HI there,
I'm attempting to scan uploaded files for malicious content.
I'm using the itemcommand 'UploadFile' to get a stream from the UploadedFiles property.
My problem is that regardless of content all files are uploaded with 0 bytes.
The file is created with the correct name but the file is empty.
Do I need to do something to reset the stream after reading it?
Also if I wanted to just remove the offending elements how would i do that?
Thanks for any help
Paul Carroll
I'm attempting to scan uploaded files for malicious content.
I'm using the itemcommand 'UploadFile' to get a stream from the UploadedFiles property.
My problem is that regardless of content all files are uploaded with 0 bytes.
The file is created with the correct name but the file is empty.
Do I need to do something to reset the stream after reading it?
Also if I wanted to just remove the offending elements how would i do that?
protected
void
rfeFiles_ItemCommand(
object
sender, RadFileExplorerEventArgs e)
{
if
(e.Command ==
"UploadFile"
)
{
ArrayList illegalStrings =
new
ArrayList {
"<script"
,
"< script"
};
UploadedFileCollection _uploadedFiles = (sender
as
RadFileExplorer).Upload.UploadedFiles;
foreach
(UploadedFile file
in
_uploadedFiles)
{
StreamReader sr =
new
StreamReader(file.InputStream);
string
contents = sr.ReadToEnd();
foreach
(
string
badString
in
illegalStrings)
{
if
(contents.ToLower().Contains(badString))
{
//popup Javascript alert
ScriptManager.RegisterStartupScript(Page, Page.GetType(),
"KEY"
,
"alert('Cannot upload files with <script> elements..');"
,
true
);
e.Cancel =
true
;
//cancel the event
sr.Close();
break
;
}
}
// do I need to do something here? Tried file.InputStream.Position = 0;
sr.Close();
}
}
}
Thanks for any help
Paul Carroll