Last active
December 22, 2015 06:18
-
-
Save molsches/6430008 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
string filePath = Path.Combine(TempPath, file.FileName); | |
/*Even though Jquery handles checking by doctypes, we have built checking on the server side | |
* To protect against javascript hacks | |
* | |
* The jquery doesn't normalize the text in the file extension. We may choose to | |
* handle this ourselves when we come up with a standard naming scheme for consistency's sake later, | |
* but for now, ToLower() the extension. */ | |
string checkValidExt = Path.GetExtension(filePath); | |
if (checkValidExt.ToLower() != ".png" || checkValidExt.ToLower() != ".jpg") | |
{ | |
return "Please enter a valid file."; | |
} | |
System.IO.File.WriteAllBytes(filePath, ReadData(file.InputStream)); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HttpContext.Current.Request.ContentLength should give us the length of the total content in the Request. That should be good enough to use to filter out bad requests. Since a lot of end user's have no idea what a large file is and we're saving thumbnails we should accept up to 10MB.