1
0
mirror of https://git.teknik.io/Teknikode/Teknik.git synced 2023-08-02 14:16:22 +02:00

Removed validations as they aren't working for subdomains.

Made upload URLs dependent on the current subdomain.
This commit is contained in:
Uncled1023 2016-01-30 21:49:32 -08:00
parent 9caac7fab3
commit 886b36cbf1
20 changed files with 99 additions and 125 deletions

View File

@ -134,7 +134,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreatePost(int blogID, string title, string article) public ActionResult CreatePost(int blogID, string title, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -169,7 +168,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditPost(int postID, string title, string article) public ActionResult EditPost(int postID, string title, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -194,7 +192,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult PublishPost(int postID, bool publish) public ActionResult PublishPost(int postID, bool publish)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -219,7 +216,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeletePost(int postID) public ActionResult DeletePost(int postID)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -271,7 +267,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreateComment(int postID, string article) public ActionResult CreateComment(int postID, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -295,7 +290,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditComment(int commentID, string article) public ActionResult EditComment(int commentID, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -319,7 +313,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeleteComment(int commentID) public ActionResult DeleteComment(int commentID)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)

View File

@ -7,7 +7,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: addPostURL, url: addPostURL,
data: AddAntiForgeryToken({ blogID: blogID, title: title, article: post }), data: { blogID: blogID, title: title, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -55,7 +55,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editPostURL, url: editPostURL,
data: AddAntiForgeryToken({ postID: postID, title: title, article: post }), data: { postID: postID, title: title, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -76,7 +76,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: addCommentURL, url: addCommentURL,
data: AddAntiForgeryToken({ postID: postID, article: post }), data: { postID: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -113,7 +113,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editCommentURL, url: editCommentURL,
data: AddAntiForgeryToken({ commentID: postID, article: post }), data: { commentID: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -185,7 +185,7 @@ function linkPostUnpublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPostURL, url: publishPostURL,
data: AddAntiForgeryToken({ postID: post_id, publish: false }), data: { postID: post_id, publish: false },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -206,7 +206,7 @@ function linkPostPublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPostURL, url: publishPostURL,
data: AddAntiForgeryToken({postID: post_id, publish: true }), data: {postID: post_id, publish: true },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -229,7 +229,7 @@ function linkPostDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deletePostURL, url: deletePostURL,
data: AddAntiForgeryToken({ postID: post_id }), data: { postID: post_id },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -254,7 +254,7 @@ function linkCommentDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deleteCommentURL, url: deleteCommentURL,
data: AddAntiForgeryToken({ commentID: post_id }), data: { commentID: post_id },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();

View File

@ -29,9 +29,6 @@ namespace Teknik.Areas.Error.Controllers
{ {
ViewBag.Title = "Http Exception - " + Config.Title; ViewBag.Title = "Http Exception - " + Config.Title;
if (Response != null)
Response.StatusCode = (exception as HttpException).GetHttpCode();
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Description = exception.Message; model.Description = exception.Message;
model.Exception = exception; model.Exception = exception;
@ -45,9 +42,6 @@ namespace Teknik.Areas.Error.Controllers
ViewBag.Title = "403 - " + Config.Title; ViewBag.Title = "403 - " + Config.Title;
ViewBag.Message = "Access Denied"; ViewBag.Message = "Access Denied";
if (Response != null)
Response.StatusCode = 403;
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Exception = exception; model.Exception = exception;
@ -60,9 +54,6 @@ namespace Teknik.Areas.Error.Controllers
ViewBag.Title = "404 - " + Config.Title; ViewBag.Title = "404 - " + Config.Title;
ViewBag.Message = "Uh Oh, can't find it!"; ViewBag.Message = "Uh Oh, can't find it!";
if (Response != null)
Response.StatusCode = 404;
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Exception = exception; model.Exception = exception;
@ -75,9 +66,6 @@ namespace Teknik.Areas.Error.Controllers
ViewBag.Title = "500 - " + Config.Title; ViewBag.Title = "500 - " + Config.Title;
ViewBag.Message = "Something Borked"; ViewBag.Message = "Something Borked";
if (Response != null)
Response.StatusCode = 500;
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Exception = exception; model.Exception = exception;

