daily pastebin goal
15%
SHARE
TWEET

Untitled

a guest Dec 18th, 2018 54 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <system.web>
  2.     <httpRuntime maxUrlLength="10999" maxQueryStringLength="4096" />
  3.  
  4.  
  5. <system.webServer>
  6.     <security>
  7.       <requestFiltering>
  8.         <requestLimits maxUrl="10999" maxQueryString="4096" />
  9.       </requestFiltering>
  10.     </security>
  11.    
  12. internal void ValidateInputIfRequiredByConfig() {
  13.         // Do we need to enable request validation?
  14.         RuntimeConfig config = RuntimeConfig.GetConfig(Context);
  15.         HttpRuntimeSection runtimeSection = config.HttpRuntime;
  16.  
  17.         //////////////////////////////////////////////////////////////////////
  18.         // Perform Path & QueryString validation checks for non-state_server requests
  19.         if (CanValidateRequest()) {
  20.             string requestUrl = Path;
  21.  
  22.             //////////////////////////////////////////////////////////////////
  23.             // Verify the URL & QS lengths
  24.             if (requestUrl.Length > runtimeSection.MaxUrlLength) {
  25.                 throw new HttpException(400, SR.GetString(SR.Url_too_long));
  26.             }
  27.             if (QueryStringText.Length > runtimeSection.MaxQueryStringLength) {
  28.                 throw new HttpException(400, SR.GetString(SR.QueryString_too_long));
  29.             }
  30.  
  31.             //////////////////////////////////////////////////////////////////
  32.             // Verify that the URL does not contain invalid chars
  33.             char [] invalidChars = runtimeSection.RequestPathInvalidCharactersArray;
  34.             if (invalidChars != null && invalidChars.Length > 0) {
  35.                 int index = requestUrl.IndexOfAny(invalidChars);
  36.                 if (index >= 0) {
  37.                     string invalidString = new string(requestUrl[index], 1);
  38.                     throw new HttpException(400, SR.GetString(SR.Dangerous_input_detected,
  39.                                                               "Request.Path", invalidString));
  40.                 }
  41.                 _flags.Set(needToValidateCookielessHeader);
  42.             }
  43.         }
  44.  
  45.         // only enable request validation for the entire pipeline in v4.0+ of the framework
  46.         Version requestValidationMode = runtimeSection.RequestValidationMode;
  47.         if (requestValidationMode == VersionUtil.Framework00) {
  48.             // DevDiv #412689: <httpRuntime requestValidationMode="0.0" /> should suppress validation for
  49.             // the entire request, even if a call to ValidateInput() takes place. The request path
  50.             // characters and cookieless header (see 'needToValidateCookielessHeader') are still validated
  51.             // if necessary. These can be suppressed via <httpRuntime requestPathInvalidChars="" />.
  52.             _flags[requestValidationSuppressed] = true;
  53.         }
  54.         else if (requestValidationMode >= VersionUtil.Framework40) {
  55.             ValidateInput();
  56.  
  57.             // Mode v4.5+ implies granular request validation
  58.             if (requestValidationMode >= VersionUtil.Framework45) {
  59.                 EnableGranularRequestValidation();
  60.             }
  61.         }
  62.  }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top