开发者

Detect if user changed file extension to upload?

开发者 https://www.devze.com 2023-01-13 23:45 出处:网络
Using a Java servlet, is it possible to detect the true file type of a file, regardless of its extension?

Using a Java servlet, is it possible to detect the true file type of a file, regardless of its extension?

Scenario: You only allow plain text file uploads (.txt and .csv) The user takes the file, mypicture.jpg, renames it to mypicture.txt and proceeds to upload the file. Your servlet expects only text files an开发者_StackOverflowd blows up trying to read the jpg.

Obviously this is user error, but is there a way to detect that its not plain text and not proceed?


You can do this using the builtin URLConnection#guessContentTypeFromStream() API. It's however pretty limited in content types it can detect, you can then better use a 3rd party library like jMimeMagic.

See also:

  • Best way to determine file type in Java
  • When do browsers send application/octet-stream as Content-Type?


No. There is no way to know what type of file you are being uploaded. You must make all verifications on the server before taking any actions with the file.


I think you should consider why your program might blow up when give a JPEG (say) and make it defensive against this. For example a JPEG file is likely to have apparently very long lines (any LF of CR LF will be soemwhat randomly spread). But a so called text file could equally have long lines that might kill your program,


What exactly do you mean by "plain text file"? Would a file consisting of Chinese text be a plain text file? If you assume English text in ASCII or ANSI coding, you would have to read the full file as binary file, and check that e. g. all byte values are between, say, 32 and 127 plus 13, 10, 9, maybe.

0

精彩评论

暂无评论...
验证码 换一张
取 消