View File

@ -17,21 +17,21 @@ namespace Teknik.Areas.Error
{ {
context.MapSubdomainRoute( context.MapSubdomainRoute(
"Error.Http404", // Route name "Error.Http404", // Route name
new List<string>() { "*" }, // Subdomains new List<string>() { "*", "error" }, // Subdomains
"404", // URL with parameters "404", // URL with parameters
new { controller = "Error", action = "Http404" }, // Parameter defaults new { controller = "Error", action = "Http404" }, // Parameter defaults
new[] { typeof(Controllers.ErrorController).Namespace } new[] { typeof(Controllers.ErrorController).Namespace }
); );
context.MapSubdomainRoute( context.MapSubdomainRoute(
"Error.Http403", // Route name "Error.Http403", // Route name
new List<string>() { "*" }, // Subdomains new List<string>() { "*", "error" }, // Subdomains
"403", // URL with parameters "403", // URL with parameters
new { controller = "Error", action = "Http403" }, // Parameter defaults new { controller = "Error", action = "Http403" }, // Parameter defaults
new[] { typeof(Controllers.ErrorController).Namespace } new[] { typeof(Controllers.ErrorController).Namespace }
); );
context.MapSubdomainRoute( context.MapSubdomainRoute(
"Error.Http500", // Route name "Error.Http500", // Route name
new List<string>() { "*" }, // Subdomains new List<string>() { "*", "error" }, // Subdomains
"500", // URL with parameters "500", // URL with parameters
new { controller = "Error", action = "Http500" }, // Parameter defaults new { controller = "Error", action = "Http500" }, // Parameter defaults
new[] { typeof(Controllers.ErrorController).Namespace } new[] { typeof(Controllers.ErrorController).Namespace }

View File

@ -23,17 +23,17 @@ namespace Teknik.Areas.Home.Controllers
HomeViewModel model = new HomeViewModel(); HomeViewModel model = new HomeViewModel();
// Grab the latest site blog posts // Grab the latest site blog posts
List<BlogPost> lastSite = new List<BlogPost>(); List<BlogPost> lastSite = new List<BlogPost>();
var foundSite = db.BlogPosts.Include("Blog").Include("Blog.User").OrderBy(post => post.DatePosted).Where(p => p.Published && p.System).Take(10); var foundSite = db.BlogPosts.Include("Blog").Include("Blog.User").OrderByDescending(post => post.DatePosted).Where(p => p.Published && p.System).Take(5);
if (foundSite != null) if (foundSite != null)
lastSite = foundSite.ToList(); lastSite = foundSite.ToList();
// Grab the latest user blog posts // Grab the latest user blog posts
List<BlogPost> lastPosts = new List<BlogPost>(); List<BlogPost> lastPosts = new List<BlogPost>();
var foundPosts = db.BlogPosts.Include("Blog").Include("Blog.User").OrderBy(post => post.DatePosted).Where(p => p.Published && !p.System).Take(10); var foundPosts = db.BlogPosts.Include("Blog").Include("Blog.User").OrderByDescending(post => post.DatePosted).Where(p => p.Published && !p.System).Take(5);
if (foundPosts != null) if (foundPosts != null)
lastPosts = foundPosts.ToList(); lastPosts = foundPosts.ToList();
// Grab the latest podcasts // Grab the latest podcasts
List<Podcast.Models.Podcast> lastPods = new List<Podcast.Models.Podcast>(); List<Podcast.Models.Podcast> lastPods = new List<Podcast.Models.Podcast>();
var foundPods = db.Podcasts.OrderBy(post => post.DatePosted).Where(p => p.Published).Take(10); var foundPods = db.Podcasts.OrderByDescending(post => post.DatePosted).Where(p => p.Published).Take(5);
if (foundPods != null) if (foundPods != null)
lastPods = foundPods.ToList(); lastPods = foundPods.ToList();

