0

I am trying to make a web application where I want to validate the file extension even after name change on File Upload Control, I did some research and found Dataview solution but it is still with some lack since I found extension doc, xls, msi with the same Header Signature. If you can help me out with this it would be great. I can't use server side code since it has to be validate before uploading file. My main Goal is to Prevent the User from Uploading the Wrong File Type on any Condition.

For This Application I tried.,

Get Signature using Jquery and Dataview but i have gotten same Header Signature for doc,xls and msi file so i stopped to it

Get content type of 'File' object using javascript

FileSignature.net to Identify Signature based on Extensions.

Used urlmon.dll to get Mimetype but i have gotten same Mimetype for docx,xlsx and zip

Check type of uploaded file

Winista ----http://www.netomatix.com/Products/DocumentManagement/MimeDetector.aspx

Used FileTypeDetective to Validate File.

https://filetypedetective.codeplex.com/

Community
  • 1
  • 1
Anynomus Anynomus
  • 1
  • 2
  • 4
    You mean if someone changed `MyFile.exe` to `MyFile.txt` and tried to upload you'd want to detect that it was still an `.exe`? Why? Doing so on the client side would be no security measure, it should be done server side. – Equalsk May 08 '17 at 13:21
  • Possible duplicate of [How do I Validate the File Type of a File Upload?](http://stackoverflow.com/questions/71944/how-do-i-validate-the-file-type-of-a-file-upload) – Sandman May 08 '17 at 14:51
  • @Sandman No. This will not work when you rename file say abc.txt to abc.mp3 and upload its extension will be mp3 but i need exact type say txt. Thanks for response though – Anynomus Anynomus May 09 '17 at 04:18
  • @Equalsk Yes but for server side validation i need to upload file then validate . which is not good way on my opinion. and Yes that way if some one changed MyFile.Exe to MyFile.txt and tried to upload it should restrict i have gotten half solution by File Signature some how but only problem with is So many File have signature so there is no way i have still got to find exact type of file. Thank you very much for response. Have great time – Anynomus Anynomus May 09 '17 at 04:20
  • You've answered your own question. You can try to validate the file via 'magic bytes' but that's no guarantee and doesn't work for every file. You could impose other limits such as file size. There's simply no foolproof way to do this, don't waste your time. – Equalsk May 09 '17 at 10:34
  • @Equalsk Thank you very much for response . Yes i did tried so many things even found i get same mime type for docx , xlsx and zip as Zip type. so not unique way to work around. still working on it. Thanks a lot. Yes will work on FileTypeDetective and finish it. Least it will exclude many unwanted files. Btw still do you know if there is a way i can open file on server without saving it ? like in temporary memory ? like that i will be able to use server side code to identify signature. Thanks a lot for help – Anynomus Anynomus May 09 '17 at 11:14
  • That's because docx/xlsx _are_ zip files. Yes I would think you could manipulate the file in memory, not sure that it's a trivial matter though. – Equalsk May 09 '17 at 12:28
  • Trid net is able to find exact mime type but it is not free. i Wonder how it is able to find solution since so many file types have same signature – Anynomus Anynomus May 10 '17 at 06:13

0 Answers0