FileUpload控件上传文件时不应该
[英]FileUpload control uploading file when it shouldn't
问题描述
I have a file upload form that uses FileUpload control in asp.net 4.0. 
我有一个文件上传表单,在asp.net 4.0中使用FileUpload控件。 On my upload button i check the file that is being submitted for some restrictions like this: 在我的上传按钮上,我检查正在提交的文件是否有这样的限制:
FileUpload fu = new FileUpload();
if (fu.HasFile)
{
if ((extension == ".jpg") || (extension == ".png") || (extension == ".gif"))
{
if (fu.PostedFile.ContentLength <= 2MB)
{
fu.SaveAs("path"); // save the file on the server
// check file header ...
}
}
}
The problem is that when i submit a video (which obviously has a different extension and size > 2MB) instead of checking this on the client and give the error i have set up, it uploads it and then the client receives the error. 问题是,当我提交一个视频(显然有不同的扩展名和大小> 2MB)而不是在客户端上检查这个并给出我已经设置的错误时,它上传它然后客户端收到错误。 Problem is what if the client submits a 1GB file?! 如果客户端提交1GB文件会出现问题?! I mean, how does it pass from extension and size validation to SaveAs(), i can't understand. 我的意思是,它如何从扩展和大小验证传递到SaveAs(),我无法理解。 Any opinions? 任何意见? Thanks! 谢谢!
3 个解决方案
解决方案1
2 2013-03-01 11:33:11
Unfortunately, that code runs on the server, which means it can only do those checks after the file has been uploaded. 不幸的是,该代码在服务器上运行,这意味着它只能在文件上传后进行这些检查。
If the user attempts to upload a very large file, the request length limits (defined in web.config) will catch it, and the upload will be aborted once the limit is reached. 如果用户尝试上传非常大的文件,请求长度限制(在web.config中定义)将捕获它,并且一旦达到限制就会中止上载。
Other than that, you really do have to check the file on the server; 除此之外,你真的必须检查服务器上的文件; and you should check more than just the extension. 你应该检查的不仅仅是扩展名。 Someone could easily change the extension of a file to something else. 有人可以轻松地将文件的扩展名更改为其他内容。 That may or may not be an actual problem - but most likely is! 这可能是也可能不是实际问题 - 但最有可能的是! (if nothing else, subsequent website users would see broken image placeholders when the browser tries to load a Word document as if it were an image, for example) (如果没有别的,后续网站用户会在浏览器尝试加载Word文档时看到损坏的图像占位符,就好像它是图像一样)
解决方案2
0 2013-03-01 11:36:15
if you are using html5 then you can use FileReader. 如果您使用的是html5,那么您可以使用FileReader。 FileReader Javascript FileReader Javascript
- You can validate from client side for size, content type. 您可以从客户端验证大小,内容类型。
- once it get validated, you can post it to the server. 一旦验证,您可以将其发布到服务器。
code taken from : FileReader Javascript 代码取自: FileReader Javascript
<script>
function handleFileSelect(evt) {
var files = evt.target.files; // FileList object
// files is a FileList of File objects. List some properties.
var output = [];
for (var i = 0, f; f = files[i]; i++) {
output.push('<li><strong>', escape(f.name), '</strong> (', f.type || 'n/a', ') - ',
f.size, ' bytes, last modified: ',
f.lastModifiedDate ? f.lastModifiedDate.toLocaleDateString() : 'n/a',
'</li>');
}
document.getElementById('list').innerHTML = '<ul>' + output.join('') + '</ul>';
}
document.getElementById('files').addEventListener('change', handleFileSelect, false);
</script>
polyfills for filereader 文件阅读器的polyfill
解决方案3
0 2013-03-01 11:36:28
IS this your actual code? 这是你的实际代码吗? What is 2MB? 什么是2MB? It's not a string or an integer. 它不是字符串或整数。 I'm surprised it even compiled. 甚至编译我都很惊讶。 You should have something like this: 你应该有这样的东西:
int iFileSize = file.ContentLength;
if (iFileSize > 1000000) // 1MB approx (actually less though)
{
// File is too big so do something here
return;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.