ParameterVerifyMiddleware.cs
/// <summary>
/// 参数验证
/// </summary>
/// <param name="input">The input.</param>
/// <returns><c>true</c> if XXXX, <c>false</c> otherwise.</returns>
private bool VerifyDangerousChar(string input)
{
input = input.ToLower();
//|-- |(?:--)
//_configuration
var badStr = @"(?: ')|(/\*(?:.|[\n\r])*?\*/)|(\b(select|update|and|or|delete|script|iframe|<|>|alter|insert|trancate|create|char|into|to_char|to_date|substr|mid|ascii|substring|declare|exec|truncate|count|master|into|drop|execute|xp_|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators)\b)";
string rule = _configuration.GetValue<string>("parameterVerify:rule");
if (rule == "false") return true;
if (!string.IsNullOrEmpty(rule)) badStr = rule;
var Regex = new Regex(badStr, RegexOptions.IgnoreCase);
return Regex.IsMatch(input);
}
文档更新时间: 2021-10-17 20:06 作者:admin