private static SavedFileDTO SaveFile( Stream stream, PortalSettings portalSettings, UserInfo userInfo, string folder, string filter, string fileName, bool overwrite, bool isHostMenu, bool extract, out bool alreadyExists, out string errorMessage) { alreadyExists = false; var savedFileDto = new SavedFileDTO(); try { var extension = Path.GetExtension(fileName).TextOrEmpty().Replace(".", ""); if (!string.IsNullOrEmpty(filter) && !filter.ToLower().Contains(extension.ToLower())) { errorMessage = GetLocalizedString("ExtensionNotAllowed"); return savedFileDto; } if (!IsAllowedExtension(extension)) { errorMessage = GetLocalizedString("ExtensionNotAllowed"); return savedFileDto; } var folderManager = FolderManager.Instance; // Check if this is a User Folder var effectivePortalId = isHostMenu ? Null.NullInteger : PortalController.GetEffectivePortalId(portalSettings.PortalId); int userId; var folderInfo = folderManager.GetFolder(effectivePortalId, folder); if (IsUserFolder(folder, out userId)) { var user = UserController.GetUserById(effectivePortalId, userId); if (user != null) { folderInfo = folderManager.GetUserFolder(user); } } if (!PortalSecurity.IsInRoles(userInfo, portalSettings, folderInfo.FolderPermissions.ToString("WRITE")) && !PortalSecurity.IsInRoles(userInfo, portalSettings, folderInfo.FolderPermissions.ToString("ADD"))) { errorMessage = GetLocalizedString("NoPermission"); return savedFileDto; } if (!overwrite && FileManager.Instance.FileExists(folderInfo, fileName, true)) { errorMessage = GetLocalizedString("AlreadyExists"); alreadyExists = true; savedFileDto.FilePath = Path.Combine(folderInfo.PhysicalPath, fileName); return savedFileDto; } var file = FileManager.Instance.AddFile(folderInfo, fileName, stream, true, false, FileManager.Instance.GetContentType(Path.GetExtension(fileName)), userInfo.UserID); if (extract && extension.ToLower() == "zip") { FileManager.Instance.UnzipFile(file); FileManager.Instance.DeleteFile(file); } errorMessage = ""; savedFileDto.FileId = file.FileId.ToString(); savedFileDto.FilePath = Path.Combine(folderInfo.PhysicalPath, fileName); return savedFileDto; } catch (Exception ex) { Logger.Error(ex.Message); errorMessage = ex.Message; return savedFileDto; } }
private static SavedFileDTO SaveFile( Stream stream, PortalSettings portalSettings, UserInfo userInfo, string folder, string filter, string fileName, bool overwrite, bool isHostMenu, bool extract, out bool alreadyExists, out string errorMessage) { alreadyExists = false; var savedFileDto = new SavedFileDTO(); try { var extension = Path.GetExtension(fileName).TextOrEmpty().Replace(".", ""); if (!string.IsNullOrEmpty(filter) && !filter.ToLower().Contains(extension.ToLower())) { errorMessage = GetLocalizedString("ExtensionNotAllowed"); return(savedFileDto); } if (!IsAllowedExtension(extension)) { errorMessage = GetLocalizedString("ExtensionNotAllowed"); return(savedFileDto); } var folderManager = FolderManager.Instance; // Check if this is a User Folder var effectivePortalId = isHostMenu ? Null.NullInteger : PortalController.GetEffectivePortalId(portalSettings.PortalId); int userId; var folderInfo = folderManager.GetFolder(effectivePortalId, folder); if (IsUserFolder(folder, out userId)) { var user = UserController.GetUserById(effectivePortalId, userId); if (user != null) { folderInfo = folderManager.GetUserFolder(user); } } if (!PortalSecurity.IsInRoles(userInfo, portalSettings, folderInfo.FolderPermissions.ToString("WRITE")) && !PortalSecurity.IsInRoles(userInfo, portalSettings, folderInfo.FolderPermissions.ToString("ADD"))) { errorMessage = GetLocalizedString("NoPermission"); return(savedFileDto); } // FIX DNN-5917 fileName = SanitizeFileName(fileName); // END FIX if (!overwrite && FileManager.Instance.FileExists(folderInfo, fileName, true)) { errorMessage = GetLocalizedString("AlreadyExists"); alreadyExists = true; savedFileDto.FilePath = Path.Combine(folderInfo.PhysicalPath, fileName); return(savedFileDto); } var file = FileManager.Instance.AddFile(folderInfo, fileName, stream, true, false, FileManager.Instance.GetContentType(Path.GetExtension(fileName)), userInfo.UserID); if (extract && extension.ToLower() == "zip") { FileManager.Instance.UnzipFile(file); FileManager.Instance.DeleteFile(file); } errorMessage = ""; savedFileDto.FileId = file.FileId.ToString(CultureInfo.InvariantCulture); savedFileDto.FilePath = FileManager.Instance.GetUrl(file); return(savedFileDto); } catch (Exception ex) { Logger.Error(ex.Message); errorMessage = ex.Message; return(savedFileDto); } }