View File

@ -102,7 +102,6 @@ namespace Teknik.Areas.Paste.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Paste([Bind(Include = "Content, Title, Syntax, ExpireLength, ExpireUnit, Password, Hide")]PasteCreateViewModel model) public ActionResult Paste([Bind(Include = "Content, Title, Syntax, ExpireLength, ExpireUnit, Password, Hide")]PasteCreateViewModel model)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -130,7 +129,7 @@ namespace Teknik.Areas.Paste.Controllers
db.Pastes.Add(paste); db.Pastes.Add(paste);
db.SaveChanges(); db.SaveChanges();
return Redirect(Url.SubRouteUrl("paste", "Paste.View", new { type = "Full", url = paste.Url, password = model.Password })); return Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url, password = model.Password }));
} }
catch (Exception ex) catch (Exception ex)
{ {

View File

@ -14,7 +14,6 @@
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-sm-12">
<form class="form-horizontal" name="editor" method="post" action="@Url.SubRouteUrl("paste", "Paste.Action", new { action = "Paste" })"> <form class="form-horizontal" name="editor" method="post" action="@Url.SubRouteUrl("paste", "Paste.Action", new { action = "Paste" })">
@Html.AntiForgeryToken()
<div class="form-group"> <div class="form-group">
<div class="col-sm-10 col-sm-offset-1"> <div class="col-sm-10 col-sm-offset-1">
<textarea class="form-control" name="Content" id="content" rows="20"></textarea> <textarea class="form-control" name="Content" id="content" rows="20"></textarea>

View File

@ -156,7 +156,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreatePodcast(int episode, string title, string description) public ActionResult CreatePodcast(int episode, string title, string description)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -223,7 +222,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditPodcast(int podcastId, int episode, string title, string description) public ActionResult EditPodcast(int podcastId, int episode, string title, string description)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -253,7 +251,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult PublishPodcast(int podcastId, bool publish) public ActionResult PublishPodcast(int podcastId, bool publish)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -278,7 +275,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeletePodcast(int podcastId) public ActionResult DeletePodcast(int podcastId)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -330,7 +326,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreateComment(int podcastId, string article) public ActionResult CreateComment(int podcastId, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -354,7 +349,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditComment(int commentID, string article) public ActionResult EditComment(int commentID, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -378,7 +372,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeleteComment(int commentID) public ActionResult DeleteComment(int commentID)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)

View File

@ -81,7 +81,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editPodcastURL, url: editPodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId, episode: episode, title: title, description: description }), data: { podcastId: podcastId, episode: episode, title: title, description: description },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -102,7 +102,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: addCommentURL, url: addCommentURL,
data: AddAntiForgeryToken({ podcastId: postID, article: post }), data: { podcastId: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -139,7 +139,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editCommentURL, url: editCommentURL,
data: AddAntiForgeryToken({ commentID: postID, article: post }), data: { commentID: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -211,7 +211,7 @@ function linkPodcastUnpublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPodcastURL, url: publishPodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId, publish: false }), data: { podcastId: podcastId, publish: false },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -232,7 +232,7 @@ function linkPodcastPublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPodcastURL, url: publishPodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId, publish: true }), data: { podcastId: podcastId, publish: true },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -255,7 +255,7 @@ function linkPodcastDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deletePodcastURL, url: deletePodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId }), data: { podcastId: podcastId },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -280,7 +280,7 @@ function linkCommentDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deleteCommentURL, url: deleteCommentURL,
data: AddAntiForgeryToken({ commentID: post_id }), data: { commentID: post_id },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();

View File

@ -114,7 +114,6 @@ namespace Teknik.Areas.Profile.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginViewModel model) public ActionResult Login(LoginViewModel model)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -138,7 +137,12 @@ namespace Teknik.Areas.Profile.Controllers
db.Entry(user).State = EntityState.Modified; db.Entry(user).State = EntityState.Modified;
db.SaveChanges(); db.SaveChanges();
} }
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe); HttpCookie authcookie = FormsAuthentication.GetAuthCookie(model.Username, model.RememberMe);
authcookie.Domain = string.Format(".{0}", Config.Host);
authcookie.HttpOnly = true;
authcookie.Secure = true;
Response.AppendCookie(authcookie);
if (string.IsNullOrEmpty(model.ReturnUrl)) if (string.IsNullOrEmpty(model.ReturnUrl))
{ {
return Json(new { result = "true" }); return Json(new { result = "true" });
@ -172,7 +176,6 @@ namespace Teknik.Areas.Profile.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Register(RegisterViewModel model) public ActionResult Register(RegisterViewModel model)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -261,7 +264,6 @@ namespace Teknik.Areas.Profile.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt) public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -332,7 +334,6 @@ namespace Teknik.Areas.Profile.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Delete() public ActionResult Delete()
{ {
if (ModelState.IsValid) if (ModelState.IsValid)

