FCKeditor 上传修改,添加对文件的类型以及大小的限制,ASP.NET C#
FCKeditor 上传修改,添加对文件的类型以及大小的限制(ASP.NET C#)
用了FCKeditor以后才知道,在性能上确实是挺优越的,特别是在加载的速度上,远比其它的编辑器要来得快,而且跨语言跨平台,也不会像FreeTextBox那样在页面中加入一大堆的ViewState视图状态代码,减轻了页面文件的重量,提高了加载速度. 编辑器本身也内置了文件上传功能,但他却不对文件的类型以及大小做出限制,以至于带有安全忧患,万一给人上传了一个木马或者一个上面兆的影片文件怎么办,当然,修改*config.js文件可以解决,但似乎存在着某方面的安全隐患吧. 由于FCKeditor本身是开源的,所以我可以对里面的某些代码进行修改. 首先是对FileWorkerBase.cs基类的修改 using System; namespace FredCK.FCKeditorV2 { public abstract class FileWorkerBase : System.Web.UI.Page { private const string DEFAULT_USER_FILES_PATH = "/UserFiles/"; private const string DEFAULT_USER_FILES_UPLOADTYPE = ".jpg.jpeg.bmp.gif.png.zip.rar.swf.";//默认允许上传文件类型 private const int DEFAULT_USER_FILES_UPLOADSIZE = 1024;//默认允许上传文件大小(1024KB) private string sUserFilesPath; private string sUserFilesDirectory; private string sUserUploadType; private int iUserUploadSize = 0; protected string UserFilesPath { get { if (sUserFilesPath == null) { // Try to get from the "Application". sUserFilesPath = (string)Application["FCKeditor:UserFilesPath"]; // Try to get from the "Session". if (sUserFilesPath == null || sUserFilesPath.Length == 0) { sUserFilesPath = (string)Session["FCKeditor:UserFilesPath"]; // Try to get from the Web.config file. if (sUserFilesPath == null || sUserFilesPath.Length == 0) { sUserFilesPath = System.Web.Configuration.WebConfigurationManager.AppSettings["FCKeditor:UserFilesPath"]; // Otherwise use the default value. if (sUserFilesPath == null || sUserFilesPath.Length == 0) sUserFilesPath = DEFAULT_USER_FILES_PATH; // Try to get from the URL. if (sUserFilesPath == null || sUserFilesPath.Length == 0) { sUserFilesPath = Request.QueryString["ServerPath"]; } } } // Check that the user path ends with slash ("/") if (!sUserFilesPath.EndsWith("/")) sUserFilesPath += "/"; } return sUserFilesPath; } } /**//// <summary> /// The absolution path (server side) of the user files directory. It /// is based on the <see cref="FileWorkerBase.UserFilesPath"/>. /// </summary> protected string UserFilesDirectory { get { if (sUserFilesDirectory == null) { // Get the local (server) directory path translation. sUserFilesDirectory = Server.MapPath(this.UserFilesPath); } return sUserFilesDirectory; } } /**//// <summary> /// 获取允许上传的类型 /// </summary> protected string UserUploadType { get { if (sUserUploadType == null) { // Try to get from the "Application". sUserUploadType = (string)Application["FCKeditor:UserUploadType"]; // Try to get from the "Session". if (sUserUploadType == null || sUserUploadType.Length == 0) { sUserUploadType = (string)Session["FCKeditor:UserUploadType"]; // Try to get from the Web.config file. if (sUserUploadType == null || sUserUploadType.Length == 0) { sUserUploadType = System.Web.Configuration.WebConfigurationManager.AppSettings["FCKeditor:UserUploadType"]; // Otherwise use the default value. if (sUserUploadType == null || sUserUploadType.Length == 0) sUserUploadType = DEFAULT_USER_FILES_UPLOADTYPE; } } // Check that the user path starts and ends with slash (".") if (!sUserUploadType.StartsWith(".")) sUserUploadType = "." + sUserUploadType; if (!sUserUploadType.EndsWith(".")) sUserUploadType += "."; } return sUserUploadType; } } /**//// <summary> /// 获取允许上传的文件最大限制 /// </summary> protected int UserUploadSize { get { if (iUserUploadSize < 1) { iUserUploadSize = Convert.ToInt32(Application["FCKeditor:UserUploadSize"]); if (iUserUploadSize < 1) { iUserUploadSize = Convert.ToInt32(Session["FCKeditor:UserUploadSize"]); if (iUserUploadSize < 1) { iUserUploadSize = Convert.ToInt32(System.Web.Configuration.WebConfigurationManager.AppSettings["FCKeditor:UserUploadSize"]); if (iUserUploadSize < 1) { iUserUploadSize = DEFAULT_USER_FILES_UPLOADSIZE; } } } } return iUserUploadSize; } } } } 接着就是对点击"浏览服务器"页面的上传部分的修改 以下是对FileBrowserConnector.cs中的FileUpload()函数的修改 private void FileUpload(string