Re: Multipart Form - Ascertain File Type

This WebDNA talk-list message is from

2007

It keeps the original formatting. numero = 68741
interpreted = N
texte = Ok, you guys have definitely given me something to think about. Knowingthat I don't necessarily have the ability to determine the differencebetween a text file and a potential virus changes my plans a bit. I've beenusing this process for our intranet, which wasn't an issue. But we'reconsidering opening this capability up to some clients. Not sure it'sreally that safe now.Gary, if you happen to locate the template you mentioned, could you pleaseemail it to me at tana@volleyhut.com? I'd really appreciate it. I canstill use that capability for our intranet.Thanks so much for all your responses. They were very helpful.Tana----------------------------------Gary Krockover wrote:If you have the default install of WebDNA on your server, take a look atthe file /admin/upload_multiphotos2.tplIt shows you how to distinguish between a .jpg and a .gif file.I've used that basic file to figure out the file extensions. However beaware that just because the file says it's a .txt does not actually meanit IS a txt.For image validation I sometimes run the .gif or .jpg throughImageMagic. If a real image is created then it was an image file. Butif this is an open form for all web visitor you will have to test thevalidity somehow. If this is for your customers, well, you *should* beable to trust them, right?--Matthew A PerosiPsi Prime, Inc.http://www.psiprime.com323 Union Blvd.Totowa, NJ 07512P: 973.225.9870F: 973.413.8217----------------------------------Gary Krockover wrote:Was it Dan Strong's template....not sure, but there's a template floatingaround that let's you set some variables; one of them being the fileextension that it will accept for an upload. I'll see if I can find a copyof that somewhere.If you need to verify the type of file after it's been uploaded and then dosomething with it if it isn't what it says it is, then you'll need someother mojo for that of course.GJK----------------------------------John Peacock wrote:AFAICT, this is impossible to do on the front end. In other words, themultipart MIME upload doesn't have any mechanism to validate the filecontents when uploaded. That doesn't mean you can't validate the fileafter the fact, and simply delete anything that doesn't meet whatevercriteria you like (too large, not a JPEG, not named .txt, etc).Be aware that trying to determine what the file contains using only thefilename (especially extension) is fraught with danger and pitfalls.One of the results of M$loth's infinite stupidity is the constant issuewith e-mail attachments of the form innocuous_file.txt.exe, which basedon default (read: STUPID) Windows default is displayed asinnocuous_file.txtwhen in actuality, it is a worm/virus/rootkit...John--John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-----Original Message-----From: Tana Adams [mailto:tana@volleyhut.com]Sent: Friday, March 30, 2007 11:09 AMTo: WebDNA TalkSubject: Multipart Form - Ascertain File TypeHi,I was wondering if anyone knew how to ascertain what type of file was beinguploaded when using a multipart form. I'm trying to create a file uploadthat will only allow a .txt file to be uploaded. I've tried to ascertainthe file type coming in using the formvariables context but it doesn't seemto work. The form works fine...files uploading without problem. Doesanyone have any ideas?Thank you,Tana-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: Multipart Form - Ascertain File Type ( "Olin Lagon" 2007)
Re: Multipart Form - Ascertain File Type ( Donovan Brooke 2007)
Re: Multipart Form - Ascertain File Type ( "Tana Adams" 2007)
Re: Multipart Form - Ascertain File Type ( Matthew A Perosi 2007)
Re: Multipart Form - Ascertain File Type ( Gary Krockover 2007)
Re: Multipart Form - Ascertain File Type ( John Peacock 2007)
Multipart Form - Ascertain File Type ( "Tana Adams" 2007)

Ok, you guys have definitely given me something to think about. Knowingthat I don't necessarily have the ability to determine the differencebetween a text file and a potential virus changes my plans a bit. I've beenusing this process for our intranet, which wasn't an issue. But we'reconsidering opening this capability up to some clients. Not sure it'sreally that safe now.Gary, if you happen to locate the template you mentioned, could you pleaseemail it to me at tana@volleyhut.com? I'd really appreciate it. I canstill use that capability for our intranet.Thanks so much for all your responses. They were very helpful.Tana----------------------------------Gary Krockover wrote:If you have the default install of WebDNA on your server, take a look atthe file /admin/upload_multiphotos2.tplIt shows you how to distinguish between a .jpg and a .gif file.I've used that basic file to figure out the file extensions. However beaware that just because the file says it's a .txt does not actually meanit IS a txt.For image validation I sometimes run the .gif or .jpg throughImageMagic. If a real image is created then it was an image file. Butif this is an open form for all web visitor you will have to test thevalidity somehow. If this is for your customers, well, you *should* beable to trust them, right?--Matthew A PerosiPsi Prime, Inc.http://www.psiprime.com323 Union Blvd.Totowa, NJ 07512P: 973.225.9870F: 973.413.8217----------------------------------Gary Krockover wrote:Was it Dan Strong's template....not sure, but there's a template floatingaround that let's you set some variables; one of them being the fileextension that it will accept for an upload. I'll see if I can find a copyof that somewhere.If you need to verify the type of file after it's been uploaded and then dosomething with it if it isn't what it says it is, then you'll need someother mojo for that of course.GJK----------------------------------John Peacock wrote:AFAICT, this is impossible to do on the front end. In other words, themultipart MIME upload doesn't have any mechanism to validate the filecontents when uploaded. That doesn't mean you can't validate the fileafter the fact, and simply delete anything that doesn't meet whatevercriteria you like (too large, not a JPEG, not named .txt, etc).Be aware that trying to determine what the file contains using only thefilename (especially extension) is fraught with danger and pitfalls.One of the results of M$loth's infinite stupidity is the constant issuewith e-mail attachments of the form innocuous_file.txt.exe, which basedon default (read: STUPID) Windows default is displayed asinnocuous_file.txtwhen in actuality, it is a worm/virus/rootkit...John--John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-----Original Message-----From: Tana Adams [mailto:tana@volleyhut.com]Sent: Friday, March 30, 2007 11:09 AMTo: WebDNA TalkSubject: Multipart Form - Ascertain File TypeHi,I was wondering if anyone knew how to ascertain what type of file was beinguploaded when using a multipart form. I'm trying to create a file uploadthat will only allow a .txt file to be uploaded. I've tried to ascertainthe file type coming in using the formvariables context but it doesn't seemto work. The form works fine...files uploading without problem. Doesanyone have any ideas?Thank you,Tana-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Tana Adams"

DOWNLOAD WEBDNA NOW!

Re: Multipart Form - Ascertain File Type

2007

Top Articles:

Related Readings: