MVC实现拦截过滤器,过滤字符串及实体类和动态修改数据,部分过滤和全部过滤:
#region
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Security.Policy;
using System.Text;
using System.Web;
using System.Web.Mvc;
using System.Reflection;
namespace SaaS.Admin.Base
{
/// <summary>
/// 全局过滤器
/// </summary>
public class CustomerFilterAttribute:ActionFilterAttribute
{
/// <summary>
/// 检查是否需要过滤
/// </summary>
public bool IsCheck { get; set; }//是否需要过滤标记
/// <summary>
/// 在执行操作Action方法前执行调用
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
#region 检查是否需要拦截过滤【不需要检查过滤】
if (!IsCheck)
{
return;//不需要过滤
}
#endregion
var parameters = filterContext.ActionDescriptor.GetParameters();
foreach (var parameter in parameters)
{
if (parameter.ParameterType == typeof(string))
{
//获取字符串参数原值
var orginalValue = filterContext.ActionParameters[parameter.ParameterName] as string;
//使用过滤算法处理字符串
if (!string.IsNullOrEmpty(orginalValue) && orginalValue!="")
{
var filteredValue = HtmlEscapeCode(orginalValue);
////将处理后值赋给参数
filterContext.ActionParameters[parameter.ParameterName] = filteredValue;
}
}
else if (parameter.ParameterName =="model")
{
//获取字符串参数原值
var value = filterContext.ActionParameters[parameter.ParameterName];
if (value.GetType().IsClass && value.GetType().Name != "String")//检查是否是类,并且不是字符串类型
{
object objClass = value;//获取字符串参数原值
PropertyInfo[] infos = objClass.GetType().GetProperties();//获取原对象的所有公共属性
#region 动态创建新实例【动态创建新的实体类实例】
System.Type tt = System.Type.GetType(value.ToString());//获取指定名称的类型
object ff = Activator.CreateInstance(tt, null);//创建指定类型实例
PropertyInfo[] fields = ff.GetType().GetProperties();//获取指定对象的所有公共属性
object obj = Activator.CreateInstance(tt, null);//创建新指定类型的实例【动态创建新的实例】
#endregion
foreach (PropertyInfo info in infos)
{
if (info.CanRead)
{
//Console.WriteLine(info.Name + "=" + info.GetValue(objClass, null));
if (info.PropertyType.Name == "String")
{
//获取值
string orginalValue =Convert.ToString(info.GetValue(objClass, null));
if (!string.IsNullOrEmpty(orginalValue) || orginalValue!="")
{
//检查过滤特殊字符
var filteredValue = HtmlEscapeCode(orginalValue);
//将处理后值赋给参数
info.SetValue(obj, filteredValue, null);
//给实体对象赋新值
filterContext.ActionParameters[parameter.ParameterName] = obj;
}
}
else
{
object orginalValue = info.GetValue(objClass, null);//获取值
info.SetValue(obj, orginalValue,null);//给对象赋新值
filterContext.ActionParameters[parameter.ParameterName] = obj;//给实体类对象赋值
}
}
}
}
}
}
}
/// <summary>
/// 在执行操作Action方法后执行调用
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
base.OnActionExecuted(filterContext);
var controllerName = filterContext.RouteData.Values["controller"];
var actionName = filterContext.RouteData.Values["action"];
}
//过滤关键字
public string HtmlEscapeCode(string html)
{
var strhtml = html.Replace("javascript", "")
.Replace("vbscript", "")
.Replace("jscript", "")
.Replace("script", "")
.Replace("eval", "")
.Replace("<", "<")
.Replace(">", ">")
.Replace("\‘", "'")
.Replace("\"", """)
.Replace("&", "&")
.Replace("#", "#");
return strhtml;
}
}
}
#endregion
//以下是不需要过滤的Controllers
using SaaS.Contracts.SaaS.Intern.Dtos.BugDtos;
using SaaS.Framework.SharpArch.Repositorys;
using SharpArch.NHibernate.Web.Mvc;
using SaaS.Models.Domain.Enums;
using SaaS.Models.Framework.Utility;
using SaaS.Framework.Collections;
namespace SaaS.Admin.Controllers
{
/// <summary>
/// BUG单管理
/// </summary>
[CustomerFilter(IsCheck =false)]//不需要过滤标记
public class BugController : AuthorizeBaseController
{
/// <summary>
/// 创建BUG单管理构造函数(生成构造函数的快捷健:ctorf后按下enter健)
/// </summary>
private readonly IBugService _bugService;
public BugController(IBugService bugService)
{
_bugService = bugService;
}
}
}
//以下是需要过滤的标记
using System;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Web.Mvc;
using Microsoft.Practices.ServiceLocation;
using SaaS.Contracts.SaaS.Intern;
using SaaS.Framework.IIdentity;
using SaaS.Models.Domain.Enums;
namespace SaaS.Admin.Base
{
/// <summary>
/// 基础Controller
/// </summary>
[CustomerFilter(IsCheck = true)]//过滤标签
public class BaseController : Controller
{
/// <summary>
/// 弹出成功提示
/// </summary>
/// <param name="message">成功消息</param>
/// <param name="url">跳转路径</param>
/// <returns></returns>
protected ActionResult SuccessResult(string message, string url)
{
TempData["SuccessResult"] = message;
return Redirect(url);
}
}
}