Is there any already implemented way to validate file extension in Symfony? File and Image validators can only validate mime type. Is there any way to do it or do I have to use a custom validator / callback?
You could use a RegexValidator if all you want to validate about is the file extension. Do keep in mind that a file extension in no way guarantees the contents of the file. Someone could upload an executable as a .png for instance.
Example
new RegexValidator('/(.+)(\.jpg|\.png|\.gif)$/')
Will match any filename ending in .jpg, .png or .gif
If you want more control over it (for example, passing an array of allowed extensions) I would recommend using a CallbackValidator or making your own. Good luck!
Related
I have an ARM template, which I use to deploy a resource which has a property that contains a Python script as a string. Instead of having the script in the template file, I would prefer to have it in a .py file, and embed that in the template on deployment.
Is there a way to achieve this?
The simplest way to do this is using loadTextContent() in bicep: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-files#loadtextcontent
If you're not using bicep (and can't) there's no good substitution for it in JSON, you'd have to fashion something to parse the json, figure out where that goes and stringify yourself.
That help?
Can someone load and run malicious codes into and from a css file? I just want to know if it is possible to load malicious code from a css file (example.css).
Are there any codes that can be placed in the css file that are malicious? for example javascript or php files can be very dangerous if we put a malicious code into them. Like PHP can query database, javascript can load other stuff. Now what about CSS?
I am just curious if it is possible to cause security problems using css file too.
Well we can set the src property of images from CSS. The src property usually contains the url of the image, but it can also contain the image itself in base64 encoded format.
It is possible to write malicious javascript or php code and then encode it using base64 authentication and use it in the src attribute of an image
I am developing custom upload module. I want to allow users to upload xls and xslx files only. How can I restrict this using file_save_upload function. Thank you
You should probably use the validate function for the form that has the file upload element on it instead. Or perhaps consider just using the File CCK element and using its settings to only allow files with xls and xlsx extensions to be uploaded - that would probably save you a whole lot of time.
I have a custom asp.net control. That control will also render to the page a piece of javascript. This javascript piece of code is actually properties that have to be initialized. One of this property value must be a path. This path is a directory that is inside this assembly. If it is was a file i would use GetWebResourceUrl but now I don't know what commands to use.
Also I would like to know, if I get the dir path the files inside it will be available for the javascript to use them or not?
Try this: System.Reflection.Assembly.GetExecutingAssembly().Location
The file upload control in asp.net does not allow me to select a folder and enables me to select only the files. Is there any way in which I can select a folder (obviously without using the file upload control).
Why I want to select the folder is basically to store its entire path in a database table.
The HTML <input type=file> element only supports single file uploads. If you to have multiple file upload, you would have to use a 3rd party component - usually written in Flash.
Here an example: http://www.codeproject.com/KB/aspnet/FlashUpload.aspx
No, browsing for files are the client-side feature, and the only information about file path is their name. It's cause security.
I dont think HTML supports what you are trying to do. Perhaps as a workaround you can have them select a file in the folder and then chop off the file name when processing it but thats a mess to be honest.
Ask them to Paste or type the path into a textbox perhaps. The issue here is you cant check for typos.
Id say you should rethink what you are trying to do.