/// <summary> /// Uploads the whole file. /// </summary> /// <param name="context">The context.</param> /// <param name="statuses">The statuses.</param> private void UploadWholeFile(HttpContext context, ICollection <FilesUploadStatus> statuses) { var forumId = HttpContext.Current.Request["forumID"].ToType <int>(); var boardId = HttpContext.Current.Request["boardID"].ToType <int>(); var yafUserId = HttpContext.Current.Request["userID"].ToType <int>(); var uploadFolder = HttpContext.Current.Request["uploadFolder"]; if (!this.CheckAccessRights(boardId, forumId)) { throw new HttpRequestValidationException("No Access"); } try { var allowedExtensions = this.Get <BoardSettings>().AllowedFileExtensions.ToLower().Split(','); for (var i = 0; i < context.Request.Files.Count; i++) { var file = context.Request.Files[i]; var fileName = Path.GetFileName(file.FileName); var extension = Path.GetExtension(fileName).Replace(".", string.Empty).ToLower(); if (!allowedExtensions.Contains(extension)) { throw new HttpRequestValidationException("Invalid File"); } if (!MimeTypes.FileMatchContentType(file)) { throw new HttpRequestValidationException("Invalid File"); } if (fileName.IsSet()) { // Check for Illegal Chars if (FileHelper.ValidateFileName(fileName)) { fileName = FileHelper.CleanFileName(fileName); } } else { throw new HttpRequestValidationException("File does not have a name"); } if (fileName.Length > 220) { fileName = fileName.Substring(fileName.Length - 220); } // verify the size of the attachment if (this.Get <BoardSettings>().MaxFileSize > 0 && file.ContentLength > this.Get <BoardSettings>().MaxFileSize) { throw new HttpRequestValidationException( this.Get <ILocalization>().GetTextFormatted( "UPLOAD_TOOBIG", file.ContentLength / 1024, this.Get <BoardSettings>().MaxFileSize / 1024)); } int newAttachmentId; if (this.Get <BoardSettings>().UseFileTable) { newAttachmentId = this.GetRepository <Attachment>().Save( yafUserId, fileName, file.ContentLength, file.ContentType, file.InputStream.ToArray()); } else { var previousDirectory = this.Get <HttpRequestBase>() .MapPath(Path.Combine(BaseUrlBuilder.ServerFileRoot, uploadFolder)); // check if Uploads folder exists if (!Directory.Exists(previousDirectory)) { Directory.CreateDirectory(previousDirectory); } newAttachmentId = this.GetRepository <Attachment>().Save( yafUserId, fileName, file.ContentLength, file.ContentType); file.SaveAs($"{previousDirectory}/u{yafUserId}-{newAttachmentId}.{fileName}.yafupload"); } var fullName = Path.GetFileName(fileName); statuses.Add(new FilesUploadStatus(fullName, file.ContentLength, newAttachmentId)); } } catch (Exception ex) { this.Get <ILogger>().Error(ex, "Error during Attachment upload"); } }