NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Richard I on January 17, 2023, 01:29:27 AM
-
Hi all,
Im using the NT example FileDownload(40) and want to heed Bruce's on board warning regarding the ability to download any file.
I only want to download CSV and TXT files and have this to illustrate what I want
Thought I might use String Theory, so help with code appreciated
Regards,
Richard
IF CONTENTS(loc:filename) = '.DOC' OR |
CONTENTS(loc:filename) = '.DOCX' OR |
CONTENTS(loc:filename) = '.tps'
loc:Alert = 'invalid file'
ELSE
END
-
this work for me, in your field upload - 6 Add Late Server Side Code Here
Mem:FotoExtension = upper(st.ExtensionOnly(p_web.GSV('Loc:Path')))
IF NOT INLIST(Mem:FotoExtension,'JPG','GIF','TIFF','PNG') OR p_web.GSV('Loc:Path')=''
loc:invalid = 'Loc:Path'
loc:Alert = 'FOTO INVALIDAD SOLO SE ACEPTAN: JPG,GIF,TIFF,PNG'
p_web.Script('ntAlert("Invalid Document Type.","ALERT");')
remove(p_web.GSV('Loc:Path'))
p_web.ssv(Loc:Path,'')
CLEAR(Loc:Path)
CLEAR(Mem:FotoExtension)
EXIT
END
-
Yeah, Osa's one is better because it deals directly with the file extension.
Richard, I'm not sure what your one does, because you're using CONTENTS which I don't think does what you think it does.
Plus (I think?) you are searching the whole name for .Doc, not limiting to the extension.
Osa - bear in mind that there are likely to be graphic files on your computer which are not for public consumption. So I think I'd add some sort of folder test in there as well to limit the folders it can serve from.
And also eliminate any file names that contain .\ or ..\ in them.
cheers
Bruce
-
Thanks Bruce
My rendition of Osa's code didnt work - probably cause I have it in the wrong place...
I have it at
Serve Document, Before Header ( thats where you have the warning)
I have now -
loc:filename = clip(p_web.site.apppath) & p_web.GetValue('name')
st.SetValue(loc:Filename)
STOP('here')
if st.ContainsA('.docx') = TRUE
STOP('Inside TRUE statement')
loc:Alert = 'Invalid Extension'
p_web.Script('ntAlert("Invalid Document Extension Type.","ALERT");')
end
The stops stop but the loc:Alert doesnt feature.//
Thanks
C heers
Richard
-
As I recall offhand, Serve document is a NetWebPage.
loc:alert is not a "thing" in that context as I recall.
personally I wouldn't bother to reply to the user, I'd just send back "nothing".
Since presumably the request is illegal anyway.
Cheers
Bruce