private IReadOnlyCollection <FlowComponent> getUploadComponents(
int fileCollectionId, IReadOnlyCollection <BlobFile> files, DisplaySetup displaySetup, string postBackIdBase,
Action <RsFile, Validator> uploadValidationMethod, NewFileNotificationMethod fileCreatedOrReplacedNotifier)
{
RsFile file = null;
var dm = PostBack.CreateFull(
id: PostBack.GetCompositeId(postBackIdBase, "add"),
firstModificationMethod: () => {
if (file == null)
{
return;
}
var existingFile = files.SingleOrDefault(i => i.FileName == file.FileName);
int newFileId;
if (existingFile != null)
{
BlobStorageStatics.SystemProvider.UpdateFile(
existingFile.FileId,
file.FileName,
file.Contents,
BlobStorageStatics.GetContentTypeForPostedFile(file));
newFileId = existingFile.FileId;
}
else
{
newFileId = BlobStorageStatics.SystemProvider.InsertFile(
fileCollectionId,
file.FileName,
file.Contents,
BlobStorageStatics.GetContentTypeForPostedFile(file));
}
fileCreatedOrReplacedNotifier?.Invoke(newFileId);
EwfPage.AddStatusMessage(StatusMessageType.Info, "File uploaded successfully.");
});
return(FormState.ExecuteWithDataModificationsAndDefaultAction(
dm.ToCollection(),
() => new StackList(
new FileUpload(
validationMethod: (postBackValue, validator) => {
file = postBackValue;
uploadValidationMethod?.Invoke(postBackValue, validator);
}).ToFormItem()
.ToListItem()
.Append(new EwfButton(new StandardButtonStyle("Upload new file")).ToCollection().ToComponentListItem())).ToFormItem(
setup: new FormItemSetup(displaySetup: displaySetup),
label: "Select and upload a new file:".ToComponents())
.ToComponentCollection()));
}
private ControlList getUploadControlList()
{
var dm = PostBack.CreateFull(id: PostBack.GetCompositeId(postBackIdBase, "add"));
RsFile file = null;
var fi = FormItem.Create(
"",
new EwfFileUpload(),
validationGetter: control => new EwfValidation(
(pbv, validator) => {
BlobFileOps.ValidateUploadedFile(validator, control, acceptableFileExtensions, ValidateImage, AcceptOnlyImages);
file = control.GetPostBackValue(pbv);
},
dm));
dm.AddModificationMethod(
() => {
if (file == null)
{
return;
}
var existingFile = files.SingleOrDefault(i => i.FileName == file.FileName);
int newFileId;
if (existingFile != null)
{
BlobFileOps.SystemProvider.UpdateFile(existingFile.FileId, file.FileName, file.Contents, BlobFileOps.GetContentTypeForPostedFile(file));
newFileId = existingFile.FileId;
}
else
{
newFileId = BlobFileOps.SystemProvider.InsertFile(fileCollectionId, file.FileName, file.Contents, BlobFileOps.GetContentTypeForPostedFile(file));
}
if (NewFileNotificationMethod != null)
{
NewFileNotificationMethod(newFileId);
}
EwfPage.AddStatusMessage(StatusMessageType.Info, "File uploaded successfully.");
});
return(ControlList.CreateWithControls(
true,
"Select and upload a new file:",
fi.ToControl(),
new PostBackButton(dm, new ButtonActionControlStyle("Upload new file"), false)));
}
/// <summary>
/// Gets the post back value.
