After adding the multivalue (flags) enumeration solution (which works very well, thank you) from
http://blog.codefluententities.com/tag/multi-enumeration-values/
to our MVC project we are now getting the dreaded "Potentially dangerous Request.Form value" on richtext fields across the board that we're using to generate html with a wysiwyg editor (summernote in this case).
If I remove summernote and just submit plain text the fields work perfectly, however putting any html code into the text input generates the error.
Fortunately, the error is coming out of the code just added (above) for the multi-enumeration on line 246:
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (Description="...rem ipsum <strong>dolor</stron...").
Source Error:
Line 244: continue;
Line 245:
Line 246: Add(name, nvc[name]);
Line 247:
Line 248: }
EDIT:
For clarity, here is the whole method in question:
private void AddRange(NameValueCollection nvc)
{
foreach (string name in nvc)
{
// handle MultiSelectList templates
const string listSelectedToken = ".list.item.Selected";
const string listValueToken = ".list.item.Value";
if (name.EndsWith(listSelectedToken))
{
List<bool> bools = CodeFluent.Runtime.Utilities.ConvertUtilities.SplitToList<bool>(nvc[name], ',');
string propertyName = name.Substring(0, name.Length - listSelectedToken.Length);
string valueKey = propertyName + listValueToken;
List<string> keys = CodeFluent.Runtime.Utilities.ConvertUtilities.SplitToList<string>(nvc[valueKey], ',');
int j = 0;
StringBuilder sb = new StringBuilder();
for (int i = 0; i < keys.Count; i++)
{
if (bools[j])
{
if (sb.Length > 0)
{
sb.Append(CodeFluentConfiguration.EntityKeyListSeparator);
}
sb.Append(keys[i]);
j++;
}
j++;
}
Add(propertyName, sb.ToString());
continue;
}
if (name.EndsWith(listValueToken))
continue;
Add(name, nvc[name]);
}
}
Have I missed something in the multi-value implementation?
Thanks,
Russ
I don't think this error is related to the use of a multi-valued enumeration. In fact you post a value for the Description field that contains HTML tags (strong). By default ASP.NET prevents this and throw a validation exception.
If you expect your users to enter HTML, you must instruct ASP.NET to authorize HTML.
Change the EntityValueProvider
AddRange(context.HttpContext.Request.Unvalidated.Form); // Add Unvalidated
AddRange(context.HttpContext.Request.Unvalidated.QueryString);
Or use the web.config: validateRequest or requestValidationMode
<system.web>
<pages validateRequest="false" />
<httpRuntime requestValidationMode="2.0" />
</system.web>
Use AllowHtmlAttribute
public class Sample
{
[AllowHtml]
public string Description {get;set;}
}
Or ValidateInputAttribute
[HttpPost, ValidateInput(true, Exclude = "Description")]
public ActionResult Edit(int id, FormCollection collection)
{
...
}
Related
As you can see the Availability Flag, BeamId is getting repeated. How do I traverse and set the property for Availability Flag1 and so on, so that I can later fetch it with velocity template?
Payload:<ns2:TransportFeasibilityResponse>
<ns2:Parameters>
<ns2:AvailabilityFlag>true</ns2:AvailabilityFlag>
<ns2:SatellitedID>H1B</ns2:SatellitedID>
<ns2:BeamID>675</ns2:BeamID>
<ns2:TransportName>Earth</ns2:TransportName>
</ns2:FeasibilityParameters>
<ns2:Parameters>
<ns2:AvailabilityFlag>true</ns2:AvailabilityFlag>
<ns2:SatellitedID>J34</ns2:SatellitedID>
<ns2:BeamID>111</ns2:BeamID>
<ns2:TransportName>Jupiter</ns2:TransportName>
</ns2:Parameters>
</ns2:TransportFeasibilityResponse>
</ns2:TransportFeasibilityResponseMsg>
Code: (Its not complete)
public static HashMap<String,String> extractNameValueToProperties(String msgBody, selectedKeyList, namelist) throws Exception {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
factory.setExpandEntityReferences(false);
factory.setNamespaceAware(true);
Document doc = null;
try{
DocumentBuilder builder = factory.newDocumentBuilder();
doc = builder.parse(new InputSource(new StringReader(msgBody)));
} catch(Exception ex) {
Exception actException = new Exception( "Exception while extracting tagvalues", ex);
throw actException;
}
HashMap<String,String> tagNameValueMap = new HashMap<String,String>();
NodeList nodeList = doc.getElementsByTagName("*");
// Trying to enter the TransportFeasibilityResponse element
for (int i = 0; i < nodeList.getLength(); i++) {
Node indNode = nodeList.item(i);
if (indNode.indexOf(String name)>-1);
//checking for Availability flag and similar namelist
dataKey = indNode.getTextContent();
message.setProperty(selectedKeyList[k], dataKey);
k++;
j++;
else
{
continue;
}
}
}
Here,
I am setting these values in my route:
<setProperty propertyName="namelist">
<constant>AvailabilityFlag,SatellitedID,BeamID</constant>
</setProperty>
<setProperty propertyName="selectedKeyList">
<constant>AvailabilityFlag1,SatellitedID1,BeamID1,AvailabilityFlag2,SatellitedID2,BeamID2 </constant>
</setProperty>
<bean beanType="com.gdg.dgdgdg.javacodename" method="extractNameValueToProperties"/>
Question: Please tell me how I can parse through the repeating elements and assign it to the property?
