here iam checking for single extension. but somebody can upload files like index.php.png
making critical security issue.
var fileType = "";
if (files != null)
{
foreach (var file in files)
{
if (!string.IsNullOrEmpty(file.FileName) && !string.IsNullOrWhiteSpace(file.FileName))
{
string ext = System.IO.Path.GetExtension(file.FileName);
if (BasePage.CheckFileType(ext))
{
fileType = BasePage.FileRename(Path.GetExtension(file.FileName));
var physicalPath = Path.Combine(Server.MapPath("~/Uploads"), fileType);
file.SaveAs(physicalPath);
}
}
}
}
public bool CheckFileType(string ext)
{
string[] validFileTypes = { "PDF", "pdf", "png","PNG", "jpg","JPG","JPEG", "jpeg" };
bool isValidFile = false;
for (int i = 0; i < validFileTypes.Length; i++)
{
if (ext == "." + validFileTypes[i])
{
isValidFile = true;
break;
}
}
return isValidFile;
}
mohammed jaseefar
mohdjaseefar2gmail.com