I have a file upload functionality in my application which is for uploading a valid Image(JPG). However, a user is currently able to upload a .exe file by just changing the extension of the exe file to .jpg. Can we validate this file and give an error message to the user that it’s not a valid file? Anyone has implemented this check and can suggest?
Asked
Active
Viewed 289 times
1
Mohammad Daliri
- 1,370
- 6
- 20
- 43
-
Check this https://stackoverflow.com/questions/25031190/prevent-an-exe-from-being-uploaded-even-after-renaming-its-extention and https://stackoverflow.com/questions/58510/using-net-how-can-you-find-the-mime-type-of-a-file-based-on-the-file-signature#answer-62007 – PSK May 07 '18 at 06:12
-
Try with urlmon.dll in your application to validate the MIME type. – Sylvia May 07 '18 at 06:15