Does AJAX Uploader validate against MIME types , or does it ONLY look at file extensions?

Last post 11-16-2012, 8:18 PM by Adam. 2 replies.
Sort Posts: Previous Next
  •  04-23-2009, 5:59 PM 51461

    Does AJAX Uploader validate against MIME types , or does it ONLY look at file extensions?

    Does AJAX Uploader validate against MIME types , or does it ONLY look at file extensions? 
     
     In other words,  if I want to limit me control to only upload GIFs,  and someone takes an executable virus EXE file, renames it to harmless.GIF, can they upload that file to the site? 
     
    Or, is there a way to have AJAX Uploader actually inspect the ContentType of the file, see it's MIME type as application\octet (or whatever illegal type you want), and reject the file upload, and return an error message?

    Thanks
    Filed under:
  •  04-23-2009, 7:57 PM 51464 in reply to 51461

    Re: Does AJAX Uploader validate against MIME types , or does it ONLY look at file extensions?

    Hi,
     
    The MIME type is sent from client side. that is not safe.
     
    For example , the Request.Files[x].ContentType is not safe , the Microsoft comment is
    ///Gets the MIME type of a file sent by a client
     
    We do not provide MIME type because we don't want developers depend on it and make security issues.
     
    And uploader do not provide API to check the file data to determine the MIME too.
     
    If you want to limit it , you need check the content by your self.
     
    Regards,
    Terry.
     
  •  11-16-2012, 8:18 PM 75278 in reply to 51461

    Re: Does AJAX Uploader validate against MIME types , or does it ONLY look at file extensions?

    AshMach:
    Does AJAX Uploader validate against MIME types , or does it ONLY look at file extensions? 
     
     In other words,  if I want to limit me control to only upload GIFs,  and someone takes an executable virus EXE file, renames it to harmless.GIF, can they upload that file to the site? 
     
    Or, is there a way to have AJAX Uploader actually inspect the ContentType of the file, see it's MIME type as application\octet (or whatever illegal type you want), and reject the file upload, and return an error message?

    Thanks

     

    This function is implemented in the latest build.

     

    Article:

    Enable and disable mimetype checking on uploads

     

    Online Demo:

    Enabling and disabling mimetype checking on uploads

     

    Download:

    Ajax Uploader for ASP.NET 


    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

View as RSS news feed in XML