.net 文件上传,通过文件头确认文件类型

在网上找了半天,没找到合适的检测文件头的上传代码,只好自己写一个

其中 script 用来返回给页面的数据,相关部分自行修改

另外,文件头可以自行添加定义

废话不多说了,直接上代码

AppCode/FileUpload.cs

using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;

/// <summary>
/// FileHeader 的摘要说明
/// </summary>
public static class FileUpload
{
    private static string script = string.Empty;
    private static bool autonamed = true;
    private static Random ra = new Random();

    public static bool AutoNamed
    {
        get
        {
            return autonamed;
        }
        set
        {
            autonamed = value;
        }
    }
    public static string Script
    {
        get
        {
            return "var upload = [" + script + "];";
        }
    }
    public static Dictionary<string, byte[]> ImageHeader = new Dictionary<string, byte[]>();
    public static Dictionary<string, object> FilesHeader = new Dictionary<string, object>();
    
    static FileUpload()
	{
        ImageHeader.Add("gif", new byte[] { 71, 73, 70, 56, 57, 97 });
        ImageHeader.Add("bmp", new byte[] { 66, 77 });
        ImageHeader.Add("jpg", new byte[] { 255, 216, 255 });
        ImageHeader.Add("png", new byte[] { 137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82 });
        FilesHeader.Add("pdf", new byte[] { 37, 80, 68, 70, 45, 49, 46, 53 });
        FilesHeader.Add("docx", new object[] { new byte[] { 80, 75, 3, 4, 20, 0, 6, 0, 8, 0, 0, 0, 33 }, new Regex(@"word/_rels/document\.xml\.rels", RegexOptions.IgnoreCase) });
        FilesHeader.Add("xlsx", new object[] { new byte[] { 80, 75, 3, 4, 20, 0, 6, 0, 8, 0, 0, 0, 33 }, new Regex(@"xl/_rels/workbook\.xml\.rels", RegexOptions.IgnoreCase) });
        FilesHeader.Add("pptx", new object[] { new byte[] { 80, 75, 3, 4, 20, 0, 6, 0, 8, 0, 0, 0, 33 }, new Regex(@"ppt/_rels/presentation\.xml\.rels", RegexOptions.IgnoreCase) });
        FilesHeader.Add("doc", new object[] { new byte[] { 208, 207, 17, 224, 161, 177, 26, 225 }, new Regex(@"microsoft( office)? word(?![\s\S]*?microsoft)", RegexOptions.IgnoreCase) });
        FilesHeader.Add("xls", new object[] { new byte[] { 208, 207, 17, 224, 161, 177, 26, 225 }, new Regex(@"microsoft( office)? excel(?![\s\S]*?microsoft)", RegexOptions.IgnoreCase) });
        FilesHeader.Add("ppt", new object[] { new byte[] { 208, 207, 17, 224, 161, 177, 26, 225 }, new Regex(@"c.u.r.r.e.n.t. .u.s.e.r(?![\s\S]*?[a-z])", RegexOptions.IgnoreCase) });
        FilesHeader.Add("avi", new byte[] { 65, 86, 73, 32 });
        FilesHeader.Add("mpg", new byte[] { 0, 0, 1, 0xBA });
        FilesHeader.Add("mpeg", new byte[] { 0, 0, 1, 0xB3 });
        FilesHeader.Add("rar", new byte[] { 82, 97, 114, 33, 26, 7 });
        FilesHeader.Add("zip", new byte[] { 80, 75, 3, 4 });
    }

    private static string DateTimeStamp()
    {
        return DateTime.Now.ToString("yyyyMMddHHmmss") + ra.Next(0, 99999).ToString("00000");
    }

    private static string FileType(Stream str)
    {
        string FileExt = string.Empty;
        foreach (string ext in FilesHeader.Keys)
        {
            byte[] header = FilesHeader[ext].GetType() == (new byte[] { }).GetType() ? (byte[])FilesHeader[ext] : (byte[])(((object[])FilesHeader[ext])[0]);
            byte[] test = new byte[header.Length];
            str.Position = 0;
            str.Read(test, 0, test.Length);
            bool same = true;
            for (int i = 0; i < test.Length; i++)
            {
                if (test[i] != header[i])
                {
                    same = false;
                    break;
                }
            }
            if (FilesHeader[ext].GetType() != (new byte[] { }).GetType() && same)
            {
                object[] obj = (object[])FilesHeader[ext];
                bool exists = false;
                if (obj[1].GetType().ToString() == "System.Int32")
                {
                    for (int ii = 2; ii < obj.Length; ii++)
                    {
                        if (str.Length >= (int)obj[1])
                        {
                            str.Position = str.Length - (int)obj[1];
                            byte[] more = (byte[])obj[ii];
                            byte[] testmore = new byte[more.Length];
                            str.Read(testmore, 0, testmore.Length);
                            if (Encoding.GetEncoding(936).GetString(more) == Encoding.GetEncoding(936).GetString(testmore))
                            {
                                exists = true;
                                break;
                            }
                        }
                    }
                }
                else if (obj[1].GetType().ToString() == "System.Text.RegularExpressions.Regex")
                {
                    Regex re = (Regex)obj[1];
                    str.Position = 0;
                    byte[] buffer = new byte[(int)str.Length];
                    str.Read(buffer, 0, buffer.Length);
                    string txt = Encoding.ASCII.GetString(buffer);
                    if (re.IsMatch(txt))
                    {
                        exists = true;
                    }
                }
                if (!exists)
                {
                    same = false;
                }
            }
            if (same)
            {
                FileExt = ext;
                break;
            }
        }
        return FileExt;
    }

