如题所述
å¯ä»¥é²æ¢ï¼ç¬¬ä¸ç§å°±æ¯ç¨æ件头çæ¹å¼éªè¯ï¼ä»£ç å¦ä¸ï¼
private bool IsAllowedExtension(HttpPostedFile hifile)
{
bool result = false;
FileStream strFile = new FileStream(hifile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
BinaryReader bReader = new BinaryReader(strFile);
string fileclass = "";
byte buffer;
try
{
buffer = bReader.ReadByte();
fileclass = buffer.ToString();
buffer = bReader.ReadByte();
fileclass += buffer.ToString();
}
catch
{
return false;
}
bReader.Close();
strFile.Close();
/*æ件æ©å±å说æ
*4946/104116 txt
*7173 gif
*255216 jpg
*13780 png
*6677 bmp
*239187 txt,aspx,asp,sql
*208207 xls.doc.ppt
*6063 xml
*6033 htm,html
*4742 js
*8075 xlsx,zip,pptx,mmap,zip
*8297 rar
*01 accdb,mdb
*/
//纯å¾ç
String[] fileType = {
"7173", //gif
"255216", //jpg
"13780" //png
};
for (int i = 0; i < fileType.Length; i++)
{
if (fileclass == fileType[i])
{
result = true;
break;
}
}
Response.Write(fileclass);
return result;
}
protected void btnOk_Click(object sender, EventArgs e)
{
if (IsAllowedExtension(uFile.PostedFile))
{
Response.Write("<script>alert('OK')</script>");
}
}
第äºç§ç¨æ件æµçæ¹å¼éªè¯
/// <summary>
/// éªè¯æµ
/// </summary>
/// <param name="UpFile">ä¸ä¼ æ§ä»¶(HttpPostedFile æ HtmlInputFile)</param>
/// <param name="_extensions">æ©å±åï¼æ°ç»ï¼</param>
/// <param name="SavePath">ä¿åè·¯å¾ï¼ç»å¯¹è·¯å¾ï¼</param>
/// <param name="size">æ件大å°åä½(KB)</param>
/// <param name="err">é误信æ¯</param>
/// <param name="SourcePage">æºé¡µé¢</param>
/// <returns>è¿åæ°æ件å</returns>
public static string UpLoadFileImg(HtmlInputFile UpFile, string[] _extensions, string SavePath, int size,
out string err, System.Web.UI.Page SourcePage)
{
//éå®é¡µé¢
SourcePage.Application.Lock();
string error = String.Empty;//é误信æ¯
string Img = UpFile.PostedFile.FileName.Trim();//è·åæ件å
string Exten = Path.GetExtension(UpFile.PostedFile.FileName).ToLower();//è·åæ件çæ©å±å
bool IsExtension = false;//æ¯å¦åå¨è¯¥æ©å±å
string FileType = UpFile.PostedFile.ContentType.ToLower();//è·åæ件çç±»å
if (Img != "")
{
//å¤æå¾çæ©å±ååç±»åéªè¯
for (int i = 0; i < _extensions.Length; i++)
{
if (Exten == _extensions[i].ToString())
{
IsExtension = true;
break;
}
}
if (!IsExtension && (FileType != "image/gif" || FileType != "image/x-png" || FileType != "image/pjpeg"
|| FileType != "image/bmp"))
{
error = "对ä¸èµ·,æ¨ä¸è½ä¸ä¼ 该类åçæ件!";
err = error;
return Img;
}
if (UpFile.PostedFile.ContentLength > (size * 1024))
{
error = "对ä¸èµ·,æ件大å°ä¸è½å¤§äº" + size + "KB!";
err = error;
return Img;
}
try
{
Img = DateTime.Now.Ticks + Exten;//éæ°ç»æ件å½å
//ä¸ä¼ æ件
UpFile.PostedFile.SaveAs(SavePath + Img);
//æåä¸æ¥é«çº§éªè¯ï¼å¾çä¸ä¼ åçæä½ï¼å¤ææ¯å¦åå¨å±é©
StreamReader sr = new StreamReader(SavePath + Img, Encoding.Default);
string strContent = sr.ReadToEnd();
sr.Close();
string str = "request|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas";
str+="|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=";
foreach (string s in str.Split('|'))
{
if (strContent.IndexOf(s) != -1)
{
File.Delete(SavePath + Img);
error = "对ä¸èµ·,该æ件å 容åå¨é£é©,ç¦æ¢ä¸ä¼ !";
err = error;
return Img;
}
}
}
catch
{
error = "ç³»ç»é误,ä¸ä¼ 失败!";
}
}
else
error = "对ä¸èµ·,请éæ©è¦ä¸ä¼ çæ件!";
//åæ¶éå®é¡µé¢
SourcePage.Application.UnLock();
err = error;
return Img;
}
private bool IsAllowedExtension(HttpPostedFile hifile)
{
bool result = false;
FileStream strFile = new FileStream(hifile.FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
BinaryReader bReader = new BinaryReader(strFile);
string fileclass = "";
byte buffer;
try
{
buffer = bReader.ReadByte();
fileclass = buffer.ToString();
buffer = bReader.ReadByte();
fileclass += buffer.ToString();
}
catch
{
return false;
}
bReader.Close();
strFile.Close();
/*æ件æ©å±å说æ
*4946/104116 txt
*7173 gif
*255216 jpg
*13780 png
*6677 bmp
*239187 txt,aspx,asp,sql
*208207 xls.doc.ppt
*6063 xml
*6033 htm,html
*4742 js
*8075 xlsx,zip,pptx,mmap,zip
*8297 rar
*01 accdb,mdb
*/
//纯å¾ç
String[] fileType = {
"7173", //gif
"255216", //jpg
"13780" //png
};
for (int i = 0; i < fileType.Length; i++)
{
if (fileclass == fileType[i])
{
result = true;
break;
}
}
Response.Write(fileclass);
return result;
}
protected void btnOk_Click(object sender, EventArgs e)
{
if (IsAllowedExtension(uFile.PostedFile))
{
Response.Write("<script>alert('OK')</script>");
}
}
第äºç§ç¨æ件æµçæ¹å¼éªè¯
/// <summary>
/// éªè¯æµ
/// </summary>
/// <param name="UpFile">ä¸ä¼ æ§ä»¶(HttpPostedFile æ HtmlInputFile)</param>
/// <param name="_extensions">æ©å±åï¼æ°ç»ï¼</param>
/// <param name="SavePath">ä¿åè·¯å¾ï¼ç»å¯¹è·¯å¾ï¼</param>
/// <param name="size">æ件大å°åä½(KB)</param>
/// <param name="err">é误信æ¯</param>
/// <param name="SourcePage">æºé¡µé¢</param>
/// <returns>è¿åæ°æ件å</returns>
public static string UpLoadFileImg(HtmlInputFile UpFile, string[] _extensions, string SavePath, int size,
out string err, System.Web.UI.Page SourcePage)
{
//éå®é¡µé¢
SourcePage.Application.Lock();
string error = String.Empty;//é误信æ¯
string Img = UpFile.PostedFile.FileName.Trim();//è·åæ件å
string Exten = Path.GetExtension(UpFile.PostedFile.FileName).ToLower();//è·åæ件çæ©å±å
bool IsExtension = false;//æ¯å¦åå¨è¯¥æ©å±å
string FileType = UpFile.PostedFile.ContentType.ToLower();//è·åæ件çç±»å
if (Img != "")
{
//å¤æå¾çæ©å±ååç±»åéªè¯
for (int i = 0; i < _extensions.Length; i++)
{
if (Exten == _extensions[i].ToString())
{
IsExtension = true;
break;
}
}
if (!IsExtension && (FileType != "image/gif" || FileType != "image/x-png" || FileType != "image/pjpeg"
|| FileType != "image/bmp"))
{
error = "对ä¸èµ·,æ¨ä¸è½ä¸ä¼ 该类åçæ件!";
err = error;
return Img;
}
if (UpFile.PostedFile.ContentLength > (size * 1024))
{
error = "对ä¸èµ·,æ件大å°ä¸è½å¤§äº" + size + "KB!";
err = error;
return Img;
}
try
{
Img = DateTime.Now.Ticks + Exten;//éæ°ç»æ件å½å
//ä¸ä¼ æ件
UpFile.PostedFile.SaveAs(SavePath + Img);
//æåä¸æ¥é«çº§éªè¯ï¼å¾çä¸ä¼ åçæä½ï¼å¤ææ¯å¦åå¨å±é©
StreamReader sr = new StreamReader(SavePath + Img, Encoding.Default);
string strContent = sr.ReadToEnd();
sr.Close();
string str = "request|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas";
str+="|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=";
foreach (string s in str.Split('|'))
{
if (strContent.IndexOf(s) != -1)
{
File.Delete(SavePath + Img);
error = "对ä¸èµ·,该æ件å 容åå¨é£é©,ç¦æ¢ä¸ä¼ !";
err = error;
return Img;
}
}
}
catch
{
error = "ç³»ç»é误,ä¸ä¼ 失败!";
}
}
else
error = "对ä¸èµ·,请éæ©è¦ä¸ä¼ çæ件!";
//åæ¶éå®é¡µé¢
SourcePage.Application.UnLock();
err = error;
return Img;
}
温馨提示:答案为网友推荐,仅供参考
