How do I download a specific file which was saved in a specific folder of the application

Question

0.00/5 (No votes)

See more:

This is my code for uploading a file in a folder:

C#

if (FileUpload1.HasFile)
            {
                if (FileUpload1.PostedFile.ContentLength / 1024 > 2048)
                    throw new ApplicationException
                    ("Uploaded File Should less then 2MB");
                filename = FileUpload1.PostedFile.FileName;
                FileUpload1.SaveAs(Server.MapPath
                ("~/FILE_UPLOADS/ARREST_MEMO/ ") + (filename));
                Regex FilenameRegex;
                FilenameRegex = new Regex("(.*?)\\.(pdf)$", 
                                RegexOptions.IgnoreCase);
                if (!FilenameRegex.IsMatch(filename))
                    throw new ApplicationException("Browse PDF files Only");
            }

What I have tried:

I tried with this code in the button click event:

C#

try
            {
                filename = UpName.Value.ToString();
                filepath =
                type = System.IO.Path.GetExtension(filename);
                Byte[] bytes = Convert.FromBase64String(UpData.Value);
                //Response.Clear();
                //Response.ClearHeaders();
                Response.Buffer = true;
                Response.Charset = "";
                this.EnableViewState = false;
                Response.Cache.SetCacheability(HttpCacheability.NoCache);
                Response.ContentType = "Application/pdf";
                //Response.AddHeader("Content-Disposition", 
                                     "attachment;filename=" + filename);
                Response.AppendHeader("Content-Disposition", "attachment; 
                                 filename=" + Path.GetFileName(filepath));
                Response.TransmitFile(Server.MapPath(filepath));
                Response.BinaryWrite(bytes);
                Response.Flush();
                Response.End();
                HttpContext.Current.ApplicationInstance.CompleteRequest();
            }

Posted 1-Nov-23 21:28pm

Minaketan Behera

Updated 4-Nov-23 5:01am

Deeksha Shenoy

v2

Add a Solution

Comments

Richard MacCutchan 2-Nov-23 5:07am

What is the problem?

Richard Deeming 2-Nov-23 5:11am

NB: The PostedFile.FileName property is entirely controlled by the client. A malicious user could send a request which would cause your code to save the uploaded file to any location of their choosing on your server, subject only to the file system permissions granted to your application's user.

Do not trust the FileName property. Validate it to ensure that it is not empty, and that it doesn't contain any characters which are not valid in a file name (Path.GetInvalidFileNameChars).

Richard Deeming 2-Nov-23 5:13am

Also, you're validating the file extension after you've already saved the file. I could upload an exe file, and your code would save it before throwing an exception indicating that it's not valid.

Minaketan Behera 4-Nov-23 2:46am

Thank You...Richard

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)