NetTalk Central

Author Topic: File Upload - Restrict File Type and Size  (Read 2481 times)

debraballenger

  • Newbie
  • *
  • Posts: 49
    • View Profile
    • Email
File Upload - Restrict File Type and Size
« on: August 22, 2013, 06:47:55 AM »
Sorry if I am missing something obvious. 
How can I restrict the types of files that can be uploaded?
and How can I restrict the file size that can be uploaded?

Thanks!

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: File Upload - Restrict File Type and Size
« Reply #1 on: August 22, 2013, 09:38:23 PM »
Hi Debra,

You can't really restrict the types of files being _uploaded_. (You can obviously check them when they arrive, and throw them away if you don't like them.) Even if the page itself limited the upload type though, it's certainly possible for anyone to bypass that so it would offer no security benefit. You must check on the server side to be sure.

>> How can I restrict the file size that can be uploaded?
WebServer procedure.
NetTalk extension
Settings / Security
"Maximum POST Size".

This limits the size of a single POST - which could include multiple files being uploaded. (If you are using the new Uploader though, each file is sent as a separate post, so this setting effectivly sets the max file size).

>> How can I restrict the types of files that can be saved after uploading?

WebHandler procedure, right-click, choose Source, and look for the
p_web.SaveFile PROCEDURE(STRING p_name,STRING p_filename,*STRING p_file,LONG p_len)
method. (hint, there are 2 SaveFile methods, you want the second one.)

In there, before the parent call, you can inspect the p_filename parameter and reject it by doing a RETURN before the PARENT call.
For example;

st  StringTheory
  code
  st.SetValue(p_filename)
  case lower(st.ExtensionOnly)
  of 'zip'
  orof 'png'
    ! do nothing, allow Parent call to work.
  else
    Return
  end


Cheers
Bruce