search

RickStrahl / Westwind.plUploadHandler

An ASP.NET base HttpHandler library to handle plUpload content on the server.
28 stars 19 forks source link

AllowedExtensions not referenced for single (non-chunked) uploads #3

Closed rdogmartin closed 11 years ago

rdogmartin commented 11 years ago

In ProcessRequest() of plUploadBaseHandler, the uploaded file is never checked for an invalid file extension when the chunks variable evaluates to -1. I think the fix is to place the check earlier in the function, like so:

public void ProcessRequest(HttpContext context)
      {
          Context = context;
          Request = context.Request;
          Response = context.Response;

        // Check to see whether there are uploaded files to process them
        if (Request.Files.Count > 0)
        {
            HttpPostedFile fileUpload = Request.Files[0];

            string fileName = Request["name"] ?? string.Empty;

            // BEGIN This section moved from down below to here
            // check for allowed extensions and block
            string ext = Path.GetExtension(fileName);
            if (!("," + AllowedExtensions.ToLower() + ",").Contains("," + ext.ToLower() + ","))
            {
                WriteErrorResponse(Resources.InvalidFileExtensionUploaded);
                return;
            }
            // END moved section

            string tstr = Request["chunks"] ?? string.Empty;
            int chunks = -1;
            if (!int.TryParse(tstr, out chunks))
                chunks = -1;
            tstr = Request["chunk"] ?? string.Empty;
            int chunk = -1;
            if (!int.TryParse(tstr, out chunk))
                chunk = -1;

            // If there are no chunks sent the file is sent as one 
            // this likely a plain HTML 4 upload (ie. 1 single file)
            if (chunks == -1)
            {
                if (MaxUploadSize == 0 || Request.ContentLength <= MaxUploadSize)
                {
                    if (!OnUploadChunk(fileUpload.InputStream, 0, 1, fileUpload.FileName))
                        return;
                }
                else
                {
                    WriteErrorResponse(Resources.UploadedFileIsTooLarge, 413);
                    return;
                }

                OnUploadCompleted(fileName);

                return;
            }
            else
            {
                // this isn't exact! We can't see the full size of the upload
                // and don't know the size of the large chunk
                if (chunk == 0 && MaxUploadSize > 0 && Request.ContentLength * (chunks - 1) > MaxUploadSize)
                    WriteErrorResponse(Resources.UploadedFileIsTooLarge, 413);
            }

            if (!OnUploadChunkStarted(chunk, chunks, fileName))
                return;

            // chunk 0 is the first one
            if (chunk == 0)
            {
                if (!OnUploadStarted(chunk, chunks, fileName))
                    return;
            }

            if (!OnUploadChunk(fileUpload.InputStream, chunk, chunks, fileName))
                return;

            // last chunk
            if (chunk == chunks - 1)
            {
                // final response should just return
                // the output you generate
                OnUploadCompleted(fileName);
                return;
            }

            // if no response has been written yet write a success response
            WriteSucessResponse();
        }
      }

Cheers! Roger

RickStrahl commented 11 years ago

Another good catch, Roger. Fixed and updated.