XinYu_ZHBMES_XGMES_PlatForm/.svn/pristine/19/19a0a42c0086f4798f964d25ca8cbfbc63f56c4a.svn-base

extern alias G1;
extern alias G2;
extern alias T1;
extern alias T2;

using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Reflection;
using Toolbar1 = G1::Infragistics.Win.UltraWinToolbars;
using Toolbar2 = G2::Infragistics.Win.UltraWinToolbars;

using UltraText1 = T1::Infragistics.Win.UltraWinEditors;
using UltraText2 = T2::Infragistics.Win.UltraWinEditors;
using System.Text.RegularExpressions;
namespace Core.Mes.ClientFrameWork
{
    /// <summary>
    /// Core Mes 平台所有业务子窗体的基类
    /// </summary>
    public class FrmBase : System.Windows.Forms.Form
    {
        #region "	RemotingGate "
        public string Key = "";
        public bool On_Off_Thread = false;
        public Form _ParentForm;
        #endregion



        private System.ComponentModel.IContainer components = null;

        public FrmBase()
        {
            //
            // Windows 窗体设计器支持所必需的
            //
            InitializeComponent();

            //
            // TODO: 在 InitializeComponent 调用后添加任何构造函数代码
            //
        }

        /// <summary>
        /// 清理所有正在使用的资源。
        /// </summary>
        protected override void Dispose(bool disposing)
        {
            if (disposing)
            {
                if (components != null)
                {
                    components.Dispose();
                }
            }
            base.Dispose(disposing);
        }

        #region Windows 窗体设计器生成的代码
        /// <summary>
        /// 设计器支持所需的方法 - 不要使用代码编辑器修改
        /// 此方法的内容。
        /// </summary>
        private void InitializeComponent()
        {
            this.SuspendLayout();
            // 
            // FrmBase
            // 
            this.AutoScaleBaseSize = new System.Drawing.Size(6, 14);
            this.ClientSize = new System.Drawing.Size(1012, 733);
            this.Name = "FrmBase";
            this.Text = "FrmBase";
            this.WindowState = System.Windows.Forms.FormWindowState.Maximized;
            this.Load += new System.EventHandler(this.FrmBase_Load);
            this.ResumeLayout(false);

        }
        #endregion

        private void FrmBase_Load(object sender, EventArgs e)
        {
            AddToolBarListener();
        }

        private void AddToolBarListener()
        {
            //获取所有控件
            System.Reflection.FieldInfo[] fieldInfo = this.GetType().GetFields(System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);
            for (int i = 0; i < fieldInfo.Length; i++)
            {
                try
                {
                    if (fieldInfo[i].FieldType == typeof(Toolbar1.UltraToolbarsManager))
                    {
                        Toolbar1.UltraToolbarsManager ut1 = fieldInfo[i].GetValue(this) as Toolbar1.UltraToolbarsManager;
                        ut1.ToolClick += new Toolbar1.ToolClickEventHandler(_ToolbarClick_Listener1);

                        //EventInfo ei = fieldInfo[i].FieldType.GetEvent("ToolClick");
                        //MethodInfo mi = this.GetType().GetMethod("_ToolbarClick_Listener", BindingFlags.Instance);
                        //Delegate dg = Delegate.CreateDelegate(ei.EventHandlerType, fieldInfo[i].GetValue(this), mi);
                        //ei.AddEventHandler(fieldInfo[i].GetValue(this), dg);
                    }
                    else if (fieldInfo[i].FieldType == typeof(Toolbar2.UltraToolbarsManager))
                    {
                        Toolbar2.UltraToolbarsManager ut2 = fieldInfo[i].GetValue(this) as Toolbar2.UltraToolbarsManager;
                        ut2.ToolClick += new Toolbar2.ToolClickEventHandler(_ToolbarClick_Listener2);
                    }
                    else if (fieldInfo[i].FieldType == typeof(ToolStrip))
                    {
                        ToolStrip t1 = fieldInfo[i].GetValue(this) as ToolStrip;
                        t1.ItemClicked += new System.Windows.Forms.ToolStripItemClickedEventHandler(this._toolStrip_ItemClicked);
                    }
                    else if (fieldInfo[i].FieldType == typeof(System.Windows.Forms.TextBox)) 
                    {
                        System.Windows.Forms.TextBox text = fieldInfo[i].GetValue(this) as System.Windows.Forms.TextBox;
                        text.TextChanged +=  new System.EventHandler(TextBox_Listener);
                        //text.KeyUp += new KeyEventHandler(TextBox_Listener);
                    }
                    else if (fieldInfo[i].FieldType == typeof(UltraText1.UltraTextEditor))
                    {
                        UltraText1.UltraTextEditor t1 = fieldInfo[i].GetValue(this) as UltraText1.UltraTextEditor;
                        t1.TextChanged += new System.EventHandler(TextEditor_Listener1);
                        //t1.KeyUp += new KeyEventHandler(TextEditor_Listener1);
                    }

