Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Web Programming > JavaScript > Javascript How-To
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Javascript How-To Ask your "How do I do this with Javascript?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Javascript How-To section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #21 (permalink)  
Old March 10th, 2007, 09:44 AM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Assuming sPath contains a full file path, you can indeed check if it ends on .jpeg or .gif to make sure you only allow images to be uploaded.

However, since you're creating a text file:

Set oFile = oFS.CreateTextFile(sPath & FileName, True)

I doubt you'll ever get an image on the server....

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #22 (permalink)  
Old March 10th, 2007, 09:53 AM
Friend of Wrox
 
Join Date: May 2005
Location: , , Norway.
Posts: 189
Thanks: 0
Thanked 0 Times in 0 Posts
Default

... but the txtfile is an binary-file, is it not? May be the validation schould be incorporated with the "save to database"-line...

<%
    Public Sub SaveToDisk(sPath)
        Dim oFS, oFile
        Dim nIndex

        If sPath = "" Or FileName = "" Then Exit Sub
        If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"

        Set oFS = Server.CreateObject("Scripting.FileSystemObject")
        If Not oFS.FolderExists(sPath) Then Exit Sub

        Set oFile = oFS.CreateTextFile(sPath & FileName, True)

        For nIndex = 1 to LenB(FileData)
            oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
        Next

        oFile.Close
    End Sub

    Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
        If IsObject(oField) Then
            oField.AppendChunk FileData
        End If
    End Sub
%>


instead? Does this matter?

Mvh
grstad
Reply With Quote
  #23 (permalink)  
Old March 10th, 2007, 10:08 AM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

?????? Completely lost....

Can you explain in detail what it is that you're trying to do and what exactly you're asking?

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #24 (permalink)  
Old March 10th, 2007, 10:14 AM
Friend of Wrox
 
Join Date: May 2005
Location: , , Norway.
Posts: 189
Thanks: 0
Thanked 0 Times in 0 Posts
Default

... to do a server-side validation of an image-upload enabeled for the clients of my web-app!

Mvh
grstad

PS
I do like the "Efteling-park" near Delft!
Reply With Quote
  #25 (permalink)  
Old March 10th, 2007, 10:30 AM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

I understood that part, but that's about it.

Where is this code used? How do you call it? Why do you think moving the validation from the disk based method to the database method would be enough? Where do you get your file? Does the current code work? What happens when you upload an image right now? Does it work? If not, do you get an error? And so on and so on. All relevant information if you need help....

Anyway, I would take one step back if I were you. At the place where you define the value for sPath and before you call SaveToDisk, look into that string, and see if it ends with an extension you want to allow using VB Script's Mid, Left and Right functions.

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #26 (permalink)  
Old March 10th, 2007, 10:56 AM
Friend of Wrox
 
Join Date: May 2005
Location: , , Norway.
Posts: 189
Thanks: 0
Thanked 0 Times in 0 Posts
Default

... yes, my web app does work. The upload-code works. There are no errors. But I do not wish any clients to be able to upload any harmful files to the webserver.

The code is called by using


Why do you think moving the validation from the disk based method to the database method would be enough?
      I thaught that there were no ".jpeg" or ".gif" in the binary-file text to be recognized!

What aboat;

<%
    Public Sub SaveToDisk(sPath)
        Dim oFS, oFile
        Dim nIndex

        If sPath = "" Or FileName = "" Then Exit Sub
        If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"

        Set oFS = Server.CreateObject("Scripting.FileSystemObject")
        If Not oFS.FolderExists(sPath) Then Exit Sub

        Set oFile = oFS.CreateTextFile(sPath & FileName, True)

        For nIndex = 1 to LenB(FileData)
            oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
        Next

        oFile.Close
    End Sub

    Public Sub SaveToDatabase(ByRef oField)
             If LenB(FileData) = 0 Or Right(FileData) <> .gif Then Exit Sub
       If IsObject(oField) Then
            oField.AppendChunk FileData
        End If
    End Sub
%>



Mvh
grstad
Reply With Quote
  #27 (permalink)  
Old March 10th, 2007, 11:05 AM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Since I don't know your code and only see the SaveToDatabase method, I can only guess. However, this looks weird:

If LenB(FileData) = 0 Or Right(FileData) <> .gif Then Exit Sub

What is FileData? Where does it get a value? I would assume it contains the actual file bytes, not the file name, right?

Again: I would take one step back if I were you. At the place where you get the file and call SaveToDisk or SaveToDatabase, look into the uploaded filename, and see if it ends with an extension you want to allow using VB Script's Mid, Left and Right functions.

There's no point in posting the same method over and over again. You'll need to look at the code that *calls* these methods to understand what contains the file name, and what contains the actual file.
Otherwise, I can only guess; which leads to nowhere...

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #28 (permalink)  
Old March 10th, 2007, 11:33 AM
Friend of Wrox
 
Join Date: May 2005
Location: , , Norway.
Posts: 189
Thanks: 0
Thanked 0 Times in 0 Posts
Default

...the sPath must be the binary value and the FileName must be the file path (!) saved to the database-field. So, if the FileName is different from ".gif", then Exit Sub!

