File upload validatios

Question

0.00/5 (No votes)

See more:

Hi,
I need a validator for file upload functionality in my application developed using asp.net.
the validator should allow only doc,pdf files. Even if the user tries to enter malicious files
by exchanging the extension,the validator should not allow.
Please let me know how to detect renamed extensions in C#

Thanks in advance

Posted 29-Oct-13 5:04am

naveenkm7

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

seyed mahmud shahrokni · Answer 1 · 2013-10-29T05:19:00

Solution 1

this is an answer ...

C#

if (FileUpload1.HasFile)
        {
            if (FileUpload1.FileName.EndsWith("pdf") || FileUpload1.FileName.EndsWith("docx"))
            {
               // save file Cods ... 
            }
            else
            {
                //do nothing !!
                Response.Write("Error!!!");
            }
        }

Posted 29-Oct-13 5:19am

seyed mahmud shahrokni

Comments

naveenkm7 29-Oct-13 11:26am

the above code checks only the extension.What if the file extension is modified?
Say, I modify any .exe file to doc and upload the same

seyed mahmud shahrokni 29-Oct-13 11:30am

ow !!! i see ( Even if the user tries to enter malicious files
by exchanging the extension,the validator should not allow. ),,
!!

Richard C Bishop · Answer 2 · 2013-10-29T05:25:00

Solution 2

Try something like this:

string filename = "C:\\" + FileUpload1.FileName.ToString();

if (filename.EndsWith(".doc") || filename.EndsWith(".pdf"))
{
    FileUpload1.SaveAs(filename);
}
else
{
   //don't do stuff
}

It is simple, but should work for what you need. Of course you will chose the appropriate path for your saved file

Posted 29-Oct-13 5:25am

Richard C Bishop

Comments

naveenkm7 29-Oct-13 11:28am

How to detect files with modified extensions?

Richard C Bishop 29-Oct-13 11:32am

That is the detection taking place. It checks for the files you are allowing, not all the possible ones you are not checking. Perform the necessary function within the if statement. That ensures that only your desired documents are treated as they should.

seyed mahmud shahrokni 29-Oct-13 11:30am

Even if the user tries to enter malicious files by exchanging the extension,the validator should not allow. !!!!!

idenizeni 29-Oct-13 14:59pm

You can check the filename's extension before the client uploads the file but you cannot tell if the file has been renamed with a different extension until the file is on the server. You don't have access to read the file contents until it has been uploaded. You will need to check the file extension on the client and check the extension is valid for the file contents once it has been uploaded to the server. I would review Nick Fisher's posted solution as it seems to be doing this.

naveenkm7 29-Oct-13 11:35am

It should not allow a file if the extension is changed from .exe to .doc

Nick Fisher (Consultant) · Answer 3 · 2013-10-29T05:35:00

Solution 3

If you want to detect the actual type of the file rather than the extension, then you will need to look at retrieving the MIME type, something like:

http://stackoverflow.com/questions/11547654/determine-the-file-type-using-c-sharp[^]

Posted 29-Oct-13 5:35am

Nick Fisher (Consultant)

Comments

naveenkm7 29-Oct-13 12:24pm

I tried the above code.It seems it does not work