靜塵
靜塵
-
个人空间
相册
- 组别:管理员
- 性别:
- 生日:1985-3-29
- 来自:江西南昌
- 积分:10200
- 帖子:190
- 注册:
2007-12-17
|
ASP.NET上传判断类型,防止黑客上传非法文件
  | | using System; |  | | using System.IO; |  | | using System.Web.UI.WebControls; |  | | |  | | namespace Pack |  | | { |  | | public enum FileExtension |  | | { |  | | JPG = 255216, | | | GIF = 7173, | | | BMP = 6677, | | | PNG = 13780 | | | // 255216 jpg; | | | // 7173 gif; | | | // 6677 bmp, | | | // 13780 png; | | | // 7790 exe dll, | | | // 8297 rar | | | // 6063 xml | | | // 6033 html | | | // 239187 aspx | | | // 117115 cs | | | // 119105 js | | | // 210187 txt | | | //255254 sql | | | } | | | | | | public class FileValidation | | | { | | | public static bool IsAllowedExtension(FileUpload fu, FileExtension[] fileEx) | | | { | | | int fileLen = fu.PostedFile.ContentLength; | | | byte[] imgArray = new byte[fileLen]; | | | fu.PostedFile.InputStream.Read(imgArray, 0, fileLen); | | | MemoryStream ms = new MemoryStream(imgArray); | | | System.IO.BinaryReader br = new System.IO.BinaryReader(ms); | | | string fileclass = ""; | | | byte buffer; | | | try | | | { | | | buffer = br.ReadByte(); | | | fileclass = buffer.ToString(); | | | buffer = br.ReadByte(); | | | fileclass += buffer.ToString(); | | | } | | | catch | | | { | | | } | | | br.Close(); | | | ms.Close(); | | | foreach (FileExtension fe in fileEx) | | | { | | | if (Int32.Parse(fileclass) == (int) fe) | | | return true; | | | } | | | return false; | | | } | | | } | | | } |
上传事件判断上传类型: | | protected void btnUpload_Click(object sender, EventArgs e) | | | { | | | string filename = ""; | | | Boolean fileOK = false; | | | if (FileUpload1.HasFile) | | | { | | | String fileExtension = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower(); | | | String[] allowedExtensions = { ".gif", ".png", ".jpeg", ".jpg" }; | | | for (int i = 0; i < allowedExtensions.Length; i++) | | | { | | | if (fileExtension == allowedExtensions<i>) | | | { | | | fileOK = true; | | | } | | | } | | | } | | | | | | FileExtension[] fe = { FileExtension.BMP, FileExtension.GIF, FileExtension.JPG, FileExtension.PNG }; | | | if (fileOK && FileValidation.IsAllowedExtension(FileUpload1, fe)) | | | { | | | string fileExt = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower(); | | | filename = "/Images/" + DateTime.Now.ToString("yyyyMMddHHmmss") + fileExt; | | | FileUpload1.PostedFile.SaveAs(Server.MapPath(filename)); | | | } | | | else | | | { | | | LTP.Common.MessageBox.Show(this, "只支持以下格式的图片\\rJPG,BMP,GIF,PNG"); | | | return; | | | } | | | } |
|