Is it not enough to ad to the script;

If sPath = "" Or FileName = "" Or Right("FileName",4) <> ".gif" Then Exit Sub

..?

Mvh
grstad



Class FileUploader
    Public Files
    Private mcolFormElem

    Private Sub Class_Initialize()
        Set Files = Server.CreateObject("Scripting.Dictionary")
        Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
    End Sub

    Private Sub Class_Terminate()
        If IsObject(Files) Then
            Files.RemoveAll()
            Set Files = Nothing
        End If
        If IsObject(mcolFormElem) Then
            mcolFormElem.RemoveAll()
            Set mcolFormElem = Nothing
        End If
    End Sub

    Public Property Get Form(sIndex)
        Form = ""
        If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
    End Property

    Public Default Sub Upload()
        Dim biData, sInputName
        Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
        Dim nPosFile, nPosBound

        biData = Request.BinaryRead(Request.TotalBytes)
        nPosBegin = 1
        nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))

        If (nPosEnd-nPosBegin) <= 0 Then Exit Sub

        vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
        nDataBoundPos = InstrB(1, biData, vDataBounds)

        Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))

            nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
            nPos = InstrB(nPos, biData, CByteString("name="))
            nPosBegin = nPos + 6
            nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
            sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
            nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
            nPosBound = InstrB(nPosEnd, biData, vDataBounds)

            If nPosFile <> 0 And nPosFile < nPosBound Then
                Dim oUploadFile, sFileName
                Set oUploadFile = New UploadedFile

                nPosBegin = nPosFile + 10
                nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
                sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
                oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))

                nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
                nPosBegin = nPos + 14
                nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))

                oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))

                nPosBegin = nPosEnd+4
                nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
                oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)

                If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
            Else
                nPos = InstrB(nPos, biData, CByteString(Chr(13)))
                nPosBegin = nPos + 4
                nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
                If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
            End If

            nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
        Loop
    End Sub

    'String to byte string conversion
    Private Function CByteString(sString)
        Dim nIndex
        For nIndex = 1 to Len(sString)
           CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
        Next
    End Function

    'Byte string to string conversion
    Private Function CWideString(bsString)
        Dim nIndex
        CWideString =""
        For nIndex = 1 to LenB(bsString)
           CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
        Next
    End Function
End Class

Class UploadedFile
    Public ContentType
    Public FileName
    Public FileData

    Public Property Get FileSize()
        FileSize = LenB(FileData)
    End Property

    Public Sub SaveToDisk(sPath)
        Dim oFS, oFile
        Dim nIndex

        If sPath = "" Or FileName = "" Then Exit Sub
        If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"

        Set oFS = Server.CreateObject("Scripting.FileSystemObject")
        If Not oFS.FolderExists(sPath) Then Exit Sub

        Set oFile = oFS.CreateTextFile(sPath & FileName, True)

        For nIndex = 1 to LenB(FileData)
            oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
        Next

        oFile.Close
    End Sub

    Public Sub SaveToDatabase(ByRef oField)
        If LenB(FileData) = 0 Then Exit Sub

        If IsObject(oField) Then
            oField.AppendChunk FileData
        End If
    End Sub

End Class
Reply With Quote
  #29 (permalink)  
Old March 10th, 2007, 01:35 PM
Imar's Avatar
Wrox Author
Points: 72,035, Level: 100
Points: 72,035, Level: 100 Points: 72,035, Level: 100 Points: 72,035, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,079
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Sorry, I give up. I fail to see where SaveToDisk is called. I fail to see where SaveToDatabase may be called. I don't know where sPath gets a value. I don't know where you use this code and how your web forms look like,

I have no desire to play hide and seek, and I don't feel like wading through your code in the hopes I somehow magically see your point. Sorry.

Maybe someone else can give it a shot.

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #30 (permalink)  
Old March 10th, 2007, 04:30 PM
Friend of Wrox
 
Join Date: May 2005
Location: , , Norway.
Posts: 189
Thanks: 0
Thanked 0 Times in 0 Posts
Default

...OK, Imar. But the point is simple; how do I server-side validate the files uploaded. When I try to use the ASP-tech and beginning VB-script.

That is all!

Thank you for your time spent on the subject!

Mvh
grstad

Internet has become favorable with that tool...thank you Tim Berners-Lee!
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Filter File Types in ASP.NET File Upload ramuis78 ASP.NET 2.0 Basics 2 May 31st, 2007 10:50 AM
How do I validate file input? grstad Classic ASP Professional 1 February 18th, 2007 08:45 PM
Whole Folder upload(Multi file Upload) ramasamy_rams XML 1 September 9th, 2005 12:43 PM
How to validate aspx file with xhtml 1.0 rishikantsinha .NET Framework 2.0 0 November 22nd, 2004 07:28 AM
validate file name.. gbianchi Pro VB 6 6 July 24th, 2003 06:48 AM



All times are GMT -4. The time now is 05:53 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.