validating a file upload field

[darrel]

I'm using a file upload form field to allow a person to upload a file from
their browser.

I've noticed that I could type anything into the field: virus.exe and the
application will go ahead and write a file 'virus.exe' to the server.

Now, for starters, I should obviously be filtering out exe files ;o)

But, what is the proper way to check to see that a file passed to the server
via a file form field is actually a physical file. Should I just check it's
file size and make sure it's larger than a byte? Is there something more
specific I should check for?

-Darrel

 

[Nathan Sokalski]

To validate the file name/directory that was typed, use something like

myuploadctrl.Value <> "" AND NOT myuploadctrl.Value.EndsWith(".exe")

To make sure the file is above a certain length, use something like

myuploadctrl.PostedFile.ContentLength > 0

I think you can figure out the rest, you sound like you know enough to take
it from here. Good Luck!

 

[darrel]

To make sure the file is above a certain length, use something like

myuploadctrl.PostedFile.ContentLength > 0

Content length is probably the key.

The specific issue is that I found a person doesn't actually have to select
a file to upload. They can just type in any random text into the field they
want and the server will gladly accept that as a file. I think the content
length is what to check.

-Darrel