|
图片中带木马怎么办? 我们在服务端加上一层防护
using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.IO; using System.Text; /// <summary> /// UpLoadFile 的摘要说明 /// </summary> public class UpLoadFile:System.Web.UI.Page { public UpLoadFile() { // // TODO: 在此处添加构造函数逻辑 // } /// <summary> /// 文件上传 /// </summary> /// <param name="UpFile">上传控件</param> /// <param name="SourceImg">源图片名子</param> /// <param name="SourcePage">那个页面的操作</param> /// <returns>返回上传的文件名,可以为空</returns> public static string UpLoadFileImg(HttpPostedFile UpFile, string SourceImg, System.Web.UI.Page SourcePage) { //锁定页面 SourcePage.Application.Lock(); string Img = UpFile.FileName.Trim();//获取文件名 string WebPath = SourcePage.Server.MapPath("UpLoadFile/UsersPhoto/");//上传到指定路径 string Exten = Path.GetExtension(UpFile.FileName).ToUpper();//获取文件的扩展名 int FileLength = UpFile.ContentLength;//文件大小 string FileType = UpFile.ContentType.ToUpper();//获取文件的类型 if (Img != "") { //上传文件第一级文件扩展名和类型验证 if (Exten != ".GIF" && Exten != ".JPG" && FileType != "" && FileType != "") { Img = "No"; WebScript.JavaScript.OnlyAlertMsg(SourcePage, "上传文件格式只能是(.jpg||.gif)格式!"); } else if (FileLength / 1024 / 1024 > 1) //上传文件不能大于1M { Img = "No"; WebScript.JavaScript.OnlyAlertMsg(SourcePage, "上传图片不能超过1M"); } else { Img = DateTime.Now.ToString().Replace(" ", "").Replace(":", "").Replace("-", "") + Exten;//以当前时间来命名 //上传文件 UpFile.SaveAs(WebPath + Img); //最后一部高级验证,图片上传后的操作,判断是否真的是图片 StreamReader sr = new StreamReader(WebPath + Img, Encoding.Default); string strContent = sr.ReadToEnd(); sr.Close(); string str = "request|script|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language="; foreach (string s in str.Split('|')) if (strContent.IndexOf(s) != -1) { File.Delete(WebPath + Img); Img = "No"; WebScript.JavaScript.OnlyAlertMsg(SourcePage, "这张图片格式非法,请换一张,谢谢!"); break; } //删除源文件 if (Img != "No" && File.Exists(WebPath + SourceImg)) File.Delete(WebPath + SourceImg);//如果文件已经存在就删除 } } else Img = SourceImg; //取消锁定页面 SourcePage.Application.UnLock(); return Img; |