HI there,
I'm attempting to scan uploaded files for malicious content.
I'm using the itemcommand 'UploadFile' to get a stream from the UploadedFiles property.
My problem is that regardless of content all files are uploaded with 0 bytes.
The file is created with the correct name but the file is empty.
Do I need to do something to reset the stream after reading it?
Also if I wanted to just remove the offending elements how would i do that?
Thanks for any help
Paul Carroll
I'm attempting to scan uploaded files for malicious content.
I'm using the itemcommand 'UploadFile' to get a stream from the UploadedFiles property.
My problem is that regardless of content all files are uploaded with 0 bytes.
The file is created with the correct name but the file is empty.
Do I need to do something to reset the stream after reading it?
Also if I wanted to just remove the offending elements how would i do that?
protected void rfeFiles_ItemCommand(object sender, RadFileExplorerEventArgs e){ if (e.Command == "UploadFile") { ArrayList illegalStrings = new ArrayList { "<script", "< script" }; UploadedFileCollection _uploadedFiles = (sender as RadFileExplorer).Upload.UploadedFiles; foreach (UploadedFile file in _uploadedFiles) { StreamReader sr = new StreamReader(file.InputStream); string contents = sr.ReadToEnd(); foreach (string badString in illegalStrings) { if (contents.ToLower().Contains(badString)) { //popup Javascript alert ScriptManager.RegisterStartupScript(Page, Page.GetType(), "KEY", "alert('Cannot upload files with <script> elements..');", true); e.Cancel = true;//cancel the event sr.Close(); break; } } // do I need to do something here? Tried file.InputStream.Position = 0; sr.Close(); } }}Thanks for any help
Paul Carroll
2 Answers, 1 is accepted
0
Hi Paul,
This problem is directly related to RadControls but originates from the way StreamReader works. The problem is due to the fact that when creating a StreamReader/Writer from a stream, the stream is 'consumed' by the StreamReader and when the reader is closed the stream is disposed.
To avoid this behavior I would suggest you to use another (temporal) stream which copies the data from the original (file's stream) and use it to create the StreamReader, e.g.:
I hope this helps.
Kind regards,
Dobromir
the Telerik team
This problem is directly related to RadControls but originates from the way StreamReader works. The problem is due to the fact that when creating a StreamReader/Writer from a stream, the stream is 'consumed' by the StreamReader and when the reader is closed the stream is disposed.
To avoid this behavior I would suggest you to use another (temporal) stream which copies the data from the original (file's stream) and use it to create the StreamReader, e.g.:
protected void rfeFiles_ItemCommand(object sender, RadFileExplorerEventArgs e){ if (e.Command == "UploadFile") { ArrayList illegalStrings = new ArrayList { "<script", "< script" }; UploadedFileCollection _uploadedFiles = (sender as RadFileExplorer).Upload.UploadedFiles; foreach (UploadedFile file in _uploadedFiles) { var myStream = new MemoryStream(); byte[] fileData = new byte[file.InputStream.Length]; file.InputStream.Read(fileData, 0, (int)file.InputStream.Length); file.InputStream.Seek(0, SeekOrigin.Begin); myStream.Write(fileData, 0, fileData.Length); StreamReader sr = new StreamReader(myStream); string contents = sr.ReadToEnd(); foreach (string badString in illegalStrings) { if (contents.ToLower().Contains(badString)) { //popup Javascript alert ScriptManager.RegisterStartupScript(Page, Page.GetType(), "KEY", "alert('Cannot upload files with <script> elements..');", true); e.Cancel = true;//cancel the event sr.Close(); break; } } // do I need to do something here? Tried file.InputStream.Position = 0; sr.Close(); } }}I hope this helps.
Kind regards,
Dobromir
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now
0
Paul
Top achievements
Rank 1
Rank 1
answered on 08 Nov 2011, 02:47 AM
Thanks for the help. I see this is just an issue with how streams work and not a Telerik issue so thanks for the follow up.
This worked great with one minor adjustment, which is to reset the memorystream position after writing to it.
myStream.Write(fileData, 0, fileData.Length);
myStream.Position = 0;
Just thought I'd post in case anyone else is doing the same thing.
Thanks again!
Paul
This worked great with one minor adjustment, which is to reset the memorystream position after writing to it.
myStream.Write(fileData, 0, fileData.Length);
myStream.Position = 0;
Just thought I'd post in case anyone else is doing the same thing.
Thanks again!
Paul