All geek questions in one place

How to check a download file - txt or a changed extension manually?

I created one webpage where I want to download only a text file using JavaScript, and it works fine.

Using below javascript, checking the txt download file or not?

<script>
  function checkExt() {
    if(document.mainForm.myfile.value.lastIndexOf(".txt")==-1) {
      alert("Please upload only .txt extention file");
      return false;
    }
  }
</script>

<form name="mainForm">
   <input type="file" name="myfile" onchange="checkExt();"/>
</form>

Live demo here

Problem . If I change the .exe file extension to .txt manually, it also loads because I only check the file extension. So my question is how to protect against an exe file (which is manually changed to txt ) for download.

I want to stop loading exe, jar files, which are changed or renamed forcibly or manually.

+4
3

exe txt . . , , exe , .txt.

,

import java.io.File;
import java.io.FileInputStream;

public class TestExecutableFile {

    public static void main(String[] args) {

        byte[] firstBytes = new byte[4];
        try {
            FileInputStream input = new FileInputStream(new File("[filepath]/[filename]"));
            input.read(firstBytes);

            // Checking file is executable
            if (firstBytes[0] == 0x4d && firstBytes[1] == 0x5a) {
                System.out.println("Executable File");
            }else{
                System.out.println("Non Executable File");
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
+2

, , MIME , .

Ref. article .NET, mime ,

ROFLwTIME

0

form.value, form.files. :

{
    lastModified: 1502265800000
    lastModifiedDate: Wed Aug 09 2017 11:03:20 GMT+0300 (EEST) {}
    name: "14ecdf0302f4bbc84cfbbf85b3b94013.jpg"
    size: 463225
    type: "image/jpeg"
}
0
source

Source: https://habr.com/ru/post/1683815/

More articles:


All Articles