隐藏

c# 图片木马防护

发布:2022/6/27 14:17:51作者:管理员 来源:本站 浏览次数:827

图片中带木马怎么办?  我们在服务端加上一层防护

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

using System.IO;
using System.Text;

/// <summary>
/// UpLoadFile 的摘要说明
/// </summary>
public class UpLoadFile:System.Web.UI.Page
{
public UpLoadFile()
{
//
// TODO: 在此处添加构造函数逻辑
//
}


/// <summary>
/// 文件上传
/// </summary>
/// <param name="UpFile">上传控件</param>
/// <param name="SourceImg">源图片名子</param>
/// <param name="SourcePage">那个页面的操作</param>
/// <returns>返回上传的文件名,可以为空</returns>
public static string UpLoadFileImg(HttpPostedFile UpFile, string SourceImg, System.Web.UI.Page SourcePage)
{
//锁定页面
SourcePage.Application.Lock();

string Img = UpFile.FileName.Trim();//获取文件名
string WebPath = SourcePage.Server.MapPath("UpLoadFile/UsersPhoto/");//上传到指定路径
string Exten = Path.GetExtension(UpFile.FileName).ToUpper();//获取文件的扩展名
int FileLength = UpFile.ContentLength;//文件大小
string FileType = UpFile.ContentType.ToUpper();//获取文件的类型

if (Img != "")
{
//上传文件第一级文件扩展名和类型验证
if (Exten != ".GIF" && Exten != ".JPG" && FileType != "" && FileType != "")
{
Img = "No";
WebScript.JavaScript.OnlyAlertMsg(SourcePage, "上传文件格式只能是(.jpg||.gif)格式!");
}
else if (FileLength / 1024 / 1024 > 1)  //上传文件不能大于1M
{
Img = "No";
WebScript.JavaScript.OnlyAlertMsg(SourcePage, "上传图片不能超过1M");
}
else
{
Img = DateTime.Now.ToString().Replace(" ", "").Replace(":", "").Replace("-", "") + Exten;//以当前时间来命名

//上传文件
UpFile.SaveAs(WebPath + Img);

//最后一部高级验证,图片上传后的操作,判断是否真的是图片
StreamReader sr = new StreamReader(WebPath + Img, Encoding.Default);
string strContent = sr.ReadToEnd();
sr.Close();
string str = "request|script|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=";
foreach (string s in str.Split('|'))
if (strContent.IndexOf(s) != -1)
{
File.Delete(WebPath + Img);
Img = "No";
WebScript.JavaScript.OnlyAlertMsg(SourcePage, "这张图片格式非法,请换一张,谢谢!");
break;
}

//删除源文件
if (Img != "No" && File.Exists(WebPath + SourceImg))
File.Delete(WebPath + SourceImg);//如果文件已经存在就删除
}
}
else
Img = SourceImg;

//取消锁定页面
SourcePage.Application.UnLock();

return Img;