extern alias G1; extern alias G2; extern alias T1; extern alias T2; using System; using System.Drawing; using System.Collections; using System.ComponentModel; using System.Windows.Forms; using System.Reflection; using Toolbar1 = G1::Infragistics.Win.UltraWinToolbars; using Toolbar2 = G2::Infragistics.Win.UltraWinToolbars; using UltraText1 = T1::Infragistics.Win.UltraWinEditors; using UltraText2 = T2::Infragistics.Win.UltraWinEditors; using System.Text.RegularExpressions; namespace Core.Mes.ClientFrameWork { ///

/// Core Mes 平台所有业务子窗体的基类 ///

public class FrmBase : System.Windows.Forms.Form { #region " RemotingGate " public string Key = ""; public bool On_Off_Thread = false; public Form _ParentForm; #endregion private System.ComponentModel.IContainer components = null; public FrmBase() { // // Windows 窗体设计器支持所必需的 // InitializeComponent(); // // TODO: 在 InitializeComponent 调用后添加任何构造函数代码 // } ///

/// 清理所有正在使用的资源。 ///

protected override void Dispose(bool disposing) { if (disposing) { if (components != null) { components.Dispose(); } } base.Dispose(disposing); } #region Windows 窗体设计器生成的代码 ///

/// 设计器支持所需的方法 - 不要使用代码编辑器修改 /// 此方法的内容。 ///

private void InitializeComponent() { this.SuspendLayout(); // // FrmBase // this.AutoScaleBaseSize = new System.Drawing.Size(6, 14); this.ClientSize = new System.Drawing.Size(1012, 733); this.Name = "FrmBase"; this.Text = "FrmBase"; this.WindowState = System.Windows.Forms.FormWindowState.Maximized; this.Load += new System.EventHandler(this.FrmBase_Load); this.ResumeLayout(false); } #endregion private void FrmBase_Load(object sender, EventArgs e) { AddToolBarListener(); } private void AddToolBarListener() { //获取所有控件 System.Reflection.FieldInfo[] fieldInfo = this.GetType().GetFields(System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance); for (int i = 0; i < fieldInfo.Length; i++) { try { if (fieldInfo[i].FieldType == typeof(Toolbar1.UltraToolbarsManager)) { Toolbar1.UltraToolbarsManager ut1 = fieldInfo[i].GetValue(this) as Toolbar1.UltraToolbarsManager; ut1.ToolClick += new Toolbar1.ToolClickEventHandler(_ToolbarClick_Listener1); //EventInfo ei = fieldInfo[i].FieldType.GetEvent("ToolClick"); //MethodInfo mi = this.GetType().GetMethod("_ToolbarClick_Listener", BindingFlags.Instance); //Delegate dg = Delegate.CreateDelegate(ei.EventHandlerType, fieldInfo[i].GetValue(this), mi); //ei.AddEventHandler(fieldInfo[i].GetValue(this), dg); } else if (fieldInfo[i].FieldType == typeof(Toolbar2.UltraToolbarsManager)) { Toolbar2.UltraToolbarsManager ut2 = fieldInfo[i].GetValue(this) as Toolbar2.UltraToolbarsManager; ut2.ToolClick += new Toolbar2.ToolClickEventHandler(_ToolbarClick_Listener2); } else if (fieldInfo[i].FieldType == typeof(ToolStrip)) { ToolStrip t1 = fieldInfo[i].GetValue(this) as ToolStrip; t1.ItemClicked += new System.Windows.Forms.ToolStripItemClickedEventHandler(this._toolStrip_ItemClicked); } else if (fieldInfo[i].FieldType == typeof(System.Windows.Forms.TextBox)) { System.Windows.Forms.TextBox text = fieldInfo[i].GetValue(this) as System.Windows.Forms.TextBox; text.TextChanged += new System.EventHandler(TextBox_Listener); //text.KeyUp += new KeyEventHandler(TextBox_Listener); } else if (fieldInfo[i].FieldType == typeof(UltraText1.UltraTextEditor)) { UltraText1.UltraTextEditor t1 = fieldInfo[i].GetValue(this) as UltraText1.UltraTextEditor; t1.TextChanged += new System.EventHandler(TextEditor_Listener1); //t1.KeyUp += new KeyEventHandler(TextEditor_Listener1); } else if (fieldInfo[i].FieldType == typeof(UltraText2.UltraTextEditor)) { UltraText2.UltraTextEditor t2 = fieldInfo[i].GetValue(this) as UltraText2.UltraTextEditor; t2.TextChanged += new System.EventHandler(TextEditor_Listener2); //t2.KeyUp += new KeyEventHandler(TextEditor_Listener2); } } catch { } } } public void _ToolbarClick_Listener1(object sender, Toolbar1.ToolClickEventArgs e) { ClientCommon.RecordUserEvent("点击", "按钮[ToolBar]", e.Tool.CaptionResolved, this.Text, this.ProductName, ""); } public void _ToolbarClick_Listener2(object sender, Toolbar2.ToolClickEventArgs e) { ClientCommon.RecordUserEvent("点击", "按钮[ToolBar]", e.Tool.CaptionResolved, this.Text, this.ProductName, ""); } private void _toolStrip_ItemClicked(object sender, ToolStripItemClickedEventArgs e) { ClientCommon.RecordUserEvent("点击", "按钮[ToolBar]", e.ClickedItem.Text, this.Text, this.ProductName, ""); } private bool isDangerous(string target) { if (target == null) { target = ""; } string targetUpper = target.ToUpper(); bool isDanger = false; string matchStr = "EXEC|INSERT|SELECT|DELETE|UPDATE|DROP|TRUNCATE|DECLARE|AND|UNION|OR|CREATE|XP_CMDSHELL|NET USER|NET LOCALGROUP|ASC|ORDER"; if (targetUpper != "") { string[] matchStrArray = matchStr.Split('|'); for (int i = 0; i < matchStrArray.Length; i++) { if (targetUpper.IndexOf(matchStrArray[i]) > -1) { return true; } } } return isDanger; } private string filterDangerStr(string source) { if (source == null) { return ""; } source = source.Replace("'", "“"); //去除执行SQL语句的命令关键字 source = Regex.Replace(source, "select", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "insert", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "update", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "delete", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "drop", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "truncate", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "declare", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "xp_cmdshell", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "/add", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "net user", "", RegexOptions.IgnoreCase); //source = Regex.Replace(source, "mid", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "create", "", RegexOptions.IgnoreCase); //source = Regex.Replace(source, "char", "", RegexOptions.IgnoreCase); //去除执行存储过程的命令关键字 source = Regex.Replace(source, "exec", "", RegexOptions.IgnoreCase); source = Regex.Replace(source, "execute", "", RegexOptions.IgnoreCase); //去除系统存储过程或扩展存储过程关键字 //source = Regex.Replace(source, "xp_", "x p_", RegexOptions.IgnoreCase); //source = Regex.Replace(source, "sp_", "s p_", RegexOptions.IgnoreCase); //防止16进制注入 //source = Regex.Replace(source, "0x", "0 x", RegexOptions.IgnoreCase); return source; } private void TextBox_Listener(object sender, EventArgs e) { TextBox text1 = sender as TextBox; string old_str = text1.Text; text1.TextChanged -= new System.EventHandler(TextBox_Listener); text1.Text = filterDangerStr(text1.Text); text1.TextChanged += new System.EventHandler(TextBox_Listener); if (!text1.Text.Equals(old_str)) { MessageBox.Show("输入的字符串中含有数据库危险字符，已过滤。" + old_str); } } private void TextEditor_Listener1(object sender, EventArgs e) { UltraText1.UltraTextEditor text1 = sender as UltraText1.UltraTextEditor; string old_str = text1.Text; text1.TextChanged -= new System.EventHandler(TextEditor_Listener1); text1.Text = filterDangerStr(text1.Text); text1.TextChanged += new System.EventHandler(TextEditor_Listener1); if (!text1.Text.Equals(old_str)) { MessageBox.Show("输入的字符串中含有数据库危险字符，已过滤。" + old_str); } } private void TextEditor_Listener2(object sender, EventArgs e) { UltraText2.UltraTextEditor text2 = sender as UltraText2.UltraTextEditor; string old_str = text2.Text; text2.TextChanged -= new System.EventHandler(TextEditor_Listener2); text2.Text = filterDangerStr(text2.Text); text2.TextChanged += new System.EventHandler(TextEditor_Listener2); if (!text2.Text.Equals(old_str)) { MessageBox.Show("输入的字符串中含有数据库危险字符，已过滤。" + old_str); } } } }