ASP.NET MVC 3中的服务器端图像上载验证-限制文件类型,大小和尺寸
[英]Server side image upload validation in ASP.NET MVC 3 - Restricting File Type, Size and Dimensions
问题描述
I've got a simple form: 
我有一个简单的表格:
@using (Html.BeginForm(null, null, FormMethod.Post, new { enctype="multipart/form-data" }))
{
<input type="file" name="image" />
<br />
<input type="submit" value="Upload" />
}
which I'm posting to: 我要发布到:
[HttpPost]
public ActionResult Upload(HttpPostedFileBase file)
{
if (file.ContentLength > 0)
{
// All necessary validation logic here
}
return RedirectToAction("Index");
}
I'm trying to restrict uploaded files to jpeg, png and gif formats. 我正在尝试将上传的文件限制为jpeg,png和gif格式。 I wan't to be able to restrict minimum and maximum width and height of the uploaded image as well as image filesize. 我将无法限制上传图像以及图像文件大小的最小和最大宽度和高度。
I guess I can check the size by simply changing if statement to: 我想我可以通过简单地将if语句更改为以下内容来检查大小:
if (file.ContentLength > 0 && file.ContentLength < maxUploadSize)
I know how to check the extension of the uploaded file but I would prefer to check its mime-type/header as well. 我知道如何检查上传文件的扩展名,但我也希望检查其mime-type / header。
Question : 问题 :
Given the example code above, how do I properly validate the uploaded file? 给定上面的示例代码,如何正确验证上传的文件? I want to make sure that the file is: 我要确保文件是:
- a JPEG, GIF or a PNG file (checking file extension and file header) JPEG,GIF或PNG文件(检查文件扩展名和文件头)
- not bigger than maximum upload size (file size) 不大于最大上传大小(文件大小)
- of dimensions within predefined limit (width/height) 尺寸在预定义限制内(宽度/高度)
1 个解决方案
解决方案1
1 2012-05-21 00:28:58
as you said, you should just validate image type by its file extension. 如您所说,您只需要通过文件扩展名验证图像类型。 since request header can be faked, it's not reliable. 由于请求标头可以伪造,因此不可靠。
for maximum upload size, you need to update your web.config or machine.config depending on your needs - app level or machine level. 为了获得最大的上传大小,您需要根据需要-应用级别或机器级别更新web.config或machine.config。
for IIS6: 对于IIS6:
<location path="upload">
<system.web>
<httpRuntime maxRequestLength="xxx" />
</system.web>
</location>
for IIS7: http://support.microsoft.com/kb/942074/ IIS7: http : //support.microsoft.com/kb/942074/
as for validating dimensions, you have to read in the image and check for its width and height properties and this is the constructor bitmap class to do that in-memory. 至于验证尺寸,您必须读入图像并检查其width和height属性,这是构造函数位图类 ,用于在内存中进行操作。 if you want to save the image to file first, then use this one . 如果要先将图像保存到文件,请使用此图像。
fine print: increasing this value may make you become a Denial of Service (DOS) attack victim as described here . 小字:增加该值可以让你成为服务(DOS)攻击受害者的拒绝所描述这里 。
security measures: 安防措施:
- one work around i can think of at this moment is setup another server/machine to handle file upload so your main web server is not taking the hit. 我现在可以想到的一种解决方法是设置另一台服务器/计算机来处理文件上传,因此您的主Web服务器不会受到影响。
- use
<location path="my-upload-path">to apply this setting to a single location.使用<location path="my-upload-path">将此设置应用于单个位置。 - consider using HttpHandler or HttpModule to handle upload. 考虑使用HttpHandler或HttpModule处理上传。
i'll update my answer once i have a better solution than that. 如果我有更好的解决方案,我将更新我的答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.