lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Moved antiforgery generation into our own beginform helper.

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4044036
This commit is contained in:
ErikPorter
2009-12-14 21:59:46 +00:00
parent b3f694dacd
commit ad7b193d2c
8 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Orchard.Web/Packages/Orchard.Blogs/Views/Blog/Create.aspx
View File

@@ -3,12 +3,9 @@
<%@ Import Namespace="Orchard.Blogs.ViewModels"%> <%@ Import Namespace="Orchard.Blogs.ViewModels"%>
<% Html.Include("AdminHead"); %> <% Html.Include("AdminHead"); %>
<h2>Add Blog</h2> <h2>Add Blog</h2>
<% using (Html.BeginForm()) { %> <% using (Html.BeginFormAntiForgeryPost()) { %>
<%=Html.ValidationSummary() %> <%=Html.ValidationSummary() %>
<%=Html.EditorForItem(vm => vm.Blog) %> <%=Html.EditorForItem(vm => vm.Blog) %>
<fieldset> <fieldset><input class="button" type="submit" value="Create" /></fieldset><%
<%=Html.OrchardAntiForgeryToken() %>
<input class="button" type="submit" value="Create" />
</fieldset><%
} %> } %>
<% Html.Include("AdminFoot"); %> <% Html.Include("AdminFoot"); %>

7
src/Orchard.Web/Packages/Orchard.Blogs/Views/Blog/Edit.aspx
View File

@@ -3,12 +3,9 @@
<%@ Import Namespace="Orchard.Blogs.ViewModels"%> <%@ Import Namespace="Orchard.Blogs.ViewModels"%>
<% Html.Include("AdminHead"); %> <% Html.Include("AdminHead"); %>
<h2>Edit Blog</h2> <h2>Edit Blog</h2>
<% using (Html.BeginForm()) { %> <% using (Html.BeginFormAntiForgeryPost()) { %>
<%=Html.ValidationSummary() %> <%=Html.ValidationSummary() %>
<%=Html.EditorForItem(m => m.Blog) %> <%=Html.EditorForItem(m => m.Blog) %>
<fieldset> <fieldset><input class="button" type="submit" value="Save" /></fieldset><%
<%=Html.OrchardAntiForgeryToken() %>
<input class="button" type="submit" value="Save" />
</fieldset><%
} %> } %>
<% Html.Include("AdminFoot"); %> <% Html.Include("AdminFoot"); %>

5
src/Orchard.Web/Packages/Orchard.Blogs/Views/BlogPost/Create.aspx
View File

@@ -3,9 +3,8 @@
<%@ Import Namespace="Orchard.Blogs.ViewModels"%> <%@ Import Namespace="Orchard.Blogs.ViewModels"%>
<% Html.Include("AdminHead"); %> <% Html.Include("AdminHead"); %>
<h2>Add Post</h2> <h2>Add Post</h2>
<% using (Html.BeginForm()) { %> <% using (Html.BeginFormAntiForgeryPost()) { %>
<%=Html.ValidationSummary() %> <%=Html.ValidationSummary() %>
<%=Html.EditorForItem(m => m.BlogPost) %> <%=Html.EditorForItem(m => m.BlogPost) %><%
<%=Html.OrchardAntiForgeryToken() %><%
} %> } %>
<% Html.Include("AdminFoot"); %> <% Html.Include("AdminFoot"); %>

5
src/Orchard.Web/Packages/Orchard.Blogs/Views/BlogPost/Edit.aspx
View File

@@ -3,9 +3,8 @@
<%@ Import Namespace="Orchard.Blogs.ViewModels"%> <%@ Import Namespace="Orchard.Blogs.ViewModels"%>
<% Html.Include("AdminHead"); %> <% Html.Include("AdminHead"); %>
<h2>Edit Post</h2> <h2>Edit Post</h2>
<% using (Html.BeginForm()) { %> <% using (Html.BeginFormAntiForgeryPost()) { %>
<%=Html.ValidationSummary() %> <%=Html.ValidationSummary() %>
<%=Html.EditorForItem(m => m.BlogPost) %> <%=Html.EditorForItem(m => m.BlogPost) %><%
<%=Html.OrchardAntiForgeryToken() %><%
} %> } %>
<% Html.Include("AdminFoot"); %> <% Html.Include("AdminFoot"); %>

