Click here to Skip to main content
15,867,141 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
--- My c# code to access sharepoint 2013 rest api to upload file share point,

But i am getting error - A potentially dangerous Request.Path value was detected from the client (:).



//Create a namespace manager for parsing the ATOM XML returned by the queries.
XmlNamespaceManager xmlnspm = new XmlNamespaceManager(new NameTable());

//Add pertinent namespace to the namespace manager.
xmlnspm.AddNamespace("d", "http://schemas.microsoft.com/ado/2007/08/dataservices");

//Execute a REST request to get the form digest. All POST requests that change the state of resources on the host
//Web require the form digest in the request header.

HttpWebRequest contextinfoRequest =
(HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/" + "/_api/contextinfo");
contextinfoRequest.Method = "POST";
contextinfoRequest.ContentType = "text/xml;charset=utf-8";
contextinfoRequest.ContentLength = 0;
contextinfoRequest.Credentials = System.Net.CredentialCache.DefaultCredentials;

//contextinfoRequest.Credentials = new NetworkCredential("anagaman", "israel20~14", "chinta.net");

//contextinfoRequest.Headers.Add("Authorization", "Bearer " + accessToken);


HttpWebResponse contextinfoResponse = (HttpWebResponse)contextinfoRequest.GetResponse();
StreamReader contextinfoReader = new StreamReader(contextinfoResponse.GetResponseStream(), System.Text.Encoding.UTF8);
var formDigestXML = new XmlDocument();
formDigestXML.LoadXml(contextinfoReader.ReadToEnd());
var formDigestNode = formDigestXML.SelectSingleNode("//d:FormDigestValue", xmlnspm);
string formDigest = formDigestNode.InnerXml;

string srcUrl = @"D:\VisCore\VS.VisCore.Website\Images\Viscore_Status.docx";

var a = "http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files/add(url=" + srcUrl + ",overwrite=true)";

//HttpWebRequest endpointRequest3 = (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files/add(url=" + srcUrl + ",overwrite=true)");

HttpWebRequest endpointRequest3 = (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files/add(url=" + srcUrl + ",overwrite=true)");

//HttpWebRequest endpointRequest3 = (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files");

//http://site url/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files/add(url='a.txt',overwrite=true)
endpointRequest3.Method = "POST";

endpointRequest3.Credentials = System.Net.CredentialCache.DefaultCredentials;
//endpointRequest3.Credentials = new NetworkCredential("anagaman", "israel20~14", "chinta.net");

if (!File.Exists(srcUrl))
{
throw new ArgumentException(String.Format("{0} does not exist",
srcUrl), "srcUrl");
}

FileStream fStream = File.OpenRead(srcUrl);
string fileName = fStream.Name.Substring(3);
byte[] contents = new byte[fStream.Length];
fStream.Read(contents, 0, (int)fStream.Length);
fStream.Close();

endpointRequest3.ContentLength = contents.Length;
endpointRequest3.Headers.Add("X-RequestDigest", formDigest);

try
{
Stream listRequestStream = endpointRequest3.GetRequestStream();
listRequestStream.Write(contents, 0, contents.Length);
listRequestStream.Close();
HttpWebResponse listResponse = (HttpWebResponse)endpointRequest3.GetResponse();
}
catch (WebException e)
{
using (WebResponse response = e.Response)
{
HttpWebResponse httpResponse = (HttpWebResponse)response;
Console.WriteLine("Error code: {0}", httpResponse.StatusCode);
using (Stream data = response.GetResponseStream())
using (var reader = new StreamReader(data))
{
string text = reader.ReadToEnd();
Console.WriteLine(text);
}
}
}

---------------------------


A potentially dangerous Request.Path value was detected from the client (:).
Posted
Comments
Richard MacCutchan 26-Aug-14 13:04pm    
Please format your code witihn <pre> tags so it is readable, and indicate where the error occurs.
Prasad Avunoori 27-Aug-14 1:16am    
Hi, Make sure you don't have any script in the requested URL.

e.g. <script>alert('Oops!')</script>

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900