This is a migrated thread and some comments may be shown as answers.

Empty file after scanning uploaded file

2 Answers 390 Views
FileExplorer
This is a migrated thread and some comments may be shown as answers.
Paul
Top achievements
Rank 1
Paul asked on 27 Oct 2011, 10:06 PM
HI there,

I'm attempting to scan uploaded files for malicious content. 
I'm using the itemcommand 'UploadFile' to get a stream from the UploadedFiles property.

My problem is that regardless of content all files are uploaded with 0 bytes.
The file is created with the correct name but the file is empty.

Do I need to do something to reset the stream after reading it?
Also if I wanted to just remove the offending elements how would i do that?

     
protected void rfeFiles_ItemCommand(object sender, RadFileExplorerEventArgs e)
{
    if (e.Command == "UploadFile")
    {
        ArrayList illegalStrings = new ArrayList { "<script", "< script" };
        UploadedFileCollection _uploadedFiles = (sender as RadFileExplorer).Upload.UploadedFiles;
 
        foreach (UploadedFile file in _uploadedFiles)
        {
            StreamReader sr = new StreamReader(file.InputStream);
            string contents = sr.ReadToEnd();
 
            foreach (string badString in illegalStrings)
            {
                if (contents.ToLower().Contains(badString))
                {
                    //popup Javascript alert
                    ScriptManager.RegisterStartupScript(Page, Page.GetType(), "KEY", "alert('Cannot upload files with <script> elements..');", true);
                    e.Cancel = true;//cancel the event
                    sr.Close();
                    break;
                }
            }
 
            // do I need to do something here? Tried file.InputStream.Position = 0;
 
            sr.Close();
        }
    }
}

Thanks for any help

Paul Carroll

2 Answers, 1 is accepted

Sort by
0
Dobromir
Telerik team
answered on 01 Nov 2011, 03:51 PM
Hi Paul,

This problem is directly related to RadControls but originates from the way StreamReader works. The problem is due to the fact that when creating a StreamReader/Writer from a stream, the stream is 'consumed' by the StreamReader and when the reader is closed the stream is disposed.

To avoid this behavior I would suggest you to use another (temporal) stream which copies the data from the original (file's stream) and use it to create the StreamReader, e.g.:
protected void rfeFiles_ItemCommand(object sender, RadFileExplorerEventArgs e)
{
    if (e.Command == "UploadFile")
    {
        ArrayList illegalStrings = new ArrayList { "<script", "< script" };
        UploadedFileCollection _uploadedFiles = (sender as RadFileExplorer).Upload.UploadedFiles;
 
        foreach (UploadedFile file in _uploadedFiles)
        {
            var myStream = new MemoryStream();
            byte[] fileData = new byte[file.InputStream.Length];
            file.InputStream.Read(fileData, 0, (int)file.InputStream.Length);
            file.InputStream.Seek(0, SeekOrigin.Begin);
             
            myStream.Write(fileData, 0, fileData.Length);
            StreamReader sr = new StreamReader(myStream);
            string contents = sr.ReadToEnd();
 
            foreach (string badString in illegalStrings)
            {
                if (contents.ToLower().Contains(badString))
                {
                    //popup Javascript alert
                    ScriptManager.RegisterStartupScript(Page, Page.GetType(), "KEY", "alert('Cannot upload files with <script> elements..');", true);
                    e.Cancel = true;//cancel the event
                    sr.Close();
                    break;
                }
            }
 
            // do I need to do something here? Tried file.InputStream.Position = 0;
 
            sr.Close();
        }
    }
}

I hope this helps.

Kind regards,
Dobromir
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now
0
Paul
Top achievements
Rank 1
answered on 08 Nov 2011, 02:47 AM
Thanks for the help.  I see this is just an issue with how streams work and not a Telerik issue so thanks for the follow up.

This worked great with one minor adjustment, which is to reset the memorystream position after writing to it.

 myStream.Write(fileData, 0, fileData.Length);
 myStream.Position = 0;

Just thought I'd post in case anyone else is doing the same thing.

Thanks again!

Paul
Tags
FileExplorer
Asked by
Paul
Top achievements
Rank 1
Answers by
Dobromir
Telerik team
Paul
Top achievements
Rank 1
Share this question
or