#17622: Adding FileAllowed method.

--HG-- branch : 1.x
2025-10-15 19:54:57 +08:00 · 2011-04-03 15:38:51 -07:00
parent 24095759e6
commit fd3926c650
2 changed files with 30 additions and 1 deletions
--- a/src/Orchard.Web/Modules/Orchard.Media/Services/IMediaService.cs
+++ b/src/Orchard.Web/Modules/Orchard.Media/Services/IMediaService.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Web;
@@ -92,5 +93,20 @@ namespace Orchard.Media.Services {
        /// <param name="extractZip">Boolean value indicating weather zip files should be extracted.</param>
        /// <returns>The path to the uploaded file.</returns>
        string UploadMediaFile(string folderPath, string fileName, Stream inputStream, bool extractZip);
+
+        /// <summary>
+        /// Verifies if a file is allowed based on its name and the policies defined by the black / white lists.
+        /// </summary>
+        /// <param name="postedFile">The posted file</param>
+        /// <returns>True if the file is allowed; false if otherwise.</returns>
+        bool FileAllowed(HttpPostedFileBase postedFile);
+
+        /// <summary>
+        /// Verifies if a file is allowed based on its name and the policies defined by the black / white lists.
+        /// </summary>
+        /// <param name="fileName">The file name of the file to validate.</param>
+        /// <param name="allowZip">Boolean value indicating weather zip files are allowed.</param>
+        /// <returns>True if the file is allowed; false if otherwise.</returns>
+        bool FileAllowed(string fileName, bool allowZip);
    }
 }
--- a/src/Orchard.Web/Modules/Orchard.Media/Services/MediaService.cs
+++ b/src/Orchard.Web/Modules/Orchard.Media/Services/MediaService.cs
@@ -209,13 +209,26 @@ namespace Orchard.Media.Services {
            return _storageProvider.GetPublicUrl(filePath);
        }

+        /// <summary>
+        /// Verifies if a file is allowed based on its name and the policies defined by the black / white lists.
+        /// </summary>
+        /// <param name="postedFile">The posted file</param>
+        /// <returns>True if the file is allowed; false if otherwise.</returns>
+        public bool FileAllowed(HttpPostedFileBase postedFile) {
+            if (postedFile == null) {
+                return false;
+            }
+
+            return FileAllowed(postedFile.FileName, true);
+        }
+
        /// <summary>
        /// Verifies if a file is allowed based on its name and the policies defined by the black / white lists.
        /// </summary>
        /// <param name="fileName">The file name of the file to validate.</param>
        /// <param name="allowZip">Boolean value indicating weather zip files are allowed.</param>
        /// <returns>True if the file is allowed; false if otherwise.</returns>
-        protected bool FileAllowed(string fileName, bool allowZip) {
+        public bool FileAllowed(string fileName, bool allowZip) {
            string localFileName = GetFileName(fileName);
            string extension = GetExtension(localFileName);
            if (string.IsNullOrEmpty(localFileName) || string.IsNullOrEmpty(extension)) {