resourceType, string currentFolder) { HttpPostedFile oFile = Request.Files["NewFile"]; string sErrorNumber = "0"; string sFileName = ""; if (oFile != null && oFile.ContentLength > 0) { // Map the virtual path to the local server path. string sServerDir = this.ServerMapFolder(resourceType, currentFolder); /**//* // Get the uploaded file name. sFileName = System.IO.Path.GetFileName( oFile.FileName ) ; int iCounter = 0 ; while ( true ) { string sFilePath = System.IO.Path.Combine( sServerDir, sFileName ) ; if ( System.IO.File.Exists( sFilePath ) ) { iCounter++ ; sFileName = System.IO.Path.GetFileNameWithoutExtension( oFile.FileName ) + "(" + iCounter + ")" + System.IO.Path.GetExtension( oFile.FileName ) ; sErrorNumber = "201" ; } else { oFile.SaveAs( sFilePath ) ; break ; } } */ if (this.UserUploadType.ToLower().IndexOf(System.IO.Path.GetExtension(oFile.FileName).ToLower() + ".") > -1)//检测是否为允许的上传文件类型 { if (this.UserUploadSize * 1024 >= oFile.ContentLength)//检测文件大小是否超过限制 { sFileName = DateTime.Now.ToString("yyyyMMddHHmmssffff") + System.IO.Path.GetExtension(oFile.FileName); string sFilePath = System.IO.Path.Combine(sServerDir, sFileName); oFile.SaveAs(sFilePath); } else//文件大小超过限制 { Response.Clear(); Response.Write("<script type="text/javascript">"); Response.Write("window.parent.frames['frmUpload'].OnUploadCompleted(1,'上传文件大小超出限制') ;"); Response.Write("</script>"); Response.End(); } } else //文件类型不允许上传 { Response.Clear(); Response.Write("<script type="text/javascript">"); Response.Write("window.parent.frames['frmUpload'].OnUploadCompleted(1,'上传文件类型不允许') ;"); Response.Write("</script>"); Response.End(); } } else sErrorNumber = "202"; Response.Clear(); Response.Write("<script type="text/javascript">"); Response.Write("window.parent.frames['frmUpload'].OnUploadCompleted(" + sErrorNumber + ",'" + sFileName.Replace("'", "\'") + "') ;"); Response.Write("</script>"); Response.End(); } 最后就是对Uploader.cs类中的OnLoad()函数的修改 protected override void OnLoad(EventArgs e) { // Get the posted file. HttpPostedFile oFile = Request.Files["NewFile"]; // Check if the file has been correctly uploaded if (oFile == null || oFile.ContentLength == 0) { SendResults(202); return; } int iErrorNumber = 0; string sFileUrl = ""; string sFileName = ""; //使用原文件名上传代码,如果文件名相同,则在后面加上标号(1)(2) /**//* // Get the uploaded file name. string sFileName = System.IO.Path.GetFileName( oFile.FileName ) ; int iCounter = 0 ; while ( true ) { string sFilePath = System.IO.Path.Combine( this.UserFilesDirectory, sFileName ) ; if ( System.IO.File.Exists( sFilePath ) ) { iCounter++ ; sFileName = System.IO.Path.GetFileNameWithoutExtension( oFile.FileName ) + "(" + iCounter + ")" + System.IO.Path.GetExtension( oFile.FileName ) ; iErrorNumber = 201 ; } else { oFile.SaveAs( sFilePath ) ; sFileUrl = this.UserFilesPath + sFileName ; break ; } } */ //使用原文件名上传代码结束 //使用时间作为流水号文件名 if (this.UserUploadSize * 1024 >= oFile.ContentLength)//检测文件大小是否超过限制 { sFileName = DateTime.Now.ToString("yyyyMMddHHmmssffff") + System.IO.Path.GetExtension(oFile.FileName); string sFilePath = System.IO.Path.Combine(this.UserFilesDirectory, sFileName); oFile.SaveAs(sFilePath); sFileUrl = this.UserFilesPath + sFileName; } else//文件大小超过限制 { SendResults(1, "", "", "上传文件大小超出限制"); } /**////////////////////////////////////////////////////////////////////////////// SendResults(iErrorNumber, sFileUrl, sFileName); } 最后只要在Web.Config文件中加入对文件上传的限制值就可以了. <?xml version="1.0"?> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <appSettings> <add key="FCKeditor:UserFilesPath" value="/UserFiles/" /> <add key="FCKeditor:UserUploadType" value=".gif.jpg.jpeg.rar.zip.swf.png" /> <add key="FCKeditor:UserUploadSize" value="5120" /><!--单位为KB--> </appSettings> <system.web> <httpRuntime maxRequestLength="512000" /> </system.web> </configuration> 相关文章: |
- 上一篇 »修改PHP上传文件大小限制的方法
- 下一篇 »php 修改默认上传大小的设置