Text)
{
return n.Value;
}
}
return "";
}
private string generateCookieKey(XmlNode node)
private static string GenerateCookieKey(XmlNode node)
{
string key = String.Empty;
var key = String.Empty;
if (node.Name.ToLower() == "control")
{
key = node.FirstChild.Value + "_" + generateCookieKey(node.ParentNode);
key = node.FirstChild.Value + "_" + GenerateCookieKey(node.ParentNode);
}
else if (node.Name.ToLower() == "tab")
{
@@ -268,11 +280,11 @@ namespace umbraco.cms.presentation
return Casing.SafeAlias(key.ToLower());
}
private bool validateAccess(XmlNode node)
private static bool ValidateAccess(XmlNode node)
{
// check if this area should be shown at all
string onlyOnceValue = StateHelper.GetCookieValue(generateCookieKey(node));
if (!String.IsNullOrEmpty(onlyOnceValue))
var onlyOnceValue = StateHelper.GetCookieValue(GenerateCookieKey(node));
if (string.IsNullOrEmpty(onlyOnceValue) == false)
{
return false;
}
@@ -282,13 +294,13 @@ namespace umbraco.cms.presentation
{
return true;
}
else if (node != null)
if (node != null)
{
XmlNode accessRules = node.SelectSingleNode("access");
bool retVal = true;
var accessRules = node.SelectSingleNode("access");
var retVal = true;
if (accessRules != null && accessRules.HasChildNodes)
{
string currentUserType = CurrentUser.UserType.Alias.ToLowerInvariant();
var currentUserType = CurrentUser.UserType.Alias.ToLowerInvariant();
//Update access rules so we'll be comparing lower case to lower case always
@@ -304,14 +316,14 @@ namespace umbraco.cms.presentation
grant.InnerText = grant.InnerText.ToLowerInvariant();
}
string allowedSections = ",";
foreach (BusinessLogic.Application app in CurrentUser.Applications)
var allowedSections = ",";
foreach (Application app in CurrentUser.Applications)
{
allowedSections += app.alias.ToLower() + ",";
}
XmlNodeList grantedTypes = accessRules.SelectNodes("grant");
XmlNodeList grantedBySectionTypes = accessRules.SelectNodes("grantBySection");
XmlNodeList deniedTypes = accessRules.SelectNodes("deny");
var grantedTypes = accessRules.SelectNodes("grant");
var grantedBySectionTypes = accessRules.SelectNodes("grantBySection");
var deniedTypes = accessRules.SelectNodes("deny");
// if there's a grant type, everyone who's not granted is automatically denied
if (grantedTypes.Count > 0 || grantedBySectionTypes.Count > 0)

69
src/Umbraco.Web/umbraco.presentation/umbraco/umbraco.aspx.cs
View File

@@ -1,23 +1,15 @@
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Globalization;
using System.IO;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using umbraco.BasePages;
using System.Xml;
using System.Xml.XPath;
using umbraco.BusinessLogic.Actions;
using ClientDependency.Core;
using Umbraco.Core.IO;
using Umbraco.Core;
using Umbraco.Web;
using System.Linq;
using System.Text;
using ClientDependency.Core.Controls;
using System.Text.RegularExpressions;
namespace umbraco.cms.presentation
@@ -25,48 +17,49 @@ namespace umbraco.cms.presentation
/// <summary>
/// The back office rendering page
/// </summary>
[Obsolete("This class is no longer used and will be removed from the codebase in future versions")]
public class _umbraco : UmbracoEnsuredPage
{
[Obsolete("This property is no longer used")]
protected umbWindow UmbWindow1;
protected System.Web.UI.WebControls.PlaceHolder bubbleText;
protected PlaceHolder bubbleText;
public string DefaultApp { get; private set; }
protected void Page_Load(object sender, System.EventArgs e)
protected void Page_Load(object sender, EventArgs e)
{
var apps = this.getUser().Applications.ToList();
bool userHasAccesstodefaultApp = apps.Where(x => x.alias == Umbraco.Core.Constants.Applications.Content).Count() > 0;
var apps = UmbracoUser.Applications.ToList();
var userHasAccesstodefaultApp = apps.Any(x => x.alias == Umbraco.Core.Constants.Applications.Content);
// Load user module icons ..
if (apps.Count() > 1)
{
var JSEvents = new StringBuilder();
var jsEvents = new StringBuilder();
PlaceHolderAppIcons.Text = ui.Text("main", "sections", base.getUser());
PlaceHolderAppIcons.Text = ui.Text("main", "sections", UmbracoUser);
plcIcons.Text = "";
foreach (BusinessLogic.Application a in apps.OrderBy(x => x.sortOrder))
foreach (var a in apps.OrderBy(x => x.sortOrder))
{
string appClass = a.icon.StartsWith(".") ? a.icon.Substring(1, a.icon.Length - 1) : a.alias;
var appClass = a.icon.StartsWith(".") ? a.icon.Substring(1, a.icon.Length - 1) : a.alias;
//adds client side event handlers to the icon buttons
JSEvents.Append(@"jQuery('." + appClass + "').click(function() { appClick.call(this, '" + a.alias + "'); } );");
JSEvents.Append(@"jQuery('." + appClass + "').dblclick(function() { appDblClick.call(this, '" + a.alias + "'); } );");
jsEvents.Append(@"jQuery('." + appClass + "').click(function() { appClick.call(this, '" + a.alias + "'); } );");
jsEvents.Append(@"jQuery('." + appClass + "').dblclick(function() { appDblClick.call(this, '" + a.alias + "'); } );");
string iconElement = String.Format("<li><a class=\"{0}\" title=\"" + ui.Text("sections", a.alias, base.getUser()) + "\" href=\"javascript:void(0);\">", appClass);
var iconElement = String.Format("<li><a class=\"{0}\" title=\"" + ui.Text("sections", a.alias, UmbracoUser) + "\" href=\"javascript:void(0);\">", appClass);
if (a.icon.StartsWith("."))