                    else if (fieldInfo[i].FieldType == typeof(UltraText2.UltraTextEditor))
                    {
                        UltraText2.UltraTextEditor t2 = fieldInfo[i].GetValue(this) as UltraText2.UltraTextEditor;
                        t2.TextChanged += new System.EventHandler(TextEditor_Listener2);
                        //t2.KeyUp += new KeyEventHandler(TextEditor_Listener2);
                    }
                }
                catch
                {
                }
            }
        }

        public void _ToolbarClick_Listener1(object sender, Toolbar1.ToolClickEventArgs e)
        {
            ClientCommon.RecordUserEvent("点击", "按钮[ToolBar]", e.Tool.CaptionResolved, this.Text, this.ProductName, "");
        }

        public void _ToolbarClick_Listener2(object sender, Toolbar2.ToolClickEventArgs e)
        {
            ClientCommon.RecordUserEvent("点击", "按钮[ToolBar]", e.Tool.CaptionResolved, this.Text, this.ProductName, "");
        }

        private void _toolStrip_ItemClicked(object sender, ToolStripItemClickedEventArgs e)
        {
            ClientCommon.RecordUserEvent("点击", "按钮[ToolBar]", e.ClickedItem.Text, this.Text, this.ProductName, "");
        }

        private bool isDangerous(string target)
        {
            if (target == null) 
            {
                target = "";
            }
            string targetUpper = target.ToUpper();
            bool isDanger = false;
            string matchStr = "EXEC|INSERT|SELECT|DELETE|UPDATE|DROP|TRUNCATE|DECLARE|AND|UNION|OR|CREATE|XP_CMDSHELL|NET USER|NET LOCALGROUP|ASC|ORDER";
            if (targetUpper != "")
            {
                string[] matchStrArray = matchStr.Split('|');
                for (int i = 0; i < matchStrArray.Length; i++)
                {
                    if (targetUpper.IndexOf(matchStrArray[i]) > -1)
                    {
                        return true;
                    }
                }
             }
            return isDanger;
        }

        private string filterDangerStr(string source)
        {
            if (source == null)
            {
                return  "";
            }
             source = source.Replace("'", "“");
            //去除执行SQL语句的命令关键字
            source = Regex.Replace(source, "select", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "insert", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "update", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "delete", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "drop", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "truncate", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "declare", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "xp_cmdshell", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "/add", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "net user", "", RegexOptions.IgnoreCase);
            //source = Regex.Replace(source, "mid", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "create", "", RegexOptions.IgnoreCase);
            //source = Regex.Replace(source, "char", "", RegexOptions.IgnoreCase);
            //去除执行存储过程的命令关键字 
            source = Regex.Replace(source, "exec", "", RegexOptions.IgnoreCase);
            source = Regex.Replace(source, "execute", "", RegexOptions.IgnoreCase);
            //去除系统存储过程或扩展存储过程关键字
            //source = Regex.Replace(source, "xp_", "x p_", RegexOptions.IgnoreCase);
            //source = Regex.Replace(source, "sp_", "s p_", RegexOptions.IgnoreCase);
            //防止16进制注入
            //source = Regex.Replace(source, "0x", "0 x", RegexOptions.IgnoreCase);
            return source;
        }

        private void TextBox_Listener(object sender, EventArgs e)
        {
            TextBox text1 = sender as TextBox;
            string old_str = text1.Text;
            text1.TextChanged -= new System.EventHandler(TextBox_Listener);
            text1.Text = filterDangerStr(text1.Text);
            text1.TextChanged += new System.EventHandler(TextBox_Listener);
            if (!text1.Text.Equals(old_str))
            {
                MessageBox.Show("输入的字符串中含有数据库危险字符，已过滤。" + old_str);
            }   
        }
        private void TextEditor_Listener1(object sender, EventArgs e)
        {
            UltraText1.UltraTextEditor text1 = sender as UltraText1.UltraTextEditor;
            string old_str = text1.Text;
            text1.TextChanged -= new System.EventHandler(TextEditor_Listener1);
            text1.Text = filterDangerStr(text1.Text);
            text1.TextChanged += new System.EventHandler(TextEditor_Listener1);
            if (!text1.Text.Equals(old_str))
            {
                MessageBox.Show("输入的字符串中含有数据库危险字符，已过滤。" + old_str);
            } 
        }
        private void TextEditor_Listener2(object sender, EventArgs e)
        {
            UltraText2.UltraTextEditor text2 = sender as UltraText2.UltraTextEditor;
            string old_str = text2.Text;
            text2.TextChanged -= new System.EventHandler(TextEditor_Listener2);
            text2.Text = filterDangerStr(text2.Text);
            text2.TextChanged += new System.EventHandler(TextEditor_Listener2);
            if (!text2.Text.Equals(old_str))
            {
                MessageBox.Show("输入的字符串中含有数据库危险字符，已过滤。" + old_str);
            } 
        }

    }
}