Thanks
I'm not sure if I understand your question correctly, but I think you could use the Splitter pattern to split your xml per Parameters tag and process each other separately and aggregate it later.
Take for example this input:
<TransportFeasibilityResponse>
<Parameters>
<AvailabilityFlag>true</AvailabilityFlag>
<SatellitedID>H1B</SatellitedID>
<BeamID>675</BeamID>
<TransportName>Earth</TransportName>
</Parameters>
<Parameters>
<AvailabilityFlag>true</AvailabilityFlag>
<SatellitedID>J34</SatellitedID>
<BeamID>111</BeamID>
<TransportName>Jupiter</TransportName>
</Parameters>
</TransportFeasibilityResponse>
A route to process this input could be something like this:
from("direct:start")
.split(xpath("/TransportFeasibilityResponse/Parameters"), new AggregationStrategy() {
public Exchange aggregate(Exchange oldExchange, Exchange newExchange) {
List<String> beamIDs = null;
if (oldExchange == null) { // first
beamIDs = new ArrayList<String>();
} else {
beamIDs = oldExchange.getIn().getBody(List.class);
}
beamIDs.add(newExchange.getIn().getBody(String.class));
newExchange.getIn().setBody(beamIDs);
return newExchange;
}
})
.setBody(xpath("/Parameters/BeamID/text()"))
.end()
.log("The final body: ${body}");
First, we split the input per Parameters tag, and then extract the BeamID from it. After that, the AggregationStrategy aggregates each message into one, grouping by BeamID.
The final message should have the a body like this:
675,111
The data I put in the body just for an example, but you could set anywhere you want into the Exchange you are manipulating inside the AggregationStrategy implementation.
I'm having difficulty getting a content control to follow multi-line formatting. It seems to interpret everything I'm giving it literally. I am new to OpenXML and I feel like I must be missing something simple.
I am converting my multi-line string using this function.
private static void parseTextForOpenXML(Run run, string text)
{
string[] newLineArray = { Environment.NewLine, "<br/>", "<br />", "\r\n" };
string[] textArray = text.Split(newLineArray, StringSplitOptions.None);
bool first = true;
foreach (string line in textArray)
{
if (!first)
{
run.Append(new Break());
}
first = false;
Text txt = new Text { Text = line };
run.Append(txt);
}
}
I insert it into the control with this
public static WordprocessingDocument InsertText(this WordprocessingDocument doc, string contentControlTag, string text)
{
SdtElement element = doc.MainDocumentPart.Document.Body.Descendants<SdtElement>().FirstOrDefault(sdt => sdt.SdtProperties.GetFirstChild<Tag>().Val == contentControlTag);
if (element == null)
throw new ArgumentException("ContentControlTag " + contentControlTag + " doesn't exist.");
element.Descendants<Text>().First().Text = text;
element.Descendants<Text>().Skip(1).ToList().ForEach(t => t.Remove());
return doc;
}
I call it with something like...
doc.InsertText("Primary", primaryRun.InnerText);
Although I've tried InnerXML and OuterXML as well. The results look something like
Example AttnExample CompanyExample AddressNew York, NY 12345 or
<w:r xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"><w:t>Example Attn</w:t><w:br /><w:t>Example Company</w:t><w:br /><w:t>Example Address</w:t><w:br /><w:t>New York, NY 12345</w:t></w:r>
The method works fine for simple text insertion. It's just when I need it to interpret the XML that it doesn't work for me.