/// </summary>
public RsFile GetPostBackValue(PostBackValueDictionary postBackValues)
{
if (postBackValue == null)
{
var value = formValue.GetValue(postBackValues);
if (value == null)
{
return(null);
}
using (var ms = new MemoryStream()) {
value.InputStream.CopyTo(ms);
postBackValue = new RsFile(ms.ToArray(), Path.GetFileName(value.FileName), contentType: value.ContentType);
}
}
return(postBackValue);
}
public static string GetRStTF(int rid)
{
DataTable dt = Mydb.ExecuteReadertoDataTable("select rsf.FILE_ADRESS,rst.RS_TEXT from REQUEST_STATUS_FILE_SUPPLIERS rsf,REQUEST_STATUS_TEXT_SUPPLIERS rst where REQUEST_ID=@rid and rst.RST_ID=rsf.RST_ID", new SqlParameter[] { new SqlParameter("@rid", rid) }, CommandType.Text);
List <RsFile> rsfs = new List <RsFile>();
foreach (DataRow item in dt.Rows)
{
RsFile rsf = new RsFile();
rsf.RS_TEXT = item["RS_TEXT"].ToString();
rsf.ImgAdres = item["FILE_ADRESS"].ToString();
rsfs.Add(rsf);
}
JavaScriptSerializer js = new JavaScriptSerializer();
return(js.Serialize(rsfs));
}
/// <summary>
/// If file is null, this will be a no-op.
/// Pass null for acceptableFileExtensions if there is no restriction on file extension.
/// PerformAdditionalImageValidation cannot be null but may be an empty delegate.
/// </summary>
/// <param name="validator"></param>
/// <param name="file"></param>
/// <param name="acceptableFileExtensions">Prevents the user from uploading a file of a type other than those provided. File type constants found in
/// EnterpriseWebLibrary.FileExtensions. Do not use this to force the file to be a specific type of file, such as an image (which consists of several file
/// extensions). Instead, use mustBeRenderableImage.</param>
/// <param name="mustBeRenderableImage">Pass true to only accept images (of any renderable type - jpgs, pngs, but not nefs).</param>
public static void ValidateUploadedFile(Validator validator, RsFile file, string[] acceptableFileExtensions, bool mustBeRenderableImage)
{
if (file == null)
{
return;
}
// Perform generic file validation.
if (acceptableFileExtensions != null && !FileExtensions.MatchesAGivenExtension(file.FileName, acceptableFileExtensions))
{
validator.NoteErrorAndAddMessage(Translation.UnacceptableFileExtension + " " + acceptableFileExtensions.GetCommaDelimitedStringFromCollection());
// Don't bother trying to see if it's an image and parse the image. The file extension message be more detailed than the messages those errors produce.
return;
}
// Perform image-specific validation if necessary.
if (mustBeRenderableImage)
{
// Make sure it is an image according to its content type.
if (!ContentTypes.IsImageType(BlobStorageStatics.GetContentTypeForPostedFile(file)))
{
validator.NoteErrorAndAddMessage("Please upload a valid image file.");
}
else
{
// Make sure it is an image type that we understand. Also perform optional custom validation.
try {
using (var stream = new MemoryStream(file.Contents))
System.Drawing.Image.FromStream(stream);
}
catch (ArgumentException) {
// If we end up in this catch block, it means that System.Drawing.Image does not understand our image. Since we already know that our content type
// is image at this point, this usually means that the file is some sort of unsupported image format, like NEF.
validator.NoteErrorAndAddMessage("The uploaded image file is in an unsupported format.");
}
}
}
}
public static string HandleUploadedFiles(string fileUploaderIdentifier, string parameters, RsFile file)
{
return("");
}
public BlobFileManager(
int?fileCollectionId, bool requireUploadIfNoFile, Action <int> idSetter, out Action modificationMethod, BlobFileManagerSetup setup = null)
{
setup = setup ?? BlobFileManagerSetup.Create();
var file = fileCollectionId != null?BlobStorageStatics.GetFirstFileFromCollection(fileCollectionId.Value) : null;
var components = new List <FlowComponent>();
if (file != null)
{
var download = new EwfButton(
new StandardButtonStyle(Translation.DownloadExisting + " (" + file.FileName + ")", buttonSize: ButtonSize.ShrinkWrap),
behavior: new PostBackBehavior(
postBack: PostBack.CreateFull(
id: PostBack.GetCompositeId("ewfFile", file.FileId.ToString()),
actionGetter: () => {
// Refresh the file here in case a new one was uploaded on the same post-back.