public Task<HttpResponseMessage> PostFile() { HttpRequestMessage request = Request; if (!request.Content.IsMimeMultipartContent()) { throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType); } var provider = new MultipartMemoryStreamProvider(); // local references for use in closure var portalSettings = PortalSettings; var currentSynchronizationContext = SynchronizationContext.Current; var userInfo = UserInfo; var task = request.Content.ReadAsMultipartAsync(provider) .ContinueWith(o => { string folder = string.Empty; string filter = string.Empty; string fileName = string.Empty; bool overwrite = false; bool isHostMenu = false; bool extract = false; Stream stream = null; var returnFileDto = new SavedFileDTO(); foreach (var item in provider.Contents) { var name = item.Headers.ContentDisposition.Name; switch (name.ToUpper()) { case "\"FOLDER\"": folder = item.ReadAsStringAsync().Result ?? ""; break; case "\"FILTER\"": filter = item.ReadAsStringAsync().Result ?? ""; break; case "\"OVERWRITE\"": bool.TryParse(item.ReadAsStringAsync().Result, out overwrite); break; case "\"ISHOSTMENU\"": bool.TryParse(item.ReadAsStringAsync().Result, out isHostMenu); break; case "\"EXTRACT\"": bool.TryParse(item.ReadAsStringAsync().Result, out extract); break; case "\"POSTFILE\"": fileName = item.Headers.ContentDisposition.FileName.Replace("\"", ""); if (fileName.IndexOf("\\", StringComparison.Ordinal) != -1) { fileName = Path.GetFileName(fileName); } stream = item.ReadAsStreamAsync().Result; break; } } var errorMessage = ""; var alreadyExists = false; if (!string.IsNullOrEmpty(fileName) && stream != null) { // Everything ready // The SynchronizationContext keeps the main thread context. Send method is synchronous currentSynchronizationContext.Send( delegate { returnFileDto = SaveFile(stream, portalSettings, userInfo, folder, filter, fileName, overwrite, isHostMenu, extract, out alreadyExists, out errorMessage); },null ); } /* Response Content Type cannot be application/json * because IE9 with iframe-transport manages the response * as a file download */ var mediaTypeFormatter = new JsonMediaTypeFormatter(); mediaTypeFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/plain")); if (!string.IsNullOrEmpty(errorMessage)) { return Request.CreateResponse( HttpStatusCode.BadRequest, new { AlreadyExists = alreadyExists, Message = string.Format(GetLocalizedString("ErrorMessage"), fileName, errorMessage) }, mediaTypeFormatter, "text/plain"); } var root = AppDomain.CurrentDomain.BaseDirectory; returnFileDto.FilePath = returnFileDto.FilePath.Replace(root, "~/"); returnFileDto.FilePath = VirtualPathUtility.ToAbsolute(returnFileDto.FilePath); return Request.CreateResponse(HttpStatusCode.OK, returnFileDto, mediaTypeFormatter, "text/plain"); }); return task; }
public Task <HttpResponseMessage> PostFile() { HttpRequestMessage request = Request; if (!request.Content.IsMimeMultipartContent()) { throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType); } var provider = new MultipartMemoryStreamProvider(); // local references for use in closure var portalSettings = PortalSettings; var currentSynchronizationContext = SynchronizationContext.Current; var userInfo = UserInfo; var task = request.Content.ReadAsMultipartAsync(provider) .ContinueWith(o => { string folder = string.Empty; string filter = string.Empty; string fileName = string.Empty; bool overwrite = false; bool isHostMenu = false; bool extract = false; Stream stream = null; var returnFileDto = new SavedFileDTO(); foreach (var item in provider.Contents) { var name = item.Headers.ContentDisposition.Name; switch (name.ToUpper()) { case "\"FOLDER\"": folder = item.ReadAsStringAsync().Result ?? ""; break; case "\"FILTER\"": filter = item.ReadAsStringAsync().Result ?? ""; break; case "\"OVERWRITE\"": bool.TryParse(item.ReadAsStringAsync().Result, out overwrite); break; case "\"ISHOSTMENU\"": bool.TryParse(item.ReadAsStringAsync().Result, out isHostMenu); break; case "\"EXTRACT\"": bool.TryParse(item.ReadAsStringAsync().Result, out extract); break; case "\"POSTFILE\"": fileName = item.Headers.ContentDisposition.FileName.Replace("\"", ""); if (fileName.IndexOf("\\", StringComparison.Ordinal) != -1) { fileName = Path.GetFileName(fileName); } stream = item.ReadAsStreamAsync().Result; break; } } var errorMessage = ""; var alreadyExists = false; if (!string.IsNullOrEmpty(fileName) && stream != null) { // Everything ready // The SynchronizationContext keeps the main thread context. Send method is synchronous currentSynchronizationContext.Send( delegate { returnFileDto = SaveFile(stream, portalSettings, userInfo, folder, filter, fileName, overwrite, isHostMenu, extract, out alreadyExists, out errorMessage); }, null ); } /* Response Content Type cannot be application/json * because IE9 with iframe-transport manages the response * as a file download */ var mediaTypeFormatter = new JsonMediaTypeFormatter(); mediaTypeFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/plain")); if (!string.IsNullOrEmpty(errorMessage)) { return(Request.CreateResponse( HttpStatusCode.BadRequest, new { AlreadyExists = alreadyExists, Message = string.Format(GetLocalizedString("ErrorMessage"), fileName, errorMessage) }, mediaTypeFormatter, "text/plain")); } return(Request.CreateResponse(HttpStatusCode.OK, returnFileDto, mediaTypeFormatter, "text/plain")); }); return(task); }