I feel like I must be super close to getting what I need, but my fiddling is getting me nowhere. Any thoughts? Thank you.
I believe the way I was trying to do it was doomed to fail. Setting the Text attribute of an element is always going to be interpreted as text to be displayed it seems. I ended up having to take a slightly different tack. I created a new insert method.
public static WordprocessingDocument InsertText(this WordprocessingDocument doc, string contentControlTag, Paragraph paragraph)
{
SdtElement element = doc.MainDocumentPart.Document.Body.Descendants<SdtElement>().FirstOrDefault(sdt => sdt.SdtProperties.GetFirstChild<Tag>().Val == contentControlTag);
if (element == null)
throw new ArgumentException("ContentControlTag " + contentControlTag + " doesn't exist.");
OpenXmlElement cc = element.Descendants<Text>().First().Parent;
cc.RemoveAllChildren();
cc.Append(paragraph);
return doc;
}
It starts the same, and gets the Content Control by searching for it's Tag. But then I get it's parent, remove the Content Control elements that were there and just replace them with a paragraph element.
It's not exactly what I had envisioned, but it seems to work for my needs.
I have an issue with the WFFM Send Email Message save action (Sitecore 6.5.0). I'm trying to send an email that includes the form placeholders from the "Insert Field" dropdown in the Send Email editor. Sometimes the fields will render correctly, but most times the email will include the placeholder text instead of the field's actual value.
For example, this is the email that is coming through:
First Name: [First Name]
Last Name: [Last Name]
Email: [Email Address]
Company Name: [Company Name]
Phone Number: [Phone Number]
I think it has to do with the Send Email editor using a rich text editor for the email template, but I've tried adjusting the message's HTML to no avail. This is what the markup looks like: (the <p> tags and labels used to be inline, but that didn't work either)
<p>First Name:
[<label id="{F49F9E49-626F-44DC-8921-023EE6D7948E}">First Name</label>]
</p>
<p>Last Name:
[<label id="{9CE3D48C-59A0-432F-B6F1-3AFD03687C94}">Last Name</label>]
</p>
<p>Email:
[<label id="{E382A37E-9DF5-4AFE-8780-17169E687805}">Email Address</label>]
</p>
<p>Company Name:
[<label id="{9C08AC2A-4128-47F8-A998-12309B381CCD}">Company Name</label>]
</p>
<p>Phone Number:
[<label id="{4B0C5FAC-A08A-4EF2-AD3E-2B7FDF25AFA7}">Phone Number</label>]
</p>
Does anyone know what could be going wrong?
I have encountered this issue before, but was using a custom email action. I managed to fix it by not using the deprecated methods in the SendMail class and instead using the
Sitecore.Form.Core.Pipelines.ProcessMessage namespace's ProcessMessage and ProcessMessageArgs classes.
My use case was a little more complicated than yours, as we were also attaching a PDF brochure to our message (which is why we were using the custom email action in the first place), but here is the code:
public class SendBrochureEmail : SendMail, ISaveAction, ISubmit
{
public new void Execute(ID formId, AdaptedResultList fields, params object[] data)
{
try
{
var formData = new NameValueCollection();
foreach (AdaptedControlResult acr in fields)
{
formData[acr.FieldName] = acr.Value;
}
var senderName = formData["Your Name"];
var emailTo = formData["Recipient Email"];
var recipientName = formData["Recipient Name"];
var documentTitle = formData["Document Title"];
if (documentTitle.IsNullOrEmpty())
{
documentTitle = String.Format("Documents_{0}", DateTime.Now.ToString("MMddyyyy"));
}
Subject = documentTitle;
if (!String.IsNullOrEmpty(emailTo))
{
BaseSession.FromName = senderName;
BaseSession.CatalogTitle = documentTitle;
BaseSession.ToName = recipientName;
var tempUploadPath = Sitecore.Configuration.Settings.GetSetting("TempPdfUploadPath");
var strPdfFilePath =
HttpContext.Current.Server.MapPath(tempUploadPath + Guid.NewGuid().ToString() + ".pdf");
//initialize object to hold WFFM mail/message arguments
var msgArgs = new ProcessMessageArgs(formId, fields, MessageType.Email);
var theDoc = PdfDocumentGenerator.BuildPdfDoc();
theDoc.Save(strPdfFilePath);
theDoc.Clear();
FileInfo fi = null;
FileStream stream = null;
if (File.Exists(strPdfFilePath))
{
