Menu
So I'm using this code for view:
<form action="" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <input type="submit" /> </form> This for model:
[HttpPost] public ActionResult Index(HttpPostedFileBase file) { if (file.ContentLength > 0) { var fileName = Path.GetFileName(file.FileName); var path = Path.Combine(Server.MapPath("~/App_Data/uploads"), fileName); file.SaveAs(path); } return RedirectToAction("Index"); } Works great unless the user add a file which isn't an image. How can I assure the file uploaded is an image. Thanks
860
bool CheckFileType(string fileName) { string ext = Path. GetExtension(fileName); switch (ext. ToLower()) { case ". gif": return true; case ".
The HttpPostedFileBase class is an abstract class that contains the same members as the HttpPostedFile class. The HttpPostedFileBase class lets you create derived classes that are like the HttpPostedFile class, but that you can customize and that work outside the ASP.NET pipeline.
In case it can helps anyone, Here is a static method for HttpPostedFileBase that checks if a given uploaded file is an image:
public static class HttpPostedFileBaseExtensions { public const int ImageMinimumBytes = 512; public static bool IsImage(this HttpPostedFileBase postedFile) { //------------------------------------------- // Check the image mime types //------------------------------------------- if (!string.Equals(postedFile.ContentType, "image/jpg", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFile.ContentType, "image/jpeg", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFile.ContentType, "image/pjpeg", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFile.ContentType, "image/gif", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFile.ContentType, "image/x-png", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFile.ContentType, "image/png", StringComparison.OrdinalIgnoreCase)) { return false; } //------------------------------------------- // Check the image extension //------------------------------------------- var postedFileExtension = Path.GetExtension(postedFile.FileName); if (!string.Equals(postedFileExtension , ".jpg", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFileExtension , ".png", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFileExtension , ".gif", StringComparison.OrdinalIgnoreCase) && !string.Equals(postedFileExtension , ".jpeg", StringComparison.OrdinalIgnoreCase)) { return false; } //------------------------------------------- // Attempt to read the file and check the first bytes //------------------------------------------- try { if (!postedFile.InputStream.CanRead) { return false; } //------------------------------------------ // Check whether the image size exceeding the limit or not //------------------------------------------ if (postedFile.ContentLength < ImageMinimumBytes) { return false; } byte[] buffer = new byte[ImageMinimumBytes]; postedFile.InputStream.Read(buffer, 0, ImageMinimumBytes); string content = System.Text.Encoding.UTF8.GetString(buffer); if (Regex.IsMatch(content, @"<script|<html|<head|<title|<body|<pre|<table|<a\s+href|<img|<plaintext|<cross\-domain\-policy", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.Multiline)) { return false; } } catch (Exception) { return false; } //------------------------------------------- // Try to instantiate new Bitmap, if .NET will throw exception // we can assume that it's not a valid image //------------------------------------------- try { using (var bitmap = new System.Drawing.Bitmap(postedFile.InputStream)) { } } catch (Exception) { return false; } finally { postedFile.InputStream.Position = 0; } return true; } } Edit 2/10/2017: According to a suggested edit, added a finally statement to reset the stream, so we can use it later.
139
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
