以前發過一個.NET上傳檔案的方法的,不過那個方法中對檔案類型的判斷只是對尾碼名來進行判斷的,這樣假如我把一個txt文字檔的尾碼名改為jpg了也可以上傳,這樣無意中就造成了安全問題。
剛剛從網上找了個方法,實驗了一下,是能夠辨認出正確的檔案類型的,如下:
using System;<br />using System.Collections.Generic;<br />using System.Linq;<br />using System.Web;<br />using System.Web.UI;<br />using System.Web.UI.WebControls;<br />using System.IO; </p><p>public partial class niunantest : System.Web.UI.Page<br />{<br /> protected void Page_Load(object sender, EventArgs e)<br /> { </p><p> }<br /> protected void Button1_Click(object sender, EventArgs e)<br /> {<br /> string str = FileUpload1.PostedFile.ContentType;<br /> Response.Write("檔案類型:"+str); </p><p> string filename = ""; </p><p> FileExtension[] fe = { FileExtension.GIF, FileExtension.JPG, FileExtension.PNG };<br /> if (FileValidation.IsAllowedExtension(FileUpload1, fe))<br /> {<br /> string fileExt = System.IO.Path.GetExtension(FileUpload1.FileName).ToLower();<br /> Response.Write("<br>驗證通過!");<br /> //filename = "/Images/" + DateTime.Now.ToString("yyyyMMddHHmmss") + fileExt;<br /> //FileUpload1.PostedFile.SaveAs(Server.MapPath(filename));<br /> }<br /> else<br /> {<br /> Response.Write( "<br>驗證不通過,只支援以下格式的圖片:JPG,GIF,PNG");<br /> return;<br /> } </p><p> } </p><p> public enum FileExtension<br /> {<br /> JPG = 255216,<br /> GIF = 7173,<br /> PNG = 13780,<br /> SWF = 6787,<br /> RAR = 8297,<br /> ZIP = 8075,<br /> _7Z = 55122 </p><p> // 255216 jpg; </p><p> // 7173 gif; </p><p> // 6677 bmp, </p><p> // 13780 png; </p><p> // 6787 swf </p><p> // 7790 exe dll, </p><p> // 8297 rar </p><p> // 8075 zip </p><p> // 55122 7z </p><p> // 6063 xml </p><p> // 6033 html </p><p> // 239187 aspx </p><p> // 117115 cs </p><p> // 119105 js </p><p> // 102100 txt </p><p> // 255254 sql </p><p> } </p><p> public class FileValidation<br /> {<br /> public static bool IsAllowedExtension(FileUpload fu, FileExtension[] fileEx)<br /> {<br /> int fileLen = fu.PostedFile.ContentLength;<br /> byte[] imgArray = new byte[fileLen];<br /> fu.PostedFile.InputStream.Read(imgArray, 0, fileLen);<br /> MemoryStream ms = new MemoryStream(imgArray);<br /> System.IO.BinaryReader br = new System.IO.BinaryReader(ms);<br /> string fileclass = "";<br /> byte buffer;<br /> try<br /> {<br /> buffer = br.ReadByte();<br /> fileclass = buffer.ToString();<br /> buffer = br.ReadByte();<br /> fileclass += buffer.ToString();<br /> }<br /> catch<br /> {<br /> }<br /> br.Close();<br /> ms.Close();<br /> foreach (FileExtension fe in fileEx)<br /> {<br /> if (Int32.Parse(fileclass) == (int)fe)<br /> return true;<br /> }<br /> return false;<br /> }<br /> }<br />}<br />
個人理解:上面的代碼中判斷檔案類型的應該是把檔案轉成二進位的位元組,然後取開頭2個位元組,這樣看來的話開頭2個位元組就表示檔案的類型...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
