asp.net - File Format check while File upload in C# -

March 15, 2011

while file upload have checked following thing

   if !(strextension == ".jpg" || strextension == ".jpeg" || strextension == ".pdf" || strextension == ".png")     send error

this working fine,

but have 1 issue ,if uploads xlsx file changing extension jpg uploader not obstruct , file saved orginally xlsx file

how check file origin. without extension.

thanks help

edit: use mime detective

i use byte array sequences determine correct mime type of given file. advantage of on looking @ file extension of file name if user rename file bypass file type upload restrictions, file name extension fail catch this. on other hand, getting file signature via byte array stop mischievous behavior happening.

here example in c#:

public class mimetype {     private static readonly byte[] bmp = { 66, 77 };     private static readonly byte[] doc = { 208, 207, 17, 224, 161, 177, 26, 225 };     private static readonly byte[] exe_dll = { 77, 90 };     private static readonly byte[] gif = { 71, 73, 70, 56 };     private static readonly byte[] ico = { 0, 0, 1, 0 };     private static readonly byte[] jpg = { 255, 216, 255 };     private static readonly byte[] mp3 = { 255, 251, 48 };     private static readonly byte[] ogg = { 79, 103, 103, 83, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0 };     private static readonly byte[] pdf = { 37, 80, 68, 70, 45, 49, 46 };     private static readonly byte[] png = { 137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82 };     private static readonly byte[] rar = { 82, 97, 114, 33, 26, 7, 0 };     private static readonly byte[] swf = { 70, 87, 83 };     private static readonly byte[] tiff = { 73, 73, 42, 0 };     private static readonly byte[] torrent = { 100, 56, 58, 97, 110, 110, 111, 117, 110, 99, 101 };     private static readonly byte[] ttf = { 0, 1, 0, 0, 0 };     private static readonly byte[] wav_avi = { 82, 73, 70, 70 };     private static readonly byte[] wmv_wma = { 48, 38, 178, 117, 142, 102, 207, 17, 166, 217, 0, 170, 0, 98, 206, 108 };     private static readonly byte[] zip_docx = { 80, 75, 3, 4 };      public static string getmimetype(byte[] file, string filename)     {          string mime = "application/octet-stream"; //default unknown mime type          //ensure filename isn't empty or null         if (string.isnullorwhitespace(filename))         {             return mime;         }          //get file extension         string extension = path.getextension(filename) == null                                ? string.empty                                : path.getextension(filename).toupper();          //get mime type         if (file.take(2).sequenceequal(bmp))         {             mime = "image/bmp";         }         else if (file.take(8).sequenceequal(doc))         {             mime = "application/msword";         }         else if (file.take(2).sequenceequal(exe_dll))         {             mime = "application/x-msdownload"; //both use same mime type         }         else if (file.take(4).sequenceequal(gif))         {             mime = "image/gif";         }         else if (file.take(4).sequenceequal(ico))         {             mime = "image/x-icon";         }         else if (file.take(3).sequenceequal(jpg))         {             mime = "image/jpeg";         }         else if (file.take(3).sequenceequal(mp3))         {             mime = "audio/mpeg";         }         else if (file.take(14).sequenceequal(ogg))         {             if (extension == ".ogx")             {                 mime = "application/ogg";             }             else if (extension == ".oga")             {                 mime = "audio/ogg";             }             else             {                 mime = "video/ogg";             }         }         else if (file.take(7).sequenceequal(pdf))         {             mime = "application/pdf";         }         else if (file.take(16).sequenceequal(png))         {             mime = "image/png";         }         else if (file.take(7).sequenceequal(rar))         {             mime = "application/x-rar-compressed";         }         else if (file.take(3).sequenceequal(swf))         {             mime = "application/x-shockwave-flash";         }         else if (file.take(4).sequenceequal(tiff))         {             mime = "image/tiff";         }         else if (file.take(11).sequenceequal(torrent))         {             mime = "application/x-bittorrent";         }         else if (file.take(5).sequenceequal(ttf))         {             mime = "application/x-font-ttf";         }         else if (file.take(4).sequenceequal(wav_avi))         {             mime = extension == ".avi" ? "video/x-msvideo" : "audio/x-wav";         }         else if (file.take(16).sequenceequal(wmv_wma))         {             mime = extension == ".wma" ? "audio/x-ms-wma" : "video/x-ms-wmv";         }         else if (file.take(4).sequenceequal(zip_docx))         {             mime = extension == ".docx" ? "application/vnd.openxmlformats-officedocument.wordprocessingml.document" : "application/x-zip-compressed";         }          return mime;     }   }

notice handled docx file types differently since docx zip file. in scenario, check file extension once verified has sequence. example far complete people, can add own.

if want add more mime types, can byte array sequences of many different file types from here. also, here resource concerning file signatures.

what lot of times if else fails step through several files of particular type looking , pattern in byte sequence of files. in end, still basic verification , cannot used 100% proof of determining file types.

Search This Blog

RT

asp.net - File Format check while File upload in C# -

Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

javascript - Replicate keyboard event with html button -

javascript - Web audio api 5.1 surround example not working in firefox -