Saturday, September 29, 2012

Asp.net Security - Validating Uploaded Image File Format

I found two really good links talking about how to upload image file and validate file format in more secure way rather than just checking file extension.



You should also check image file content before you try checking for header of image file.

I found both the articles have missed this code.  Here is that missing code for validating file extension.

private Boolean CheckFileType()
        {
            string[] acceptedTypes = new string[]
            {
                "image/bmp",
                "image/jpeg",                
                "image/gif",
                "image/png"
            };

            if (!acceptedTypes.Contains(fuPhoto1.PostedFile.ContentType))
            {
                return false;
            }
            else
            {
                return true;
            }
        }


Note: This article is basically bookmark for my future reference.

No comments:

Most Recent Post

Subscribe Blog via Email

Enter your email address:



Disclaimers:We have tried hard to provide accurate information, as a user, you agree that you bear sole responsibility for your own decisions to use any programs, documents, source code, tips, articles or any other information provided on this Blog.
Page copy protected against web site content infringement by Copyscape