Shadow Uploader - preventing user from uploading non image files
Discuss Shadow Uploader - preventing user from uploading non image files in the ASP Development forum on ASP Free. Shadow Uploader - preventing user from uploading non image files ASP Development forum discussing ASP related topics including coding practices, ASP tips, and more. Active Server Pages (ASP) enables you to empower your HTML pages dynamically with robust scripting options.
ASP Free and Iron Speed Designer are giving away $5,500+ in FREE licenses. Iron Speed's RAD CASE toolset can save up to 80% of your coding time. One free license per week, one perpetual license per month!
Receive the tools necessary to be the rock star of your field. Our 12-month program teaches you the evolving world of multi-channel marketing as well as the complex issues and opportunities found in the industry.
Web development can be a daunting task, even for specialists. There is a lot of information to absorb and a lot of technologies to learn in order to manage a superior website. When trying to learn the ropes, developers need a reliable source to introduce new ideas that can be easily implemented. When working on large projects, even web veterans may run into a technology or an aspect of a technology that they are unfamiliar with.
Posts: 31,109
Time spent in forums: 3 Months 3 Weeks 2 Days 20 h 18 m 8 sec
Reputation Power: 2919
Quote:
Originally Posted by grdnwesl
I disagree. I was able to upload an Excel Spreadsheet with no trouble at all.
you have the code from here and yet was able to upload excel file??
if so, what was the width and height it found for the file? post
your code, you probably didn't check for valid image correctly.
I have just now tried to reproduce this, and got such output:
Location: The Restaurant at the end of the Universe
Posts: 222
Time spent in forums: 2 Days 18 h 55 m 22 sec
Reputation Power: 17
Quote:
Originally Posted by Shadow Wizard
you have the code from here and yet was able to upload excel file??
if so, what was the width and height it found for the file? post
your code, you probably didn't check for valid image correctly.
I have just now tried to reproduce this, and got such output:
OK. Here's the code copied straight from here aside from some Styling:
Code:
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style>
<!--
body {
background-color:#FFFFFF;
}
label {
color:#000000;
font-family:Arial, Helvetica, sans-serif;
font-weight:bold;
float:left;
width:100px;
}
button {
margin-left:100px;
}
-->
</style>
<title>Shadow Uploader</title>
</head>
<body><!--#include file="ShadowUploader.asp" -->
<%
Dim objUpload
If Request("action")="1" Then
Set objUpload=New ShadowUpload
If objUpload.GetError<>"" Then
Response.Write("sorry, could not upload: "&objUpload.GetError)
Else
Response.Write("found "&objUpload.FileCount&" files...<br />")
For x=0 To objUpload.FileCount-1
Response.Write("file name: "&objUpload.File(x).FileName&"<br />")
Response.Write("file type: "&objUpload.File(x).ContentType&"<br />")
Response.Write("file size: "&objUpload.File(x).Size&"<br />")
Response.Write("image width: "&objUpload.File(x).ImageWidth&"<br />")
Response.Write("image height: "&objUpload.File(x).ImageHeight&"<br />")
If (objUpload.File(x).ImageWidth>200) Or (objUpload.File(x).ImageHeight>200) Then
Response.Write("image to big, not saving!")
Else
Call objUpload.File(x).SaveToDisk(Server.MapPath("Uploads"), "")
Response.Write("file saved successfully!")
End If
Response.Write("<hr />")
Next
Response.Write("thank you, "&objUpload("name"))
End If
End If
%>
<form action="<%=Request.ServerVariables( "Script_Name" )%>?action=1" enctype="multipart/form-data" method="POST">
<p><label for "file1">First File: </label><input type="file" name="file1" /></p>
<p><label for "file2">Next File: </label><input type="file" name="file2" /></p>
<p><label for "file3">Last File: </label><input type="file" name="file3" /></p>
<p><label for "name">Your Name: </label><input type="text" name="name" /></p>
<button type="submit">Upload</button>
</form>
I made no modifications at all to the ShadowUploader.asp file once it was unzipped.
And here's the message that got returned when it uploaded
Posts: 31,109
Time spent in forums: 3 Months 3 Weeks 2 Days 20 h 18 m 8 sec
Reputation Power: 2919
you didn't put correct code to check for image - the original code
posted in the first post here is for general upload and won't block
anything.
after BBD asked, I have given the required code to check for
image, and cancel the upload if it's not an image - that code can
be found in post #3 in this thread. the code you're using is taken
from the 1st post, which as I said, is for general upload and won't
block anything.
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
