In ProcessRequest() of plUploadBaseHandler, the uploaded file is never checked for an invalid file extension when the chunks variable evaluates to -1. I think the fix is to place the check earlier in the function, like so:
public void ProcessRequest(HttpContext context)
{
Context = context;
Request = context.Request;
Response = context.Response;
// Check to see whether there are uploaded files to process them
if (Request.Files.Count > 0)
{
HttpPostedFile fileUpload = Request.Files[0];
string fileName = Request["name"] ?? string.Empty;
// BEGIN This section moved from down below to here
// check for allowed extensions and block
string ext = Path.GetExtension(fileName);
if (!("," + AllowedExtensions.ToLower() + ",").Contains("," + ext.ToLower() + ","))
{
WriteErrorResponse(Resources.InvalidFileExtensionUploaded);
return;
}
// END moved section
string tstr = Request["chunks"] ?? string.Empty;
int chunks = -1;
if (!int.TryParse(tstr, out chunks))
chunks = -1;
tstr = Request["chunk"] ?? string.Empty;
int chunk = -1;
if (!int.TryParse(tstr, out chunk))
chunk = -1;
// If there are no chunks sent the file is sent as one
// this likely a plain HTML 4 upload (ie. 1 single file)
if (chunks == -1)
{
if (MaxUploadSize == 0 || Request.ContentLength <= MaxUploadSize)
{
if (!OnUploadChunk(fileUpload.InputStream, 0, 1, fileUpload.FileName))
return;
}
else
{
WriteErrorResponse(Resources.UploadedFileIsTooLarge, 413);
return;
}
OnUploadCompleted(fileName);
return;
}
else
{
// this isn't exact! We can't see the full size of the upload
// and don't know the size of the large chunk
if (chunk == 0 && MaxUploadSize > 0 && Request.ContentLength * (chunks - 1) > MaxUploadSize)
WriteErrorResponse(Resources.UploadedFileIsTooLarge, 413);
}
if (!OnUploadChunkStarted(chunk, chunks, fileName))
return;
// chunk 0 is the first one
if (chunk == 0)
{
if (!OnUploadStarted(chunk, chunks, fileName))
return;
}
if (!OnUploadChunk(fileUpload.InputStream, chunk, chunks, fileName))
return;
// last chunk
if (chunk == chunks - 1)
{
// final response should just return
// the output you generate
OnUploadCompleted(fileName);
return;
}
// if no response has been written yet write a success response
WriteSucessResponse();
}
}
In ProcessRequest() of plUploadBaseHandler, the uploaded file is never checked for an invalid file extension when the chunks variable evaluates to -1. I think the fix is to place the check earlier in the function, like so:
Cheers! Roger