    private static string ImageType(Stream str)
    {
        string FileExt = string.Empty;
        foreach (string ext in ImageHeader.Keys)
        {
            byte[] header = ImageHeader[ext];
            byte[] test = new byte[header.Length];
            str.Position = 0;
            str.Read(test, 0, test.Length);
            bool same = true;
            for (int i = 0; i < test.Length; i++)
            {
                if (test[i] != header[i])
                {
                    same = false;
                    break;
                }
            }
            if (same)
            {
                FileExt = ext;
                break;
            }
        }
        if (!string.IsNullOrEmpty(FileExt))
        {
            Encoding[] chkList = new Encoding[] { Encoding.ASCII, Encoding.UTF8, Encoding.GetEncoding(936) };
            for (int i = 0; i < chkList.Length; i++)
            {
                str.Position = 0;
                string str_test = new StreamReader(str, chkList[i]).ReadToEnd();
                if (Regex.IsMatch(str_test, @"^[^\u0000-\u0008\u000B-\u000C\u000E-\u001F]*$"))
                {
                    FileExt = string.Empty;
                    break;
                }
            }
        }
        return FileExt;
    }

    private static void CreateFolder(string path)
    {
        string t_path = HttpContext.Current.Server.MapPath(path);
        if (!Directory.Exists(t_path))
        {
            Directory.CreateDirectory(t_path);
        }
    }

    private static string CreateFileName(string name, string ext)
    {
        string filename = "/Upload/" + DateTime.Now.ToString("yyyy/MM/dd") + "/" + ext + "/" + (autonamed ? DateTimeStamp() + "." + ext : name);
        if (File.Exists(HttpContext.Current.Server.MapPath(filename)))
        {
            return CreateFileName(name, ext);
        }
        else
        {
            return filename;
        }
    }

    private static string SaveAs(HttpPostedFile file, string Ext)
    {
        string filename = CreateFileName(file.FileName, Ext);
        CreateFolder(Regex.Match(filename, @"^[\s\S]*?(?=[^\\/]+$)").Value);
        file.SaveAs(HttpContext.Current.Server.MapPath(filename));
        return Regex.Match(HttpContext.Current.Request.Url.ToString(), @"^[\s\S]*?(?=(?<!/)/(?!/))").Value + filename;
    }

    private static void SaveInvalid(HttpPostedFile file)
    {
    }
    // 每次提交之前调用此方法,确认返回内容正确
    public static void Clear()
    {
        script = string.Empty;
    }

    public static void Save(HttpPostedFile file)
    {
        if (file.ContentLength == 0)
        {
            if (file.FileName.Length > 0)
            {
                script += (script.Length > 0 ? "," : "") + "{filename:'" + file.FileName + "',upload:false,length:0,target:null,type:''}";
            }
        }
        else
        {
            if (Regex.IsMatch(file.ContentType, @"^image/"))
            {
                string ext = ImageType(file.InputStream);
                if (string.IsNullOrEmpty(ext))
                {
                    SaveInvalid(file);
                    script += (script.Length > 0 ? "," : "") + "{filename:'" + file.FileName + "',upload:false,length:" + file.ContentLength + ",target:null,type:''}";
                }
                else
                {
                    string filename = SaveAs(file, ext);
                    script += (script.Length > 0 ? "," : "") + "{filename:'" + file.FileName + "',upload:true,length:" + file.ContentLength + ",target:'" + filename + "',type:'" + ext + "'}";
                }
            }
            else if (Regex.IsMatch(file.ContentType, @"^text/"))
            {
            }
            else
            {
                string ext = FileType(file.InputStream);
                if (string.IsNullOrEmpty(ext))
                {
                    SaveInvalid(file);
                    script += (script.Length > 0 ? "," : "") + "{filename:'" + file.FileName + "',upload:false,length:" + file.ContentLength + ",target:null,type:'',header:[" + "" + "]}";
                }
                else
                {
                    string filename = SaveAs(file, ext);
                    script += (script.Length > 0 ? "," : "") + "{filename:'" + file.FileName + "',upload:true,length:" + file.ContentLength + ",target:'" + filename + "',type:'" + ext + "'}";
                }
            }
        }
    }
}

调用页面

using System;
using System.Web;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        HttpFileCollection files = Request.Files;
        FileUpload.Clear();
        for (int i = 0; i < files.Count; i++)
        {
            FileUpload.Save(files[i]);
        }
        Response.Write(FileUpload.Script);
    }
}

因为对漏洞没什么研究,不知道该代码会不会有漏洞,如果有漏洞,还欢迎大家提出,我努力去修改,请记住我的地址 http://blog.csdn.net/superwfei

你可能感兴趣的:(.net,文件上传,C#)