"Chris Mahoney" <ch**********@gmail.comwrote in message
news:11**********************@k78g2000cwa.googlegr oups.com...
Hi
I'm setting up a site where users will be able to upload photos. I'd
like to be able to ensure that they're uploading JPEGs, and not
malicious code. I've tried checking the MIME type, but that doesn't
seem to be reliable; for example if you rename an .exe to .jpg and
upload using Firefox, it returns "image/jpeg" (IE 6 returns
"application/octet-stream").
I understand that there probably isn't a surefire solution to this,
but a little security is better than none. Any advice? I'm using VB
2005 but I can read C# if I need to :)
Thanks
Chris
Hi Chris
First check it with HttpPostedFile.ContentType
Then try to create a System.Drawing.Image object from a given source. If
this succeeds, you can be fairly certain the source is a valid image. In
addition, check Img.RawFormat
Sample code:
Try
Dim Img as System.Drawing.Image =
System.Drawing.Image.FromFile("C:\MyImage.gif") 'FromStream(...)
if (Img.RawFormat.Equals(System.Drawing.Imaging.Image Format.Jpeg)) then
... ok
Else
... wrong
End if
Catch
... wrong
End Try