Setup:
I am writing an Admin utility for the eLearning package. Using this utility, teachers can write their own courses, add / upload images, etc.
My problem is related to security vulnerabilities when downloading files, in particular to image files.
The following code is my controller code for POST, which uploads a new image file:
[HttpPost]
public virtual ActionResult StepImage(int CourseId, int StepOrder, HttpPostedFileBase file)
{
service.CourseId = CourseId;
service.StepOrder = StepOrder;
if (file.ContentLength > 0)
{
var fileName = Path.GetFileName(file.FileName);
var fileExtension = Path.GetExtension(fileName);
if ((fileExtension == ".jpg") || (fileExtension == ".gif") || (fileExtension == ".png"))
{
service.StoreImageFileName(fileName);
var path = Server.MapPath("~/[path to where images are uploaded]/" + service.CourseId + "/");
if(!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
file.SaveAs(path + fileName);
}
else
{
}
}
else
{
}
return RedirectToAction(MVC.Admin.StepEditor.Actions.Edit(CourseId, StepOrder));
}
You can see from the above code that I am checking the file extension and only allow .jpg, .gif and .png.
Questions
I tried to save the files in the App_Data folder, but this led to a 403 ban when Views tried to display the images.
So I put them in ~ / Images / ...
Is there a security risk? Can someone download a .exe file with a .jpg extension and make it execute baddie code?
, , Tutor , , ... . - .
PS:
Scott Hanselman Phil Haack ASP.NET MVC 2 +: