How to check multiple extensions of a file before upload to on webpage

Question

I am trying to upload a file on webpage which allow only pdf extension. But if i change the extension of any file(i.e. a.jpeg) to .pdf which will be like a.jpeg.pdf and then it can be upload on webpage. So i want to check multiple extensions in a single file before uploading it to on webpage.

Below is the my coding.

if (file != null && file.ContentLength > 0)
                {
                    int MaxContentLength = 1024 * 1024 * 4;
                    string[] AllowedFileExtensions = new string[] { ".pdf" };
                    if (!AllowedFileExtensions.Contains(file.FileName.Substring(file.FileName.LastIndexOf('.'))))
                    {
                        ModelState.AddModelError("File", "(SERVER)Please select file of type: " + string.Join(", ", AllowedFileExtensions));
                        return RedirectToAction("AddNewRule", "CreateRule");
                    }
                    else if (file.ContentLength > MaxContentLength)
                    {
                        ModelState.AddModelError("File", "(SERVER)Your file is too large, maximum allowed size is: " + MaxContentLength + " MB");
                        return RedirectToAction("AddNewRule","CreateRule");
                    }
                    var fileName = Path.GetFileName(file.FileName);
                    var filetype = Path.GetExtension(fileName);
                    var mimeType = MimeMapping.GetMimeMapping(filetype);
                    if (mimeType == "application/pdf")
                    {
                        var path = Path.Combine(Server.MapPath("~/Files"), fileName);
                        file.SaveAs(path);
                        rule_add.File_Name = fileName;
                        rule_add.File_Path = path;
                        rule_add.File_Page = addrule.pagenum;
                    }
                    else
                    {
                        ModelState.AddModelError("File", "(SERVER)This file doesn't has valid content ");
                        return RedirectToAction("AddNewRule", "CreateRule");
                    }
                }

Thank you for your help.

Maybe a more robust check would inspect the file contents instead of the extension? For example, see [How to detect if a file is PDF or TIFF?](http://stackoverflow.com/questions/2731917/how-to-detect-if-a-file-is-pdf-or-tiff). — Georg Patscheider, Jan 19 '17 at 13:01
Maybe instead of relying on file name extensions, you should check if the uploaded file is pdf via the [`pdf header`](http://stackoverflow.com/questions/6186980/determine-if-a-byte-is-a-pdf-file) — Nico, Jan 19 '17 at 13:02
If you **change** the extension of `a.jpeg`from `jpeg` to `pdf` it's `a.pdf`, not `a.jpeg.pdf`. — Manfred Radlwimmer, Jan 19 '17 at 13:06
File names are provided by the client. But the first rule of the web is that *you cannot trust the client*. They can supply anything they want to and tell you that it's a PDF. — Damien_The_Unbeliever, Jan 19 '17 at 13:35

score 0 · Accepted Answer · answered Jan 19 '17 at 15:35

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.IO;
namespace CopaRule.Models
{
    public class MimeType
    {`enter code here`
        private static readonly byte[] BMP = { 66, 77 };
        private static readonly byte[] DOC = { 208, 207, 17, 224, 161, 177, 26, 225 };
        private static readonly byte[] EXE_DLL = { 77, 90 };
        private static readonly byte[] GIF = { 71, 73, 70, 56 };
        private static readonly byte[] ICO = { 0, 0, 1, 0 };
        private static readonly byte[] JPG = { 255, 216, 255 };
        private static readonly byte[] MP3 = { 255, 251, 48 };
        private static readonly byte[] OGG = { 79, 103, 103, 83, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0 };
        private static readonly byte[] PDF = { 37, 80, 68, 70, 45, 49, 46 };
        private static readonly byte[] PNG = { 137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82 };
        private static readonly byte[] RAR = { 82, 97, 114, 33, 26, 7, 0 };
        private static readonly byte[] SWF = { 70, 87, 83 };
        private static readonly byte[] TIFF = { 73, 73, 42, 0 };
        private static readonly byte[] TORRENT = { 100, 56, 58, 97, 110, 110, 111, 117, 110, 99, 101 };
        private static readonly byte[] TTF = { 0, 1, 0, 0, 0 };
        private static readonly byte[] WAV_AVI = { 82, 73, 70, 70 };
        private static readonly byte[] WMV_WMA = { 48, 38, 178, 117, 142, 102, 207, 17, 166, 217, 0, 170, 0, 98, 206, 108 };
        private static readonly byte[] ZIP_DOCX = { 80, 75, 3, 4 };

        public static string GetMimeType(byte[] file, string fileName)
        {

            string mime = "application/octet-stream"; //DEFAULT UNKNOWN MIME TYPE

            //Ensure that the filename isn't empty or null
            if (string.IsNullOrWhiteSpace(fileName))
            {
                return mime;
            }

            //Get the file extension
            string extension = Path.GetExtension(fileName) == null
                                   ? string.Empty
                                   : Path.GetExtension(fileName).ToUpper();

            //Get the MIME Type
            if (file.Take(2).SequenceEqual(BMP))
            {
                mime = "image/bmp";
            }
            else if (file.Take(8).SequenceEqual(DOC))
            {
                mime = "application/msword";
            }
            else if (file.Take(2).SequenceEqual(EXE_DLL))
            {
                mime = "application/x-msdownload"; //both use same mime type
            }
            else if (file.Take(4).SequenceEqual(GIF))
            {
                mime = "image/gif";
            }
            else if (file.Take(4).SequenceEqual(ICO))
            {
                mime = "image/x-icon";
            }
            else if (file.Take(3).SequenceEqual(JPG))
            {
                mime = "image/jpeg";
            }
            else if (file.Take(3).SequenceEqual(MP3))
            {
                mime = "audio/mpeg";
            }
            else if (file.Take(14).SequenceEqual(OGG))
            {
                if (extension == ".OGX")
                {
                    mime = "application/ogg";
                }
                else if (extension == ".OGA")
                {
                    mime = "audio/ogg";
                }
                else
                {
                    mime = "video/ogg";
                }
            }
            else if (file.Take(7).SequenceEqual(PDF))
            {
                mime = "application/pdf";
            }
            else if (file.Take(16).SequenceEqual(PNG))
            {
                mime = "image/png";
            }
            else if (file.Take(7).SequenceEqual(RAR))
            {
                mime = "application/x-rar-compressed";
            }
            else if (file.Take(3).SequenceEqual(SWF))
            {
                mime = "application/x-shockwave-flash";
            }
            else if (file.Take(4).SequenceEqual(TIFF))
            {
                mime = "image/tiff";
            }
            else if (file.Take(11).SequenceEqual(TORRENT))
            {
                mime = "application/x-bittorrent";
            }
            else if (file.Take(5).SequenceEqual(TTF))
            {
                mime = "application/x-font-ttf";
            }
            else if (file.Take(4).SequenceEqual(WAV_AVI))
            {
                mime = extension == ".AVI" ? "video/x-msvideo" : "audio/x-wav";
            }
            else if (file.Take(16).SequenceEqual(WMV_WMA))
            {
                mime = extension == ".WMA" ? "audio/x-ms-wma" : "video/x-ms-wmv";
            }
            else if (file.Take(4).SequenceEqual(ZIP_DOCX))
            {
                mime = extension == ".DOCX" ? "application/vnd.openxmlformats-officedocument.wordprocessingml.document" : "application/x-zip-compressed";
            }

            return mime;
        }
    }
}

Finally i got the solution. Above code helped me.

Thank you all for your suggestions.

How to check multiple extensions of a file before upload to on webpage

1 Answers1