7

我有一个文件上传功能,用户可以上传文件。我想限制用户上传某些文件类型。允许的类型是:.doc,.xlsx,.txt,.jpeg

我怎么能做到这一点?

这是我的实际文件上传代码:

      public ActionResult UploadFile(string AttachmentName, BugModel model)
       {            
        BugModel bug = null;
        if (Session["CaptureData"] == null)
        {
            bug = model;
        }
        else
        {
            bug = (BugModel)Session["CaptureData"];
        }
        foreach (string inputTagName in Request.Files)
        {
            HttpPostedFileBase file1 = Request.Files[inputTagName];
            if (file1.ContentLength > 0)
            {
                string path = "/Content/UploadedFiles/" + Path.GetFileName(file1.FileName);
                string savedFileName = Path.Combine(Server.MapPath("~" + path));
                file1.SaveAs(savedFileName);
                BugAttachment attachment = new BugAttachment();
                attachment.FileName = "~" + path.ToString();
                attachment.AttachmentName = AttachmentName;
                attachment.AttachmentUrl = attachment.FileName;
                bug.ListFile.Add(attachment);
                model = bug;
                Session["CaptureData"] = model;
            }
        }
        ModelState.Clear();
        return View("LoadBug", bug);
    }
4

3 回答 3

19

首先要验证的是其中包含的文件扩展名是否file1.FileName与允许的扩展名匹配。然后,如果您真的想确保用户没有将某些其他文件类型重命名为允许的扩展名,您将需要查看文件的内容以识别它是否是允许的类型之一。

这是一个如何检查文件扩展名是否属于预定义扩展名列表的示例:

var allowedExtensions = new[] { ".doc", ".xlsx", ".txt", ".jpeg" };
var extension = Path.GetExtension(file1.FileName);
if (!allowedExtensions.Contains(extension))
{
    // Not allowed
}
于 2012-08-23T06:50:35.733 回答
8 
[AttributeUsage(AttributeTargets.Property, AllowMultiple = false)]
public class AllowedFileExtensionAttribute : ValidationAttribute
{
    public string[] AllowedFileExtensions { get; private set; }
    public AllowedFileExtensionAttribute(params string[] allowedFileExtensions)
    {
        AllowedFileExtensions = allowedFileExtensions;
    }
    protected override ValidationResult IsValid(object value, ValidationContext validationContext)
    {
        var file = value as HttpPostedFileBase;
        if (file != null)
        {
            if (!AllowedFileExtensions.Any(item => file.FileName.EndsWith(item, StringComparison.OrdinalIgnoreCase)))
            {
                return new ValidationResult(string.Format("{1} için izin verilen dosya uzantıları : {0} : {2}", string.Join(", ", AllowedFileExtensions), validationContext.DisplayName, this.ErrorMessage));
            }
        }
        return null;
    }
}

模型中的用法

    [AllowedFileExtension(".jpg", ".png", ".gif", ".jpeg")]
    public HttpPostedFileBase KategoriResmi { get; set; }
于 2015-12-30T11:48:59.510 回答
7

您可以使用 的ContentType属性对HttpPostedFileBase文件类型(mime 类型)进行基本检查:请参阅 MSDN 的 Content-Type 属性页面here

这是一种方法:

private static bool IsValidContentType(string contentType)
{
    string ct = contentType.ToLower();

    return ((ct == "application/msword") || (ct == "application/pdf") || (ct == "application/vnd.openxmlformats-officedocument.wordprocessingml.document"));
}

ETC..

但是,要进行更深入的检查,您必须检查文件内容。更改文件扩展名很容易..

于 2012-08-23T06:53:11.387 回答