Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
A potentially dangerous Request.Path
Message
De
01/09/2011 15:49:22
 
 
À
01/09/2011 15:15:23
Information générale
Forum:
ASP.NET
Catégorie:
Autre
Versions des environnements
Environment:
VB 9.0
OS:
Windows 7
Network:
Windows 2003 Server
Database:
MS SQL Server
Application:
Web
Divers
Thread ID:
01522446
Message ID:
01522530
Vues:
27
>Ok, here is the result.
>
>It does go in the custom request validator. If I do a normal hit, one without the & character in the path, I can see it executes my code in there. The code is an Event Viewer logging. It does log 18 times the same entry however for one click. This is something I don't understand.

The method is called for all types of validation - not just forms. Check : http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.isvalidrequeststring.aspx
And each RequestValidationSource may have several items to be validated. You can check RequestValidationSource to filter out stuff that you are not interested in.

>
>However, if I add the & at the end of the path, it does not execute my custom request validator. It seems IIS takes over the priority in such case and we have no way of intercepting that.
>
>In your test, were you able to test:
>
>http://localhost/MyDirectory
>http://localhost/MyDirectory/&
>
>Are those situations both going into your custom request validator? For me, only the first one goes.

Hmm. Not the behaviour I'd expect - but checking it out will have to wait until morning :-}
Précédent
Répondre
Fil
Voir

Click here to load this message in the networking platform