using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Security.Policy;
using System.Text;
using System.Web;
using System.Web.Mvc;
namespace SaaS.Admin.Base
{
/// <summary>
/// 全局过滤器
/// </summary>
public class CustomerFilterAttribute : ActionFilterAttribute
{
/// <summary>
/// 在执行操作Action方法前执行调用
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
var parameters = filterContext.ActionDescriptor.GetParameters();
foreach (var parameter in parameters)
{
if (parameter.ParameterType == typeof(string))
{
//获取字符串参数原值
var orginalValue = filterContext.ActionParameters[parameter.ParameterName] as string;
//使用过滤算法处理字符串
if (!string.IsNullOrEmpty(orginalValue) && orginalValue != "")
{
var filteredValue = HtmlEscapeCode(orginalValue);
////将处理后值赋给参数
filterContext.ActionParameters[parameter.ParameterName] = filteredValue;
}
}
else if (parameter.ParameterName == "model")
{
//获取字符串参数原值
var value = filterContext.ActionParameters[parameter.ParameterName];
if (value.GetType().IsClass && value.GetType().Name != "String")//检查是否是类,并且不是字符串类型
{
object objClass = value;//获取字符串参数原值
PropertyInfo[] infos = objClass.GetType().GetProperties();//获取原对象的所有公共属性
#region 动态创建新实例【动态创建新的实体类实例】
System.Type tt = System.Type.GetType(value.ToString());//获取指定名称的类型
object ff = Activator.CreateInstance(tt, null);//创建指定类型实例
PropertyInfo[] fields = ff.GetType().GetProperties();//获取指定对象的所有公共属性
object obj = Activator.CreateInstance(tt, null);//创建新指定类型的实例【动态创建新的实例】
#endregion
foreach (PropertyInfo info in infos)
{
if (info.CanRead)
{
//Console.WriteLine(info.Name + "=" + info.GetValue(objClass, null));
if (info.PropertyType.Name == "String")
{
//获取值
string orginalValue = Convert.ToString(info.GetValue(objClass, null));
if (!string.IsNullOrEmpty(orginalValue) || orginalValue != "")
{
//检查过滤特殊字符
var filteredValue = HtmlEscapeCode(orginalValue);
//将处理后值赋给参数
info.SetValue(obj, filteredValue, null);
//给实体对象赋新值
filterContext.ActionParameters[parameter.ParameterName] = obj;
}
}
else
{
object orginalValue = info.GetValue(objClass, null);//获取值
info.SetValue(obj, orginalValue, null);//给对象赋新值
filterContext.ActionParameters[parameter.ParameterName] = obj;//给实体类对象赋值
}
}
}
}
}
}
}
/// <summary>
/// 在执行操作Action方法后执行调用
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
base.OnActionExecuted(filterContext);
var controllerName = filterContext.RouteData.Values["controller"];
var actionName = filterContext.RouteData.Values["action"];
}
//过滤关键字
public string HtmlEscapeCode(string html)
{
var strhtml = html.Replace("javascript", "")
.Replace("vbscript", "")
.Replace("jscript", "")
.Replace("script", "")
.Replace("eval", "")
.Replace("<", "<")
.Replace(">", ">")
.Replace("\'", "'")
.Replace("\"", """)
.Replace("&", "&")
.Replace("#", "#");
return strhtml;
}
}
}
