ASP.NET上传文件对文件类型的高级判断
生活随笔
收集整理的這篇文章主要介紹了
ASP.NET上传文件对文件类型的高级判断
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
以前發(fā)過一個.NET上傳文件的方法的,不過那個方法中對文件類型的判斷只是對后綴名來進(jìn)行判斷的,這樣假如我把一個txt文本文件的后綴名改為jpg了也可以上傳,這樣無意中就造成了安全問題。
剛剛從網(wǎng)上找了個方法,試驗了一下,是能夠辨認(rèn)出正確的文件類型的,如下:
using?System;
using?System.Collections.Generic;
using?System.Linq;
using?System.Web;
using?System.Web.UI;
using?System.Web.UI.WebControls;
using?System.IO;
public?partial?class?niunantest?:?System.Web.UI.Page
{
????protected?void?Page_Load(object?sender,?EventArgs?e)
????{
????}
????protected?void?Button1_Click(object?sender,?EventArgs?e)
????{
????????string?str?=?FileUpload1.PostedFile.ContentType;
????????Response.Write("文件類型:"+str);
????????string?filename?=?"";
????????FileExtension[]?fe?=?{?FileExtension.GIF,?FileExtension.JPG,?FileExtension.PNG?};
????????if?(FileValidation.IsAllowedExtension(FileUpload1,?fe))
????????{
????????????string?fileExt?=?System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
????????????Response.Write("<br>驗證通過!");
????????????//filename?=?"/Images/"?+?DateTime.Now.ToString("yyyyMMddHHmmss")?+?fileExt;
????????????//FileUpload1.PostedFile.SaveAs(Server.MapPath(filename));
????????}
????????else
????????{
????????????Response.Write(?"<br>驗證不通過,只支持以下格式的圖片:JPG,GIF,PNG");
????????????return;
????????}
????}
????public?enum?FileExtension
????{
????????JPG?=?255216,
????????GIF?=?7173,
????????PNG?=?13780,
????????SWF?=?6787,
????????RAR?=?8297,
????????ZIP?=?8075,
????????_7Z?=?55122
????????//?255216?jpg;
????????//?7173?gif;
????????//?6677?bmp,
????????//?13780?png;
????????//?6787?swf
????????//?7790?exe?dll,
????????//?8297?rar
????????//?8075?zip
????????//?55122?7z
????????//?6063?xml
????????//?6033?html
????????//?239187?aspx
????????//?117115?cs
????????//?119105?js
????????//?102100?txt
????????//?255254?sql?
????}
????public?class?FileValidation
????{
????????public?static?bool?IsAllowedExtension(FileUpload?fu,?FileExtension[]?fileEx)
????????{
????????????int?fileLen?=?fu.PostedFile.ContentLength;
????????????byte[]?imgArray?=?new?byte[fileLen];
????????????fu.PostedFile.InputStream.Read(imgArray,?0,?fileLen);
????????????MemoryStream?ms?=?new?MemoryStream(imgArray);
????????????System.IO.BinaryReader?br?=?new?System.IO.BinaryReader(ms);
????????????string?fileclass?=?"";
????????????byte?buffer;
????????????try
????????????{
????????????????buffer?=?br.ReadByte();
????????????????fileclass?=?buffer.ToString();
????????????????buffer?=?br.ReadByte();
????????????????fileclass?+=?buffer.ToString();
????????????}
????????????catch
????????????{
????????????}
????????????br.Close();
????????????ms.Close();
????????????foreach?(FileExtension?fe?in?fileEx)
????????????{
????????????????if?(Int32.Parse(fileclass)?==?(int)fe)
????????????????????return?true;
????????????}
????????????return?false;
????????}
????}
}
個人理解:上面的代碼中判斷文件類型的應(yīng)該是把文件轉(zhuǎn)成二進(jìn)制的字節(jié),然后取開頭2個字節(jié),這樣看來的話開頭2個字節(jié)就表示文件的類型...
剛剛從網(wǎng)上找了個方法,試驗了一下,是能夠辨認(rèn)出正確的文件類型的,如下:
using?System;
using?System.Collections.Generic;
using?System.Linq;
using?System.Web;
using?System.Web.UI;
using?System.Web.UI.WebControls;
using?System.IO;
public?partial?class?niunantest?:?System.Web.UI.Page
{
????protected?void?Page_Load(object?sender,?EventArgs?e)
????{
????}
????protected?void?Button1_Click(object?sender,?EventArgs?e)
????{
????????string?str?=?FileUpload1.PostedFile.ContentType;
????????Response.Write("文件類型:"+str);
????????string?filename?=?"";
????????FileExtension[]?fe?=?{?FileExtension.GIF,?FileExtension.JPG,?FileExtension.PNG?};
????????if?(FileValidation.IsAllowedExtension(FileUpload1,?fe))
????????{
????????????string?fileExt?=?System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();
????????????Response.Write("<br>驗證通過!");
????????????//filename?=?"/Images/"?+?DateTime.Now.ToString("yyyyMMddHHmmss")?+?fileExt;
????????????//FileUpload1.PostedFile.SaveAs(Server.MapPath(filename));
????????}
????????else
????????{
????????????Response.Write(?"<br>驗證不通過,只支持以下格式的圖片:JPG,GIF,PNG");
????????????return;
????????}
????}
????public?enum?FileExtension
????{
????????JPG?=?255216,
????????GIF?=?7173,
????????PNG?=?13780,
????????SWF?=?6787,
????????RAR?=?8297,
????????ZIP?=?8075,
????????_7Z?=?55122
????????//?255216?jpg;
????????//?7173?gif;
????????//?6677?bmp,
????????//?13780?png;
????????//?6787?swf
????????//?7790?exe?dll,
????????//?8297?rar
????????//?8075?zip
????????//?55122?7z
????????//?6063?xml
????????//?6033?html
????????//?239187?aspx
????????//?117115?cs
????????//?119105?js
????????//?102100?txt
????????//?255254?sql?
????}
????public?class?FileValidation
????{
????????public?static?bool?IsAllowedExtension(FileUpload?fu,?FileExtension[]?fileEx)
????????{
????????????int?fileLen?=?fu.PostedFile.ContentLength;
????????????byte[]?imgArray?=?new?byte[fileLen];
????????????fu.PostedFile.InputStream.Read(imgArray,?0,?fileLen);
????????????MemoryStream?ms?=?new?MemoryStream(imgArray);
????????????System.IO.BinaryReader?br?=?new?System.IO.BinaryReader(ms);
????????????string?fileclass?=?"";
????????????byte?buffer;
????????????try
????????????{
????????????????buffer?=?br.ReadByte();
????????????????fileclass?=?buffer.ToString();
????????????????buffer?=?br.ReadByte();
????????????????fileclass?+=?buffer.ToString();
????????????}
????????????catch
????????????{
????????????}
????????????br.Close();
????????????ms.Close();
????????????foreach?(FileExtension?fe?in?fileEx)
????????????{
????????????????if?(Int32.Parse(fileclass)?==?(int)fe)
????????????????????return?true;
????????????}
????????????return?false;
????????}
????}
}
個人理解:上面的代碼中判斷文件類型的應(yīng)該是把文件轉(zhuǎn)成二進(jìn)制的字節(jié),然后取開頭2個字節(jié),這樣看來的話開頭2個字節(jié)就表示文件的類型...
轉(zhuǎn)載于:https://www.cnblogs.com/niunan/archive/2009/09/04/1560292.html
總結(jié)
以上是生活随笔為你收集整理的ASP.NET上传文件对文件类型的高级判断的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