iconElement +=
"<img src=\"images/nada.gif\" class=\"trayHolder\" alt=\"\" /></a></li>";
else
iconElement += "<img src=\"images/tray/" + a.icon + "\" class=\"trayIcon\" alt=\"" + ui.Text("sections", a.alias, base.getUser()) + "\"></a></li>";
iconElement += "<img src=\"images/tray/" + a.icon + "\" class=\"trayIcon\" alt=\"" + ui.Text("sections", a.alias, UmbracoUser) + "\"></a></li>";
plcIcons.Text += iconElement;
}
//registers the jquery event handlers.
Page.ClientScript.RegisterStartupScript(this.GetType(), "AppIcons", "jQuery(document).ready(function() { " + JSEvents.ToString() + " } );", true);
Page.ClientScript.RegisterStartupScript(GetType(), "AppIcons", "jQuery(document).ready(function() { " + jsEvents + " } );", true);
}
else
@@ -75,7 +68,7 @@ namespace umbraco.cms.presentation
//if user does not have access to content (ie, he's probably a translator)...
//then change the default tree app
if (!userHasAccesstodefaultApp)
if (userHasAccesstodefaultApp == false)
{
JTree.App = apps[0].alias;
DefaultApp = apps[0].alias;
@@ -87,21 +80,21 @@ namespace umbraco.cms.presentation
// Load globalized labels
treeWindow.Text = ui.Text("main", "tree", base.getUser());
treeWindow.Text = ui.Text("main", "tree", UmbracoUser);
RenderActionJS();
RenderActionJs();
// Version check goes here!
// zb-00004 #29956 : refactor cookies names & handling
var updChkCookie = new umbraco.BusinessLogic.StateHelper.Cookies.Cookie("UMB_UPDCHK", GlobalSettings.VersionCheckPeriod); // was "updateCheck"
string updateCheckCookie = updChkCookie.HasValue ? updChkCookie.GetValue() : "";
var updChkCookie = new BusinessLogic.StateHelper.Cookies.Cookie("UMB_UPDCHK", GlobalSettings.VersionCheckPeriod); // was "updateCheck"
var updateCheckCookie = updChkCookie.HasValue ? updChkCookie.GetValue() : "";
if (GlobalSettings.VersionCheckPeriod > 0 && String.IsNullOrEmpty(updateCheckCookie) && base.getUser().UserType.Alias == "admin")
if (GlobalSettings.VersionCheckPeriod > 0 && String.IsNullOrEmpty(updateCheckCookie) && UmbracoUser.UserType.Alias == "admin")
{
// Add scriptmanager version check
ScriptManager sm = ScriptManager.GetCurrent(Page);
var sm = ScriptManager.GetCurrent(Page);
sm.Scripts.Add(new ScriptReference(SystemDirectories.Umbraco + "/js/umbracoUpgradeChecker.js"));
sm.Services.Add(new ServiceReference(SystemDirectories.WebServices + "/CheckForUpgrade.asmx"));
@@ -118,7 +111,7 @@ namespace umbraco.cms.presentation
{
if (Request.Browser.Browser == "IE" && Request.Browser.MajorVersion == 9)
{
StringBuilder metadata = new StringBuilder();
var metadata = new StringBuilder();
metadata.AppendFormat(
@"<link rel='icon' href='{0}' type='image/x-icon'>
<link rel='shortcut icon' href='{0}' type='image/x-icon'>
@@ -129,7 +122,7 @@ namespace umbraco.cms.presentation
IOHelper.ResolveUrl(SystemDirectories.Umbraco + "/images/pinnedIcons/umb.ico"),
HttpContext.Current.Request.Url.Host.ToLower().Replace("www.", ""));
var user = base.getUser();
var user = UmbracoUser;
if (user != null && user.Applications != null && user.Applications.Length > 0)
{
foreach (var app in user.Applications)
@@ -154,10 +147,10 @@ namespace umbraco.cms.presentation
/// <summary>
/// Renders out all JavaScript references that have bee declared in IActions
/// </summary>
private void RenderActionJS()
private void RenderActionJs()
{
var item = 0;
foreach (var jsFile in umbraco.BusinessLogic.Actions.Action.GetJavaScriptFileReferences())
foreach (var jsFile in BusinessLogic.Actions.Action.GetJavaScriptFileReferences())
{
//validate that this is a url, if it is not, we'll assume that it is a text block and render it as a text
//block instead.
@@ -185,7 +178,7 @@ namespace umbraco.cms.presentation
if (isValid)
{
//add to page
Page.ClientScript.RegisterClientScriptInclude(this.GetType(), item.ToString(), jsFile);
Page.ClientScript.RegisterClientScriptInclude(GetType(), item.ToString(), jsFile);
}
}
catch (UriFormatException)
@@ -193,11 +186,11 @@ namespace umbraco.cms.presentation
isValid = false;
}
if (!isValid)
if (isValid == false)
{
//it is invalid, let's render it as a script block instead as devs may have written real Javascript instead
//of a JS path
Page.ClientScript.RegisterClientScriptBlock(this.GetType(), item.ToString(), jsFile, true);
Page.ClientScript.RegisterClientScriptBlock(GetType(), item.ToString(CultureInfo.InvariantCulture), jsFile, true);
}
item++;