fi = new FileInfo(strPdfFilePath);
stream = fi.OpenRead();
//attach the file with the name specified by the user
msgArgs.Attachments.Add(new Attachment(stream, documentTitle + ".pdf", "application/pdf"));
}
//get the email's "from" address setting
var fromEmail = String.Empty;
var fromEmailNode = Sitecore.Configuration.Factory.GetConfigNode(".//sc.variable[#name='fromEmail']");
if (fromEmailNode != null && fromEmailNode.Attributes != null)
{
fromEmail = fromEmailNode.Attributes["value"].Value;
}
//the body of the email, as configured in the "Edit" pane for the Save Action, in Sitecore
msgArgs.Mail.Append(base.Mail);
//The from address, with the sender's name (specified by the user) in the meta
msgArgs.From = senderName + "<" + fromEmail + ">";
msgArgs.Recipient = recipientName;
msgArgs.To.Append(emailTo);
msgArgs.Subject.Append(Subject);
msgArgs.Host = Sitecore.Configuration.Settings.MailServer;
msgArgs.Port = Sitecore.Configuration.Settings.MailServerPort;
msgArgs.IsBodyHtml = true;
//initialize the message using WFFM's built-in methods
var msg = new ProcessMessage();
msg.AddAttachments(msgArgs);
msg.BuildToFromRecipient(msgArgs);
//change links to be absolute instead of relative
msg.ExpandLinks(msgArgs);
msg.AddHostToItemLink(msgArgs);
msg.AddHostToMediaItem(msgArgs);
//replace the field tokens in the email body with the user-specified values
msg.ExpandTokens(msgArgs);
msg.SendEmail(msgArgs);
//no longer need the file or the stream - safe to close stream and delete delete it
if (fi != null && stream != null)
{
stream.Close();
fi.Delete();
}
}
else
{
Log.Error("Email To is empty", this);
throw new Exception("Email To is empty");
}
}
catch (Exception ex)
{
Log.Error("Test Failed.", ex, (object) ex);
throw;
}
finally
{
BrochureItems.BrochureItemIds = null;
}
}
public void Submit(ID formid, AdaptedResultList fields)
{
Execute(formid, fields);
}
public void OnLoad(bool isPostback, RenderFormArgs args)
{
}
}
It is very possible that the Email Action that WFFM ships with is using the deprecated methods, which could be your problem. I do not have time to look into it, but you can decompile the DLL and look to see what their Email Action is doing. Regardless, the above code should work out of the box, save for updating the fields to those that you are using and removing the code for attaching the PDF, should you choose to not have attachments.
Good luck, and happy coding :)
If you change a field on the form in any way (caption, name, type, etc) the link will change and you need to re-insert the placeholder and move it up to its location in your expected email. This is also true if you duplicate a form. You'll have to reinsert all the fields in the email or you will just get the outcome you show above.
Reinserting upon a change will ensure the value is collected!
I have a scenario where I have to read an xml like this:
<MovieList language="English">
<Movie>..<Movie>
<Movie>..<Movie>
</MovieList>
I have to read the Movie Tag which is a complex object(tag) and insert the details into a movie table. I have set the fragmentRootElementName as Movie and able to read the Movie tag completely. How ever, I am not able to read the language attribute, which is not a repeating tag.
How should I be fetching the non repeating tag details? Should I parse the XML myself to read it? or Should I write one more fragmentRootElementName just to read the language attribute?
The configuration for item reader is as below:
<bean id="movieReader" class="org.springframework.batch.item.xml.StaxEventItemReader">
<property name="unmarshaller" ref="marshaller" />
<property name="fragmentRootElementName" value="Movie" />
<property name="resource" value="file:#{jobParameters['inputFile']}" />
</bean>
Ok, the simple way would be to define your fragmentRootElementName = MovieList but i guess this is not a good idea if your MovieList can contains millions of movies!!
I had a similar problem where i needed to knew the parent tag of my fragmentRootElementName.
So we created a CustomStaxEventItemReader that extends the original StaxEventItemReader.
We added a property parentElement that you can set in your config. and we override the method moveCursorToNextFragment() and doRead() to be able to deal with this problem!
