Upload contains full local path of the user

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Upload contains full local path of the user

Message

From

15/11/2011 16:33:36

Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada

15/11/2011 14:26:04

Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada

General information

Forum:

ASP.NET

Category:

Other

Title:

Re: Upload contains full local path of the user

Environment versions

Environment:

VB 9.0

OS:

Windows 7

Network:

Windows 2003 Server

Database:

MS SQL Server

Application:

Web

Miscellaneous

Thread ID:

01528948

Message ID:

01528969

Views:

To fix this, I have applied a verification in the file name to see if I have a path. But, I am curious to know if this is normal that I get a full path from when the upload is done from a local network and never got a full path before when the upload is done thru the Internet.

            Dim lcControl As String = ""
            Dim lcFileName As String = ""
            Dim lnFileSize As Integer = 0
            Dim lnLocation As Integer = 0
            Dim loFileUpload As System.Web.UI.WebControls.FileUpload = New System.Web.UI.WebControls.FileUpload
            Dim loHttpPostedFile As System.Web.HttpPostedFile = Nothing

                ' Get a reference to the control
                loFileUpload = oProcess.oPage.FindControl(lcControl + "$FileUpload")

                ' If the file was uploaded
                If Not loFileUpload Is Nothing Then

                    ' Get a reference to the posted file
                    loHttpPostedFile = loFileUpload.PostedFile

                    ' See if the file was submitted
                    If Not loHttpPostedFile Is Nothing Then

                        ' Get the file size
                        lnFileSize = loHttpPostedFile.ContentLength

                        ' If the file was submitted
                        If lnFileSize > 0 Then

                            ' Get the file name
                            lcFileName = loHttpPostedFile.FileName

                            ' The following is to make sure we do not negotiate with a full path. This has been discovered
                            ' when the upload is done thru a local network. It took over two years of thousands of uploads
                            ' to discover that one. So, we always verify for the path first and adjust accordingly.

                            ' Try to search for a \
                            lnLocation = oApp.RAt("\", lcFileName)

                            ' If we have a full path
                            If lnLocation > 0 Then
                                lcFileName = Mid(lcFileName, lnLocation + 1)
                            End If

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Map

View

Click here to load this message in the networking platform