如何在上传到网页之前检查文件的多个扩展名答案

【问题标题】：How to check multiple extensions of a file before upload to on webpage如何在上传到网页之前检查文件的多个扩展名
【发布时间】：2017-06-04 04:27:09
【问题描述】：

我正在尝试在网页上上传仅允许 pdf 扩展名的文件。但是，如果我将任何文件（即 a.jpeg）的扩展名更改为 .pdf，这将类似于 a.jpeg.pdf，然后它可以上传到网页上。所以我想在将单个文件上传到网页之前检查多个扩展名。

下面是我的代码。

if (file != null && file.ContentLength > 0)
                {
                    int MaxContentLength = 1024 * 1024 * 4;
                    string[] AllowedFileExtensions = new string[] { ".pdf" };
                    if (!AllowedFileExtensions.Contains(file.FileName.Substring(file.FileName.LastIndexOf('.'))))
                    {
                        ModelState.AddModelError("File", "(SERVER)Please select file of type: " + string.Join(", ", AllowedFileExtensions));
                        return RedirectToAction("AddNewRule", "CreateRule");
                    }
                    else if (file.ContentLength > MaxContentLength)
                    {
                        ModelState.AddModelError("File", "(SERVER)Your file is too large, maximum allowed size is: " + MaxContentLength + " MB");
                        return RedirectToAction("AddNewRule","CreateRule");
                    }
                    var fileName = Path.GetFileName(file.FileName);
                    var filetype = Path.GetExtension(fileName);
                    var mimeType = MimeMapping.GetMimeMapping(filetype);
                    if (mimeType == "application/pdf")
                    {
                        var path = Path.Combine(Server.MapPath("~/Files"), fileName);
                        file.SaveAs(path);
                        rule_add.File_Name = fileName;
                        rule_add.File_Path = path;
                        rule_add.File_Page = addrule.pagenum;
                    }
                    else
                    {
                        ModelState.AddModelError("File", "(SERVER)This file doesn't has valid content ");
                        return RedirectToAction("AddNewRule", "CreateRule");
                    }
                }

感谢您的帮助。

【问题讨论】：

也许更强大的检查会检查文件内容而不是扩展名？例如，请参阅How to detect if a file is PDF or TIFF?。
也许您应该通过pdf header检查上传的文件是否为pdf，而不是依赖文件扩展名
如果您更改 a.jpeg 的扩展名从 jpeg 到 pdf 它是 a.pdf，而不是 a.jpeg.pdf。
文件名由客户端提供。但是网络的第一条规则是你不能信任客户端。他们可以提供任何他们想要的东西并告诉你这是一个 PDF。

标签： c# asp.net-mvc

【解决方案1】：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.IO;
namespace CopaRule.Models
{
    public class MimeType
    {`enter code here`
        private static readonly byte[] BMP = { 66, 77 };
        private static readonly byte[] DOC = { 208, 207, 17, 224, 161, 177, 26, 225 };
        private static readonly byte[] EXE_DLL = { 77, 90 };
        private static readonly byte[] GIF = { 71, 73, 70, 56 };
        private static readonly byte[] ICO = { 0, 0, 1, 0 };
        private static readonly byte[] JPG = { 255, 216, 255 };
        private static readonly byte[] MP3 = { 255, 251, 48 };
        private static readonly byte[] OGG = { 79, 103, 103, 83, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0 };
        private static readonly byte[] PDF = { 37, 80, 68, 70, 45, 49, 46 };
        private static readonly byte[] PNG = { 137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82 };
        private static readonly byte[] RAR = { 82, 97, 114, 33, 26, 7, 0 };
        private static readonly byte[] SWF = { 70, 87, 83 };
        private static readonly byte[] TIFF = { 73, 73, 42, 0 };
        private static readonly byte[] TORRENT = { 100, 56, 58, 97, 110, 110, 111, 117, 110, 99, 101 };
        private static readonly byte[] TTF = { 0, 1, 0, 0, 0 };
        private static readonly byte[] WAV_AVI = { 82, 73, 70, 70 };
        private static readonly byte[] WMV_WMA = { 48, 38, 178, 117, 142, 102, 207, 17, 166, 217, 0, 170, 0, 98, 206, 108 };
        private static readonly byte[] ZIP_DOCX = { 80, 75, 3, 4 };

        public static string GetMimeType(byte[] file, string fileName)
        {

            string mime = "application/octet-stream"; //DEFAULT UNKNOWN MIME TYPE

            //Ensure that the filename isn't empty or null
            if (string.IsNullOrWhiteSpace(fileName))
            {
                return mime;
            }

            //Get the file extension
            string extension = Path.GetExtension(fileName) == null
                                   ? string.Empty
                                   : Path.GetExtension(fileName).ToUpper();

            //Get the MIME Type
            if (file.Take(2).SequenceEqual(BMP))
            {
                mime = "image/bmp";
            }
            else if (file.Take(8).SequenceEqual(DOC))
            {
                mime = "application/msword";
            }
            else if (file.Take(2).SequenceEqual(EXE_DLL))
            {
                mime = "application/x-msdownload"; //both use same mime type
            }
            else if (file.Take(4).SequenceEqual(GIF))
            {
                mime = "image/gif";
            }
            else if (file.Take(4).SequenceEqual(ICO))
            {
                mime = "image/x-icon";
            }
            else if (file.Take(3).SequenceEqual(JPG))
            {
                mime = "image/jpeg";
            }
            else if (file.Take(3).SequenceEqual(MP3))
            {
                mime = "audio/mpeg";
            }
            else if (file.Take(14).SequenceEqual(OGG))
            {
                if (extension == ".OGX")
                {
                    mime = "application/ogg";
                }
                else if (extension == ".OGA")
                {
                    mime = "audio/ogg";
                }
                else
                {
                    mime = "video/ogg";
                }
            }
            else if (file.Take(7).SequenceEqual(PDF))
            {
                mime = "application/pdf";
            }
            else if (file.Take(16).SequenceEqual(PNG))
            {
                mime = "image/png";
            }
            else if (file.Take(7).SequenceEqual(RAR))
            {
                mime = "application/x-rar-compressed";
            }
            else if (file.Take(3).SequenceEqual(SWF))
            {
                mime = "application/x-shockwave-flash";
            }
            else if (file.Take(4).SequenceEqual(TIFF))
            {
                mime = "image/tiff";
            }
            else if (file.Take(11).SequenceEqual(TORRENT))
            {
                mime = "application/x-bittorrent";
            }
            else if (file.Take(5).SequenceEqual(TTF))
            {
                mime = "application/x-font-ttf";
            }
            else if (file.Take(4).SequenceEqual(WAV_AVI))
            {
                mime = extension == ".AVI" ? "video/x-msvideo" : "audio/x-wav";
            }
            else if (file.Take(16).SequenceEqual(WMV_WMA))
            {
                mime = extension == ".WMA" ? "audio/x-ms-wma" : "video/x-ms-wmv";
            }
            else if (file.Take(4).SequenceEqual(ZIP_DOCX))
            {
                mime = extension == ".DOCX" ? "application/vnd.openxmlformats-officedocument.wordprocessingml.document" : "application/x-zip-compressed";
            }

            return mime;
        }
    }
}

Finally i got the solution. Above code helped me.

Thank you all for your suggestions.

【讨论】：