首页 > 代码库 > MVC 记录操作日志与过滤特殊字符
MVC 记录操作日志与过滤特殊字符
最近进行的MVC系统需要用到记录操作日志和过滤特殊字符的功能,如果每个action中都调用记录日志的方法就太麻烦了,所以根据需要结合mvc的过滤机制
写了个特殊字符验证与记录操作日志的公用类:
1 public class CustomFilterAttribute : ActionFilterAttribute 2 { 3 public CustomFilterAttribute() 4 { 5 IsLog = false; 6 FilterSpecialChar = true; 7 } 8 9 /// <summary> 10 /// 是否记录日志 11 /// </summary> 12 public bool IsLog { get; set; } 13 14 /// <summary> 15 /// 是否过滤特殊字符 16 /// </summary> 17 public bool FilterSpecialChar { get; set; } 18 19 /// <summary> 20 /// 登录用户 21 /// </summary> 22 public string UserName { get; set; } 23 24 /// <summary> 25 /// 操作简介 26 /// </summary> 27 public string Message { get; set; } 28 29 /// <summary> 30 /// action执行前特殊字符过滤 31 /// </summary> 32 /// <param name="filterContext"></param> 33 public override void OnActionExecuting(ActionExecutingContext filterContext) 34 { 35 base.OnActionExecuting(filterContext); 36 37 if (filterContext.ActionParameters.Count > 0) 38 { 39 if (filterContext.HttpContext.Request.IsAjaxRequest()) 40 { 41 if (IsContainSpecialChar(filterContext.ActionParameters)) 42 { 43 var json = new JsonResult(); 44 json.Data = http://www.mamicode.com/new { status = false, msg = "您输入的数据中包含特殊字符。" }; 45 json.JsonRequestBehavior = JsonRequestBehavior.AllowGet; 46 filterContext.Result = json; 47 } 48 } 49 else if (IsContainSpecialChar(filterContext.ActionParameters)) 50 { 51 var ReturnUrl = "/Login/Index"; 52 filterContext.Result = new RedirectResult(ReturnUrl); 53 } 54 } 55 56 return; 57 } 58 59 /// <summary> 60 /// action执行后记录日志 61 /// </summary> 62 /// <param name="filterContext"></param> 63 public override void OnActionExecuted(ActionExecutedContext filterContext) 64 { 65 base.OnActionExecuted(filterContext); 66 if (this.IsLog) 67 { 68 var ActionName = filterContext.ActionDescriptor.ActionName; 69 var Url = "/" + filterContext.ActionDescriptor.ControllerDescriptor.ControllerName + "/" + ActionName; 70 71 //var loginInfo = (ViewModel.t_User_VModel)filterContext.HttpContext.Session["userMdl"]; 72 string OperateIP = HttpContext.Current.Request.UserHostAddress; 73 74 //登录用户 75 //if (loginInfo != null) 76 //{ 77 // this.UserName = loginInfo.UserName; 78 //} 79 this.UserName = "测试"; 80 Message = filterContext.Exception == null ? "成功" : "失败" + Message; 81 82 new JiaSoftOTOSystem.BLL.OperateLog_BLL().AddOprateLog(UserName, OperateIP, Url, ActionName, Message); 83 } 84 } 85 86 //public override void OnResultExecuting(ResultExecutingContext filterContext) 87 //{ 88 // base.OnResultExecuting(filterContext); 89 // //filterContext.HttpContext.Response.Write("返回Result之前" + Message + "<br />"); 90 //} 91 92 //public override void OnResultExecuted(ResultExecutedContext filterContext) 93 //{ 94 // base.OnResultExecuted(filterContext); 95 // //filterContext.HttpContext.Response.Write("返回Result之后" + Message + "<br />"); 96 //} 97 98 /// <summary> 99 /// 验证string类型参数中是否含有特殊字符 100 /// </summary>101 /// <param name="paramters"></param>102 /// <returns>有:true,没有:false</returns>103 public bool IsContainSpecialChar(IDictionary<string, object> paramters)104 {105 bool bResult = false;106 System.Text.StringBuilder strParam = new System.Text.StringBuilder();107 foreach (var item in paramters)108 {109 if (item.Value != null)110 {111 Type types = item.Value.GetType();112 if (types.Name.EndsWith("Model"))113 {114 System.Reflection.PropertyInfo[] ps = types.GetProperties();115 foreach (PropertyInfo pi in ps)116 {117 object value = http://www.mamicode.com/pi.GetValue(item.Value, null);//用pi.GetValue获得值118 string name = pi.Name;//获得属性的名字,后面就可以根据名字判断来进行些自己想要的操作119 //获得属性的类型,进行判断然后进行以后的操作,例如判断获得的属性是整数120 if (value != null && value.ToString().Length > 0)121 {122 if (value.GetType() == typeof(string))123 {124 if (FilterSpecialChar && !bResult && Regex.IsMatch(value.ToString(), @"[~<>$%\^\+\&\\\/\?\|:\{}()‘;=]"))125 {126 bResult = true;127 strParam.Append(name + "=" + value.ToString().Replace("‘", "‘").Replace("\"", "").Replace("&", "&").Replace("<", "<").Replace(">", ">") + "|");128 }129 else if (IsLog)130 {131 strParam.Append(name + "=" + value + "|");132 }133 }134 else if (IsLog && item.Value.GetType() == typeof(Guid) && item.Value.ToString() != Guid.Empty.ToString())135 {136 strParam.Append(name + "=" + value + "|");137 }138 else if (IsLog && (item.Value.GetType() == typeof(int) || item.Value.GetType() == typeof(decimal)) && item.Value.ToString() != "0")139 {140 strParam.Append(name + "=" + value + "|");141 }142 else if (IsLog)143 {144 strParam.Append(name + "=" + value + "|");145 }146 }147 }148 }149 else if (item.Value != null && item.Value.ToString().Length > 0)150 {151 if (item.Value.GetType() == typeof(string))152 {153 if (FilterSpecialChar && !bResult && Regex.IsMatch(item.Value.ToString(), @"[~<>$%\^\+\&\\\/\?\|:\{}()‘;=]"))154 {155 bResult = true;156 strParam.Append(item.Key + "=" + item.Value.ToString().Replace("‘", "‘").Replace("\"", "").Replace("&", "&").Replace("<", "<").Replace(">", ">") + "|");157 }158 else if (IsLog)159 {160 strParam.Append(item.Key + "=" + item.Value + "|");161 }162 }163 else if (IsLog && item.Value.GetType() == typeof(Guid) && item.Value.ToString() != Guid.Empty.ToString())164 {165 strParam.Append(item.Key + "=" + item.Value + "|");166 }167 else if (IsLog && (item.Value.GetType() == typeof(int) || item.Value.GetType() == typeof(decimal)) && item.Value.ToString() != "0")168 {169 strParam.Append(item.Key + "=" + item.Value + "|");170 }171 else if (IsLog)172 {173 strParam.Append(item.Key + "=" + item.Value + "|");174 }175 }176 }177 }178 179 this.Message = "。参数:" + strParam.ToString();180 181 return false;182 }183 184 }
调用方式如下:
验证结果:如果包含特殊字符:如果是ajax请求则返回json,否则返回到错误页。
MVC 记录操作日志与过滤特殊字符
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。