1. 首页
  2. 问答
  3. 访问请求主体的名字在C#

访问请求主体的名字在C#

2012-02-27 64 views
0

我收到一个重定向从商店和这个重定向包含此:访问请求主体的名字在C#

Connection: keep-alive 
Content-Length: 1023 
Cache-Control: max-age=0 
Origin: null 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.39 Safari/535.19 
Content-Type: application/x-www-form-urlencoded 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Referer: http://republica.ipapercms.dk/LandFritid/LF/LFaviser2012/Tilbudsavis32012/iPaper.swf?build=1.0.4433.19406 
Accept-Encoding: gzip,deflate,sdch 
Accept-Language: en-US,en;q=0.8 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 
Cookie: __utma=83547913.319162761.1326373492.1326373492.1327614257.2; __utmz=83547913.1326373492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NOPCOMMERCE.AUTH=07F9D44B16738D2B133AAD3F6101F5D01ED26F236C01792206AA4AB8E325868D020B5B2212BE280F9905D0708431E2820B4935C75E361EA6485418420E3B63280D8F81454B52C99D79B37BEEFC207128796E3BE846F84FEF8D3AF9AAB80AA45FB76ACB3EA11EF1F2CF46B11FCD1B00309E6C3C5F70C07F54851E52207368034CBD38176A4EB4DD48C0D2CB6C17D35A4F5E61C4491DB8D890DCFA4D69BCA44096076CFCFC2B6B1247D84BFD76DD8F90FFEA20392EFED238530D6E21F7CD24C5093427A07757324E4FA8F25A36FDE35942; Nop.customer=f2d43727-9c52-4c9f-a199-6647d507e40b 

basket=%3Cshop%20paper%3D%22%2FLandFritid%2FLF%2FLFaviser2012%2FTilbudsavis32012%2F%22%3E%0A%20%20%3Citem%3E%0A%20%20%20%20%3Camount%3E1%3C%2Famount%3E%0A%20%20%20%20%3Cproductid%3E%3C%21%5BCDATA%5B810570%5D%5D%3E%3C%2Fproductid%3E%0A%20%20%20%20%3Cprice%3E%3C%21%5BCDATA%5B36%2E33%5D%5D%3E%3C%2Fprice%3E%0A%20%20%20%20%3Cdescription%3E%3C%21%5BCDATA%5BVed%20K%C3%B8b%20af%20minimum%203%20stk%2E%20%5D%5D%3E%3C%2Fdescription%3E%0A%20%20%20%20%3Cname%3E%3C%21%5BCDATA%5BBrilliant%20Kalk%2015%20kg%2E%5D%5D%3E%3C%2Fname%3E%0A%20%20%3C%2Fitem%3E%0A%20%20%3Citem%3E%0A%20%20%20%20%3Camount%3E1%3C%2Famount%3E%0A%20%20%20%20%3Cproductid%3E%3C%21%5BCDATA%5B863254%5D%5D%3E%3C%2Fproductid%3E%0A%20%20%20%20%3Cprice%3E%3C%21%5BCDATA%5B499%5D%5D%3E%3C%2Fprice%3E%0A%20%20%20%20%3Cdescription%3E%3C%21%5BCDATA%5B15%2B3%20kg%2E%20Hundefoder%20til%20voksne%2E%5D%5D%3E%3C%2Fdescription%3E%0A%20%20%20%20%3Cname%3E%3C%21%5BCDATA%5BRoyal%20Canin%20Maxi%20Adult%2015%2B3%20kg%2E%5D%5D%3E%3C%2Fname%3E%0A%20%20%3C%2Fitem%3E%0A%3C%2Fshop%3E

正如你看到有含有这种编码的XML一个basket身体参数。

我试着用Request.InputStream访问它:

StreamReader reader = new StreamReader(Request.InputStream, System.Text.Encoding.UTF8); 
String sXMLRequest = reader.ReadToEnd(); 
xd.LoadXml(sXMLRequest);

,但似乎失败:

System.Xml.XmlException: Data at the root level is invalid. Line 1, position 1. at System.Xml.XmlTextReaderImpl.Throw(String res, String arg) at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace() at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.LoadXml(String xml) at Nop.Web.Controllers.ShoppingCartController.IPaperCheckout()

你知不知道任何其他方式来访问呢?

来源

2012-02-27 Cristian Boariu

+0

如果我读这个权利,你要加载究竟是不是在这一点XML - 它仍然编码当你试图将其解析为XML时。 – 2012-02-27 21:07:54

+0

@George:我试图对其进行解码'xd.LoadXml(HttpUtility.HtmlDecode(sXMLRequest));',但仍然有同样的问题... – 2012-02-27 21:19:15

+0

@Cristian:这是'应用程序/ x-WWW的形式urlencoded'(看在标题处),而不是HTML转义。 – Cameron 2012-02-27 21:20:37

回答

4

而不是阅读Request流,我建议访问FormCollection,而不是如Request.Form["basket"]形式集合正确解码,所以你不必应付解码:

<shop paper="/LandFritid/LF/LFaviser2012/Tilbudsavis32012/"> 
    <item> 
    <amount>1</amount> 
    <productid><![CDATA[810570]]></productid> 
    <price><![CDATA[36.33]]></price> 
    <description><![CDATA[Ved Køb af minimum 3 stk. ]]></description> 
    <name><![CDATA[Brilliant Kalk 15 kg.]]></name> 
    </item> 
    <item> 
    <amount>1</amount> 
    <productid><![CDATA[863254]]></productid> 
    <price><![CDATA[499]]></price> 
    <description><![CDATA[15+3 kg. Hundefoder til voksne.]]></description> 
    <name><![CDATA[Royal Canin Maxi Adult 15+3 kg.]]></name> 
    </item> 
</shop>

来源

2012-02-27 21:18:57 Andreas

+0

谢谢!似乎是更接近:)唯一的例外我现在已经:'从客户端(篮=“<铺纸=”/LandFr ...“)'检测到潜在危险的Request.Form值...我知道在Web表单上下文来解决这个问题,但我怎么能因为上下文是MVC就在这里吧... – 2012-02-27 21:26:00

+0

Asp.net假设你正在尝试做的XSS攻击(XML有可疑LT GT标签)。你需要设置'ValidateRequest =“false”'。 – Andreas 2012-02-27 21:32:59

2

篮子的价值如下:

<shop paper="/LandFritid/LF/LFaviser2012/Tilbudsavis32012/"> 
    <item> 
    <amount>1</amount> 
    <productid><![CDATA[810570]]></productid> 
    <price><![CDATA[36.33]]></price> 
    <description><![CDATA[Ved Køb af minimum 3 stk. ]]></description> 
    <name><![CDATA[Brilliant Kalk 15 kg.]]></name> 
    </item> 
    <item> 
    <amount>1</amount> 
    <productid><![CDATA[863254]]></productid> 
    <price><![CDATA[499]]></price> 
    <description><![CDATA[15+3 kg. Hundefoder til voksne.]]></description> 
    <name><![CDATA[Royal Canin Maxi Adult 15+3 kg.]]></name> 
    </item> 
</shop>

你可能需要在顶部追加此以加载:

<?xml version="1.0" encoding="utf-8" ?>

也,你是负荷值读取后可能无法解码。检查你正在加载的字符串,如果它看起来和发布一样,它就不会被解码。

来源

2012-02-27 21:12:33

相关问题

 相关问题