Re: Check that uploaded photo is a JPEG
- From: "Alexey Smirnov" <alexey.smirnov@xxxxxxxxx>
- Date: Thu, 8 Feb 2007 09:42:28 +0100
"Chris Mahoney" <chrismahoney@xxxxxxxxx> wrote in message
news:1170900403.182356.290710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi
I'm setting up a site where users will be able to upload photos. I'd
like to be able to ensure that they're uploading JPEGs, and not
malicious code. I've tried checking the MIME type, but that doesn't
seem to be reliable; for example if you rename an .exe to .jpg and
upload using Firefox, it returns "image/jpeg" (IE 6 returns
"application/octet-stream").
I understand that there probably isn't a surefire solution to this,
but a little security is better than none. Any advice? I'm using VB
2005 but I can read C# if I need to :)
Thanks
Chris
Hi Chris
First check it with HttpPostedFile.ContentType
Then try to create a System.Drawing.Image object from a given source. If
this succeeds, you can be fairly certain the source is a valid image. In
addition, check Img.RawFormat
Sample code:
Try
Dim Img as System.Drawing.Image =
System.Drawing.Image.FromFile("C:\MyImage.gif") 'FromStream(...)
if (Img.RawFormat.Equals(System.Drawing.Imaging.ImageFormat.Jpeg)) then
... ok
Else
... wrong
End if
Catch
... wrong
End Try
.
- References:
- Check that uploaded photo is a JPEG
- From: Chris Mahoney
- Check that uploaded photo is a JPEG
- Prev by Date: drag and drop file upload for ASP.NET??
- Next by Date: Re: Preinit Event shows error with Master/Content Page
- Previous by thread: Re: Check that uploaded photo is a JPEG
- Next by thread: Re: cache never expires
- Index(es):
Relevant Pages
|
