C#检测上传图片是否安全函数

//添加引用System.Text;

//添加引用System.IO;

 

/// <summary>
            /// C#检测上传图片是否安全函数
            /// </summary>
            /// <param name="strPictureFilePath"></param>
            public void CheckPictureSafe(string strPictureFilePath)
            {
                bool strReturn = true;
                if (!File.Exists(strPictureFilePath))
                {
                    StringBuilder str_Temp = new StringBuilder();
                    try
                    {
                        using (StreamReader sr = new StreamReader(strPictureFilePath))    //按文本文件方式读取图片内容
                        {
                            String line;
                            while ((line = sr.ReadLine()) != null)
                            {
                                str_Temp.Append(line + ",");
                            }
                            //检测是否包含危险字符串
                            if (str_Temp == null)
                            {
                                strReturn = false;
                            }
                            else
                            {
                                str_Temp = str_Temp.Replace("'", "''");
                                string DangerString = "script|iframe|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=|include|filesystemobject|shell.application";
                                string[] sArray = DangerString.Split('|');
                                foreach (string i in sArray)
                                {
                                    strReturn = true;
                                    break;
                                }
                            }
                            sr.Close();
                        }
                        if (strReturn)
                        {
                            File.Delete(strPictureFilePath);
                        }
                    }
                    catch (Exception ex)
                    {
                        throw new Exception(ex.Message);
                    }
                }
            }

posted on 2009-04-15 04:51  风灵溪清  阅读(301)  评论(0编辑  收藏  举报

导航