View File

@ -8,7 +8,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deleteUserURL, url: deleteUserURL,
data: AddAntiForgeryToken({}), data: {},
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.replace(homeUrl); window.location.replace(homeUrl);
@ -40,7 +40,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editUserURL, url: editUserURL,
data: AddAntiForgeryToken({ data: {
curPass: current_password, curPass: current_password,
newPass: password, newPass: password,
newPassConfirm: password_confirm, newPassConfirm: password_confirm,
@ -51,7 +51,7 @@
blogDesc: blog_desc, blogDesc: blog_desc,
saveKey: upload_saveKey, saveKey: upload_saveKey,
serverSideEncrypt: upload_serverSideEncrypt serverSideEncrypt: upload_serverSideEncrypt
}), },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
$.unblockUI(); $.unblockUI();

View File

@ -3,7 +3,6 @@
@if (Model.Config.UserConfig.LoginEnabled) @if (Model.Config.UserConfig.LoginEnabled)
{ {
<form role="form" id="loginForm" action="@Url.SubRouteUrl("profile", "Profile.Login")" method="post" accept-charset="UTF-8"> <form role="form" id="loginForm" action="@Url.SubRouteUrl("profile", "Profile.Login")" method="post" accept-charset="UTF-8">
@Html.AntiForgeryToken()
<input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" /> <input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" />
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true" /> <input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true" />

View File

@ -3,7 +3,6 @@
@if (Model.Config.UserConfig.RegistrationEnabled) @if (Model.Config.UserConfig.RegistrationEnabled)
{ {
<form role="form" id="registrationForm" action="@Url.SubRouteUrl("profile", "Profile.Register")" method="post" accept-charset="UTF-8"> <form role="form" id="registrationForm" action="@Url.SubRouteUrl("profile", "Profile.Register")" method="post" accept-charset="UTF-8">
@Html.AntiForgeryToken()
<input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" /> <input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" />
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true"/> <input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true"/>

View File

@ -41,7 +41,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, bool saveKey, HttpPostedFileWrapper data, string key = null) public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, bool saveKey, HttpPostedFileWrapper data, string key = null)
{ {
if (Config.UploadConfig.UploadEnabled) if (Config.UploadConfig.UploadEnabled)
@ -83,7 +82,7 @@ namespace Teknik.Areas.Upload.Controllers
db.SaveChanges(); db.SaveChanges();
} }
} }
return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("upload", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain"); return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain");
} }
return Json(new { error = "Unable to upload file" }); return Json(new { error = "Unable to upload file" });
} }
@ -156,7 +155,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public FileResult DownloadData(string file) public FileResult DownloadData(string file)
{ {
if (Config.UploadConfig.DownloadEnabled) if (Config.UploadConfig.DownloadEnabled)
@ -230,7 +228,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult GenerateDeleteKey(string file) public ActionResult GenerateDeleteKey(string file)
{ {
Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
@ -247,7 +244,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult SaveFileKey(string file, string key) public ActionResult SaveFileKey(string file, string key)
{ {
Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
@ -263,7 +259,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult RemoveFileKey(string file, string key) public ActionResult RemoveFileKey(string file, string key)
{ {
Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();

View File

@ -11,7 +11,7 @@ function linkSaveKey(selector, uploadID, key, fileID) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: saveKeyToServerURL, url: saveKeyToServerURL,
data: AddAntiForgeryToken({ file: uploadID, key: key }), data: { file: uploadID, key: key },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
$('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="remove-key-link-' + fileID + '">Remove Key From Server</button>'); $('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="remove-key-link-' + fileID + '">Remove Key From Server</button>');
@ -33,7 +33,7 @@ function linkRemoveKey(selector, uploadID, key, fileID) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: removeKeyFromServerURL, url: removeKeyFromServerURL,
data: AddAntiForgeryToken({ file: uploadID, key: key }), data: { file: uploadID, key: key },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
$('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="save-key-link-' + fileID + '">Save Key To Server</button>'); $('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="save-key-link-' + fileID + '">Save Key To Server</button>');
@ -55,7 +55,7 @@ function linkUploadDelete(selector, uploadID) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: generateDeleteKeyURL, url: generateDeleteKeyURL,
data: AddAntiForgeryToken({ file: uploadID }), data: { file: uploadID },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
bootbox.dialog({ bootbox.dialog({

View File

@ -1,12 +1,14 @@
@model Teknik.Areas.Upload.ViewModels.UploadViewModel @model Teknik.Areas.Upload.ViewModels.UploadViewModel
@using Teknik.Helpers
<script> <script>
var encScriptSrc = '@Scripts.Url("~/bundles/cryptoWorker")'; var encScriptSrc = '@Scripts.Url("~/bundles/cryptoWorker")';
var aesScriptSrc = '@Scripts.Url("~/bundles/crypto")'; var aesScriptSrc = '@Scripts.Url("~/bundles/crypto")';
var generateDeleteKeyURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "GenerateDeleteKey" })'; var generateDeleteKeyURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action= "GenerateDeleteKey" })';
var saveKeyToServerURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "SaveFileKey" })'; var saveKeyToServerURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action= "SaveFileKey" })';
var removeKeyFromServerURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "RemoveFileKey" })'; var removeKeyFromServerURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action= "RemoveFileKey" })';
var uploadFileURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action = "Upload" })'; var uploadFileURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action = "Upload" })';
var maxUploadSize = @Model.Config.UploadConfig.MaxUploadSize; var maxUploadSize = @Model.Config.UploadConfig.MaxUploadSize;
var chunkSize = @Model.Config.UploadConfig.ChunkSize; var chunkSize = @Model.Config.UploadConfig.ChunkSize;
var keySize = @Model.Config.UploadConfig.KeySize; var keySize = @Model.Config.UploadConfig.KeySize;