return(new PostBackAction(
new PageReloadBehavior(
secondaryResponse: new SecondaryResponse(
new BlobFileResponse(BlobStorageStatics.GetFirstFileFromCollection(fileCollectionId.Value).FileId, () => true),
false))));
})));
components.Add(download);
}
else if (!setup.OmitNoExistingFileMessage)
{
components.Add(new GenericPhrasingContainer(Translation.NoExistingFile.ToComponents()));
}
RsFile uploadedFile = null;
var fileUploadDisplayedPmv = new PageModificationValue <string>();
components.AddRange(
new FileUpload(
displaySetup: fileUploadDisplayedPmv.ToCondition(bool.TrueString.ToCollection()).ToDisplaySetup(),
validationPredicate: setup.UploadValidationPredicate,
validationErrorNotifier: setup.UploadValidationErrorNotifier,
validationMethod: (postBackValue, validator) => {
if (requireUploadIfNoFile && file == null && postBackValue == null)
{
validator.NoteErrorAndAddMessage(Translation.PleaseUploadAFile);
setup.UploadValidationErrorNotifier?.Invoke();
return;
}
uploadedFile = postBackValue;
setup.UploadValidationMethod?.Invoke(postBackValue, validator);
}).ToFormItem()
.ToComponentCollection());
var fileUploadDisplayedHiddenFieldId = new HiddenFieldId();
if (file != null)
{
components.Add(
new EwfButton(
new StandardButtonStyle(Translation.ClickHereToReplaceExistingFile, buttonSize: ButtonSize.ShrinkWrap),
displaySetup: fileUploadDisplayedPmv.ToCondition(bool.FalseString.ToCollection()).ToDisplaySetup(),
behavior: new ChangeValueBehavior(fileUploadDisplayedHiddenFieldId, bool.TrueString)));
}
children = new GenericFlowContainer(
BlobManagementStatics.GetThumbnailControl(file, setup.ThumbnailResourceGetter)
.Append <FlowComponent>(new StackList(from i in components select i.ToCollection().ToComponentListItem()))
.Materialize(),
displaySetup: setup.DisplaySetup,
classes: setup.Classes,
etherealContent: new EwfHiddenField((file == null).ToString(), id: fileUploadDisplayedHiddenFieldId, pageModificationValue: fileUploadDisplayedPmv)
.PageComponent.ToCollection()).ToCollection();
modificationMethod = () => {
if (fileCollectionId == null)
{
fileCollectionId = BlobStorageStatics.SystemProvider.InsertFileCollection();
}
if (uploadedFile != null)
{
BlobStorageStatics.SystemProvider.DeleteFilesLinkedToFileCollection(fileCollectionId.Value);
BlobStorageStatics.SystemProvider.InsertFile(
fileCollectionId.Value,
uploadedFile.FileName,
uploadedFile.Contents,
BlobStorageStatics.GetContentTypeForPostedFile(uploadedFile));
}
idSetter(fileCollectionId.Value);
};
}
/// <summary>
/// Returns the content type of the given HttpPostedFile.
/// </summary>
// This implementation simply returns the media type provided by the client, which makes it vulnerable to spoofing. The only way around this is to determine
// the media type by looking at the contents of the file.
internal static string GetContentTypeForPostedFile(RsFile file)
{
return(file.ContentType);
}
/// <summary>
/// Returns the content type of the given HttpPostedFile.
/// </summary>
/// There is no such thing as an official mapping of file extentions to content types or vice versa.
/// Windows has a one-one mapping in the registry, which is how the client's (Windows) computer determines the file type.
/// Windows determines the content type through no other means than the file extension. This also means that
/// different clients can have different content types and are even able to spoof the content-type. HttpPostedFile does nothing more
/// than determine the content-type given by the client headers. Because of this, I think that would should
/// first be consulting our official mappings of file extensions to content types, and then fall back on the .NET provided method.
/// Maybe we should never be trusting the client's content-type, since it's conceivable it could lead to a buffer-overflow attack.
/// We could fall back to consulting the server's content-type mappings instead of trusting the client at all, but this is flawed too
/// since all it takes to make us determine the file to be another content-type is to change the extension.
internal static string GetContentTypeForPostedFile(RsFile file)
{
var type = ContentTypes.GetContentType(file.FileName);
return(type != String.Empty ? type : file.ContentType);
}
