lyfz_repos/铂金版源码/LYFZWZ/iNethinkCMS_SourceCode/iNethinkCMS.Command/Command_Security.cs

using System;
using System.Text.RegularExpressions;
using System.Web;
namespace iNethinkCMS.Command
{
	public class Command_Security
	{
		private const string StrRegex = "'|;|#|([\\s\\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\\s\\b+]*)";
		private const string StrRegex_From = "[';#()][\\s+()]*(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\\s+]*";
		public static bool PostData()
		{
			bool flag = false;
			for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++)
			{
				flag = Command_Security.CheckData(HttpContext.Current.Request.Form[i].ToString(), "[';#()][\\s+()]*(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\\s+]*");
				if (flag)
				{
					break;
				}
			}
			return flag;
		}
		public static bool GetData()
		{
			bool flag = false;
			for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
			{
				flag = Command_Security.CheckData(HttpContext.Current.Request.QueryString[i].ToString(), "'|;|#|([\\s\\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\\s\\b+]*)");
				if (flag)
				{
					break;
				}
			}
			return flag;
		}
		public static bool CookieData()
		{
			bool flag = false;
			for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
			{
				flag = Command_Security.CheckData(HttpContext.Current.Request.Cookies[i].Value.ToLower(), "'|;|#|([\\s\\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\\s\\b+]*)");
				if (flag)
				{
					break;
				}
			}
			return flag;
		}
		public static bool referer()
		{
			return Command_Security.CheckData(HttpContext.Current.Request.UrlReferrer.ToString(), "'|;|#|([\\s\\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\\s\\b+]*)");
		}
		public static bool CheckData(string inputData, string byStrRegex)
		{
			return Regex.IsMatch(inputData, byStrRegex);
		}
	}
}