View File

@ -22,10 +22,11 @@ namespace Teknik.Migrations
protected override void Seed(Models.TeknikEntities context) protected override void Seed(Models.TeknikEntities context)
{ {
Config config = Config.Load();
// Pre-populate with the default stuff // Pre-populate with the default stuff
// Create system blog // Create system blog
/*
Config config = Config.Load();
Areas.Profile.Models.User systemUser = new Areas.Profile.Models.User(); Areas.Profile.Models.User systemUser = new Areas.Profile.Models.User();
systemUser.Username = Constants.SERVERUSER; systemUser.Username = Constants.SERVERUSER;
systemUser.JoinDate = DateTime.Now; systemUser.JoinDate = DateTime.Now;
@ -74,15 +75,14 @@ namespace Teknik.Migrations
context.Groups.AddOrUpdate(memberGroup); context.Groups.AddOrUpdate(memberGroup);
context.SaveChanges(); context.SaveChanges();
if (config.DatabaseConfig.Migrate && !config.DevEnvironment) if (config.DatabaseConfig.Migrate && !config.DevEnvironment)
{ {
config.DatabaseConfig.Migrate = false;
Config.Save(config);
// Convert legacy MySQL DB to new MS SQL DB // Convert legacy MySQL DB to new MS SQL DB
MysqlDatabase db = new MysqlDatabase(config.DatabaseConfig); MysqlDatabase db = new MysqlDatabase(config.DatabaseConfig);
db.MysqlErrorEvent += Db_MysqlErrorEvent; db.MysqlErrorEvent += Db_MysqlErrorEvent;
config.DatabaseConfig.Migrate = false;
Config.Save(config);
// Transfer transactions // Transfer transactions
var transRet = db.Query("SELECT * FROM `transactions`"); var transRet = db.Query("SELECT * FROM `transactions`");
@ -120,7 +120,6 @@ namespace Teknik.Migrations
} }
} }
context.SaveChanges(); context.SaveChanges();
// Transfer Users and Blogs/Posts // Transfer Users and Blogs/Posts
Dictionary<int, int> userMapping = new Dictionary<int, int>(); Dictionary<int, int> userMapping = new Dictionary<int, int>();
Dictionary<int, int> postMapping = new Dictionary<int, int>(); Dictionary<int, int> postMapping = new Dictionary<int, int>();
@ -146,13 +145,18 @@ namespace Teknik.Migrations
{ {
newUser.Groups.Add(adminGroup); newUser.Groups.Add(adminGroup);
} }
context.Users.AddOrUpdate(newUser); context.Users.AddOrUpdate(newUser);
context.SaveChanges(); context.SaveChanges();
string oldUsername = user["username"].ToString();
Areas.Profile.Models.User newUser = context.Users.Where(u => u.Username == oldUsername).FirstOrDefault();
if (newUser != null)
{
int oldUserId = Int32.Parse(user["id"].ToString()); int oldUserId = Int32.Parse(user["id"].ToString());
int userId = newUser.UserId; int userId = newUser.UserId;
userMapping.Add(oldUserId, userId); userMapping.Add(oldUserId, userId);
}
// Create Blog for user // Create Blog for user
Areas.Blog.Models.Blog newBlog = new Areas.Blog.Models.Blog(); Areas.Blog.Models.Blog newBlog = new Areas.Blog.Models.Blog();
newBlog.UserId = userId; newBlog.UserId = userId;
@ -219,8 +223,9 @@ namespace Teknik.Migrations
var pasteRet = db.Query("SELECT * FROM `paste`"); var pasteRet = db.Query("SELECT * FROM `paste`");
foreach (var paste in pasteRet) foreach (var paste in pasteRet)
{ {
string pass = paste["password"].ToString();
// If it's a password protected paste, we just skip it // If it's a password protected paste, we just skip it
if (paste["password"] == null) if (string.IsNullOrEmpty(pass) || pass == "EMPTY")
{ {
string content = paste["code"].ToString(); string content = paste["code"].ToString();
string title = paste["title"].ToString(); string title = paste["title"].ToString();
@ -237,12 +242,14 @@ namespace Teknik.Migrations
context.SaveChanges(); context.SaveChanges();
} }
} }
// Transfer Uploads // Transfer Uploads
var uploadRet = db.Query("SELECT * FROM `uploads`"); var uploadRet = db.Query("SELECT * FROM `uploads`");
foreach (var upload in uploadRet) foreach (var upload in uploadRet)
{ {
string url = upload["url"].ToString(); string url = upload["url"].ToString();
Areas.Upload.Models.Upload upFound = context.Uploads.Where(u => u.Url == url).FirstOrDefault();
if (upFound == null)
{
string fileType = upload["type"].ToString(); string fileType = upload["type"].ToString();
int contentLength = Int32.Parse(upload["filesize"].ToString()); int contentLength = Int32.Parse(upload["filesize"].ToString());
string deleteKey = upload["delete_key"].ToString(); string deleteKey = upload["delete_key"].ToString();
@ -280,10 +287,12 @@ namespace Teknik.Migrations
} }
} }
} }
*/
}
private void Db_MysqlErrorEvent(object sender, string e) private void Db_MysqlErrorEvent(object sender, string e)
{ {
throw new NotImplementedException(); //throw new NotImplementedException();
} }
} }
} }

View File

@ -1,9 +1,4 @@
$(document).ready(function () { $(document).ready(function () {
AddAntiForgeryToken = function (data) {
data.__RequestVerificationToken = $('#__AjaxAntiForgeryForm input[name=__RequestVerificationToken]').val();
return data;
};
$("#top_msg").css('display', 'none', 'important'); $("#top_msg").css('display', 'none', 'important');
$("#login_dropdown").click(function () { $("#login_dropdown").click(function () {

View File

@ -41,11 +41,6 @@
</div> </div>
</div> </div>
</noscript> </noscript>
<!-- Global AntiForgery Token -->
@using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" }))
{
@Html.AntiForgeryToken()
}
@RenderBody() @RenderBody()
</div> </div>

View File

@ -42,6 +42,13 @@
<requestLimits maxAllowedContentLength="1073741824" /> <requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering> </requestFiltering>
</security> </security>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Accept, Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer> </system.webServer>
<runtime> <runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">