Empty file after scanning uploaded file

3 posts, 0 answers
  1. Paul
    Paul avatar
    2 posts
    Member since:
    Sep 2011

    Posted 27 Oct 2011 Link to this post

    HI there,

    I'm attempting to scan uploaded files for malicious content. 
    I'm using the itemcommand 'UploadFile' to get a stream from the UploadedFiles property.

    My problem is that regardless of content all files are uploaded with 0 bytes.
    The file is created with the correct name but the file is empty.

    Do I need to do something to reset the stream after reading it?
    Also if I wanted to just remove the offending elements how would i do that?

         
    protected void rfeFiles_ItemCommand(object sender, RadFileExplorerEventArgs e)
    {
        if (e.Command == "UploadFile")
        {
            ArrayList illegalStrings = new ArrayList { "<script", "< script" };
            UploadedFileCollection _uploadedFiles = (sender as RadFileExplorer).Upload.UploadedFiles;
     
            foreach (UploadedFile file in _uploadedFiles)
            {
                StreamReader sr = new StreamReader(file.InputStream);
                string contents = sr.ReadToEnd();
     
                foreach (string badString in illegalStrings)
                {
                    if (contents.ToLower().Contains(badString))
                    {
                        //popup Javascript alert
                        ScriptManager.RegisterStartupScript(Page, Page.GetType(), "KEY", "alert('Cannot upload files with <script> elements..');", true);
                        e.Cancel = true;//cancel the event
                        sr.Close();
                        break;
                    }
                }
     
                // do I need to do something here? Tried file.InputStream.Position = 0;
     
                sr.Close();
            }
        }
    }

    Thanks for any help

    Paul Carroll

  2. Dobromir
    Admin
    Dobromir avatar
    1633 posts

    Posted 01 Nov 2011 Link to this post

    Hi Paul,

    This problem is directly related to RadControls but originates from the way StreamReader works. The problem is due to the fact that when creating a StreamReader/Writer from a stream, the stream is 'consumed' by the StreamReader and when the reader is closed the stream is disposed.

    To avoid this behavior I would suggest you to use another (temporal) stream which copies the data from the original (file's stream) and use it to create the StreamReader, e.g.:
    protected void rfeFiles_ItemCommand(object sender, RadFileExplorerEventArgs e)
    {
        if (e.Command == "UploadFile")
        {
            ArrayList illegalStrings = new ArrayList { "<script", "< script" };
            UploadedFileCollection _uploadedFiles = (sender as RadFileExplorer).Upload.UploadedFiles;
     
            foreach (UploadedFile file in _uploadedFiles)
            {
                var myStream = new MemoryStream();
                byte[] fileData = new byte[file.InputStream.Length];
                file.InputStream.Read(fileData, 0, (int)file.InputStream.Length);
                file.InputStream.Seek(0, SeekOrigin.Begin);
                 
                myStream.Write(fileData, 0, fileData.Length);
                StreamReader sr = new StreamReader(myStream);
                string contents = sr.ReadToEnd();
     
                foreach (string badString in illegalStrings)
                {
                    if (contents.ToLower().Contains(badString))
                    {
                        //popup Javascript alert
                        ScriptManager.RegisterStartupScript(Page, Page.GetType(), "KEY", "alert('Cannot upload files with <script> elements..');", true);
                        e.Cancel = true;//cancel the event
                        sr.Close();
                        break;
                    }
                }
     
                // do I need to do something here? Tried file.InputStream.Position = 0;
     
                sr.Close();
            }
        }
    }

    I hope this helps.

    Kind regards,
    Dobromir
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Paul
    Paul avatar
    2 posts
    Member since:
    Sep 2011

    Posted 07 Nov 2011 Link to this post

    Thanks for the help.  I see this is just an issue with how streams work and not a Telerik issue so thanks for the follow up.

    This worked great with one minor adjustment, which is to reset the memorystream position after writing to it.

     myStream.Write(fileData, 0, fileData.Length);
     myStream.Position = 0;

    Just thought I'd post in case anyone else is doing the same thing.

    Thanks again!

    Paul
Back to Top