Now the code i have don't do exactly what you need, but i modified it and it look like it works!!!
protected boolean moveCursorToNextFragment(XMLEventReader reader) {
try {
while (true) {
while (reader.peek() != null && !reader.peek().isStartElement()) {
reader.nextEvent();
}
if (reader.peek() == null) {
return false;
}
XMLEvent ev = reader.peek();
QName startElementName = ((StartElement) ev).getName();
// Take note of current parent element. Must be one of
// ParentTags
String tmp = startElementName.getLocalPart();
for (ParentTags aTag : ParentTags.values()) {
if (aTag.toString().equals(tmp)) {
currentParent = tmp;
Attribute attr = ((StartElement) ev)
.getAttributeByName(new QName("Language"));
if (null != attr) {
parentAttribute = attr.getValue();
}
break;
}
}
if (startElementName.getLocalPart().equals(
fragmentRootElementName)) {
if ((fragmentRootElementNameSpace == null && parentElement
.equals(currentParent))
|| startElementName.getNamespaceURI().equals(
fragmentRootElementNameSpace)) {
return true;
}
}
reader.nextEvent();
}
} catch (XMLStreamException e) {
throw new DataAccessResourceFailureException(
"Error while reading from event reader", e);
}
}
So basically, if you look at the code of the original StaxEventReader, you will see that it pass thru all the element of the xml file. Each time it get an element with the name = to your rootElement, it return true and the doRead unmarshall it and return the object associated.
Now, we only add some code to also find a given parent element. I have used an Enum called ParentTags because my XML was a bit more complexe, but you could only compare the name of the new parentElement defined in your config.
So if the actual element isEquals to your parentElement, you simply assign it to currentParent and try to get your attribute. If not null, assign it to parentAttribute property.
then in your doRead() method, you can access the parentAttribute property and set it in your domain object!
protected T doRead() throws Exception {
if (noInput) {
return null;
}
T item = null;
if (moveCursorToNextFragment(fragmentReader)) {
fragmentReader.markStartFragment();
#SuppressWarnings("unchecked")
T mappedFragment = (T) unmarshaller.unmarshal(StaxUtils
.createStaxSource(fragmentReader));
item = mappedFragment;
logger.info("Item read : " + item);
currentIndex = cIndex.getAndIncrement();
T p = (T) item;
if (p instanceof myDomainObj) {
myDomainObj pp = (myDomainObj) p;
logger.info(pp);
logger.info("attribute parent = " + parentAttribute);
pp.setLanguage(parentAttribute);
}
fragmentReader.markFragmentProcessed();
}
return item;
}
I hope this is clear enough!
Good luck and regards
OK - at the moment, to validate my pages I am using [Required] in my model in an MVC2 C# project.
For eg in my model I have:
[DisplayName("Username")]
[Required(ErrorMessage = "Please enter a Username")]
public string UserName { get; set; }
... and in my view I have
<%=Html.ValidationMessageFor(x => x.UserName, "*")%>
But then this isn't consistent with the rest of the styling and error trapping of the rest of our site which was written in Classic ASP.
I want to be able to recreate if possible the validation styles in the images below.
So on loading the page (not on submitting) we might see a display similar to this, with alt and title of the M icon displaying "Please enter a Username":
And then if we try and submit with missing values - we see
Again hovering over the red x will display the error message.
Is there a straightforward way of achieving this styling of validation and if so what is the best way to go about it...
Thank you for any helpful hints, tips, suggestions:
You should beable to achieve this by creating your own HtmlHelper extension method.
E.g.
public static string ValidationImage(this HtmlHelper htmlHelper, string modelName)
{
if (modelName == null)
{
throw new ArgumentNullException("modelName");
}
if (!htmlHelper.ViewData.ModelState.ContainsKey(modelName))
{
return null;
}
ModelState modelState = htmlHelper.ViewData.ModelState[modelName];
ModelErrorCollection modelErrors = (modelState == null) ? null : modelState.Errors;
ModelError modelError = ((modelErrors == null) || (modelErrors.Count == 0)) ? null : modelErrors[0];
if (modelError == null)
{
return null;
}
string messageText = GetUserErrorMessageOrDefault(htmlHelper.ViewContext.HttpContext, modelError, modelState);
TagBuilder builder = new TagBuilder("img");
builder.MergeAttribute("src", "urlToYourCrossImage");
builder.MergeAttribute("class", HtmlHelper.ValidationMessageCssClassName); //Or your own custom class for the img tag here
builder.MergeAttribute("alt", messageText);
builder.MergeAttribute("title", messageText);
return builder.ToString(TagRenderMode.SelfClosing);
}
Have a look at the ASP.NET MVC ValidationExtensions source code to get some ideas about how to write some overloads for it.
HTHs,
Charles