1
src/Orchard/Mvc/Filters/AntiForgeryAuthorizationFilter.cs
View File

@@ -11,6 +11,7 @@ namespace Orchard.Mvc.Filters {
if (!(filterContext.HttpContext.Request.HttpMethod == "POST" && filterContext.RequestContext.HttpContext.Request.IsAuthenticated)) if (!(filterContext.HttpContext.Request.HttpMethod == "POST" && filterContext.RequestContext.HttpContext.Request.IsAuthenticated))
return; return;
//TODO: (erikpo) Change the salt to be something unique per application like a site setting with a Guid.NewGuid().ToString("N") value
ValidateAntiForgeryTokenAttribute validator = new ValidateAntiForgeryTokenAttribute { Salt = "Orchard" }; ValidateAntiForgeryTokenAttribute validator = new ValidateAntiForgeryTokenAttribute { Salt = "Orchard" };
validator.OnAuthorization(filterContext); validator.OnAuthorization(filterContext);

36
src/Orchard/Mvc/Html/HtmlHelperExtensions.cs
View File

@@ -4,6 +4,7 @@ using System.Linq;
using System.Linq.Expressions; using System.Linq.Expressions;
using System.Text; using System.Text;
using System.Web.Mvc; using System.Web.Mvc;
using System.Web.Mvc.Html;
using System.Web.Routing; using System.Web.Routing;
using Orchard.Utility; using Orchard.Utility;
@@ -176,12 +177,39 @@ namespace Orchard.Mvc.Html {
#endregion #endregion
#region OrchardAntiForgeryToken #region BeginFormAntiForgeryPost
public static MvcHtmlString OrchardAntiForgeryToken(this HtmlHelper htmlHelper) public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper) {
{ return htmlHelper.BeginFormAntiForgeryPost(htmlHelper.ViewContext.HttpContext.Request.RawUrl, FormMethod.Post, new RouteValueDictionary());
}
//TODO: (erikpo) Uncomment when needed (not currently needed)
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, FormMethod.Post, new RouteValueDictionary());
//}
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, formMethod, new RouteValueDictionary());
//}
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod, object htmlAttributes) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, formMethod, new RouteValueDictionary(htmlAttributes));
//}
public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod, IDictionary<string, object> htmlAttributes) {
TagBuilder tagBuilder = new TagBuilder("form");
tagBuilder.MergeAttributes(htmlAttributes);
tagBuilder.MergeAttribute("action", formAction);
tagBuilder.MergeAttribute("method", HtmlHelper.GetFormMethodString(formMethod), true);
htmlHelper.ViewContext.HttpContext.Response.Write(tagBuilder.ToString(TagRenderMode.StartTag));
return new MvcFormAntiForgeryPost(htmlHelper);
}
#endregion
#region AntiForgeryTokenOrchard
public static MvcHtmlString AntiForgeryTokenOrchard(this HtmlHelper htmlHelper) {
//TODO: (erikpo) Change the salt to be something unique per application like a site setting with a Guid.NewGuid().ToString("N") value //TODO: (erikpo) Change the salt to be something unique per application like a site setting with a Guid.NewGuid().ToString("N") value
return htmlHelper.AntiForgeryToken("Orchard"); return htmlHelper.AntiForgeryToken("Orchard");
} }

18
src/Orchard/Mvc/Html/MvcFormAntiForgeryPost.cs Normal file
View File

@@ -0,0 +1,18 @@
using System.Web.Mvc;
using System.Web.Mvc.Html;
namespace Orchard.Mvc.Html {
public class MvcFormAntiForgeryPost : MvcForm {
private readonly HtmlHelper _htmlHelper;
public MvcFormAntiForgeryPost(HtmlHelper htmlHelper) : base(htmlHelper.ViewContext) {
_htmlHelper = htmlHelper;
}
protected override void Dispose(bool disposing) {
_htmlHelper.ViewContext.RequestContext.HttpContext.Response.Write(_htmlHelper.AntiForgeryTokenOrchard());
base.Dispose(disposing);
}
}
}

1
src/Orchard/Orchard.csproj
View File

@@ -200,6 +200,7 @@
<Compile Include="Mvc\Html\ContentItemExtensions.cs" /> <Compile Include="Mvc\Html\ContentItemExtensions.cs" />
<Compile Include="Mvc\Html\ItemDisplayExtensions.cs" /> <Compile Include="Mvc\Html\ItemDisplayExtensions.cs" />
<Compile Include="Mvc\Html\ItemEditorExtensions.cs" /> <Compile Include="Mvc\Html\ItemEditorExtensions.cs" />
<Compile Include="Mvc\Html\MvcFormAntiForgeryPost.cs" />
<Compile Include="Mvc\MvcModule.cs" /> <Compile Include="Mvc\MvcModule.cs" />
<Compile Include="Mvc\Html\HtmlHelperExtensions.cs" /> <Compile Include="Mvc\Html\HtmlHelperExtensions.cs" />
<Compile Include="Mvc\Filters\FilterProvider.cs" /> <Compile Include="Mvc\Filters\FilterProvider.cs" />