很多的验证只是单纯的验证文件的扩展名,但是文件的扩展名可以被修改的,一旦修改了,还是可以上传到服务器的。。。
public bool IsAllowedExtension(HttpPostedFile fu)
{
int fileLen = fu.ContentLength;
byte[] imgArray = new byte[fileLen];
fu.InputStream.Read(imgArray, 0, fileLen);
MemoryStream ms = new MemoryStream(imgArray);
System.IO.BinaryReader br = new System.IO.BinaryReader(ms);
string fileclass = "";
byte buffer;
try
{
buffer = br.ReadByte();
fileclass = buffer.ToString();
buffer = br.ReadByte();
fileclass += buffer.ToString();
}
catch
{
}
finally
{
br.Close();
ms.Close();
}
//注意将文件流指针还原
fu.InputStrea