1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
<%@ WebHandler Language="C#" Class="PersistantImage" %>
using System;
using System.Drawing;
using System.Drawing.Imaging;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Configuration;
public class PersistantImage : IHttpHandler
{
private HttpContext _currentContext = null;
protected string Key
{
get
{
return ((_currentContext != null) && (_currentContext.Request != null) && (_currentContext.Request.QueryString["key"] != null)) ? _currentContext.Request.QueryString["key"] : "";
}
}
protected string Url
{
get
{
return ((Key.Length > 0) && (WebConfigurationManager.AppSettings.Get(Key) != null)) ? WebConfigurationManager.AppSettings.Get(Key) : "";
}
}
protected string Path
{
get
{
return (Url.Length > 0) ? _currentContext.Server.MapPath(Url) : "";
}
}
protected string Extension
{
get
{
return ((Path.Length > 0) && (Path.LastIndexOf('.') > -1) && (Path.LastIndexOf('.') < (Path.Length - 1))) ? Path.Substring(Path.LastIndexOf('.') + 1).ToLower() : "";
}
}
protected bool IsSafe()
{
bool bSafeExtension = (Extension.Equals("jpg") || Extension.Equals("jpeg") || Extension.Equals("gif") || Extension.Equals("png"));
Regex regEx = new Regex("[^a-zA-Z0-9._-~/]");
bool bSafeChars = (!regEx.IsMatch(Url)) && (!Url.Contains(".."));
return (bSafeExtension && bSafeChars);
}
public void ProcessRequest (HttpContext context)
{
_currentContext = context;
if ((Path.Length > 0) && IsSafe())
{
context.Response.ContentType = "image/" + Extension;
context.Response.Cache.AppendCacheExtension("post-check=900,pre-check=3600");
context.Response.WriteFile(Path);
}
else
{
context.Response.ContentType = "text/plain";
context.Response.Write("");
}
}
public bool IsReusable
{
get {
return true;
}
}
}
|