This is a migrated thread and some comments may be shown as answers.

Limit Files By Extension Loophole

1 Answer 63 Views
Upload
This is a migrated thread and some comments may be shown as answers.
Mark
Top achievements
Rank 2
Mark asked on 22 Aug 2009, 07:27 PM
We discovered a loophole with the upload control.  If file types are limited by extension, the user can type an asterisk (*) in the file name text box and upload any file type they want.

We end up have to check file types server side after the upload, delete disallowed types and then notify the user.  Has anyone else experienced this?  I'd like if it could all be done client side with no loopholes.

1 Answer, 1 is accepted

Sort by
0
Kiril Stanoev
Telerik team
answered on 24 Aug 2009, 12:29 PM
Hello Mark,

What you are describing is a typical behavior of the OpenFileDialog. What you can do in this case is on the FileSelected event of RadUpload to loop through the selected files and remove the ones that do not meet the Filter criteria. For example, have a look at the RadUpload bellow.

<telerikInput:RadUpload IsAppendFilesEnabled="True" 
        UploadServiceUrl="~/RadUploadHandler.ashx" TargetFolder="Images" 
        IsAutomaticUpload="False" MaxFileCount="99" 
        Filter="PNG Files (*.png)|*.png" 
        OverwriteExistingFiles="True" IsMultiselect="True" 
        FilesSelected="RadUpload_FilesSelected" /> 

Its Filter property says that only .png files can be selected. However, as you correctly pointed out, if the user types *, he/she will be presented with all file extensions and nothing can stop him/her from selecting a .txt file, for example).
That is why, in the RadUpload_FileSelected event handler, you can iterate through all the selected files and remove the unnecessary ones.

private void RadUpload_FilesSelected(object sender, Telerik.Windows.Controls.FilesSelectedEventArgs e) 
    RadUpload upload = (RadUpload)sender; 
 
    // If the Filter property of RadUpload does not contain the extension of the selected file, 
    // then the file has to be removed. 
    // For this purpose, a temporary collection is used. 
    var filesToRemove = e.SelectedFiles.Where(file => !upload.Filter.Contains(file.File.Extension)).ToList(); 
 
    // Remove the unnecessary files. 
    foreach (var file in filesToRemove) 
    { 
        e.SelectedFiles.Remove(file); 
    } 

I have attached my sample project for further reference. Have a look at it and let us know if you experience additional problems.


All the best,
Kiril Stanoev
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
Tags
Upload
Asked by
Mark
Top achievements
Rank 2
Answers by
Kiril Stanoev
Telerik team
Share this question
or