Exe files in input controls

  • Thread starter Thread starter Matt MacDonald
  • Start date Start date
M

Matt MacDonald

Hi all,
I'm trying to have a file upload utility, and obviously, as part of that
I'm going to need <input> file controls. The problem I have is that when
the user chooses a .exe file, instead of running the submit function, the
browser automatically redirects to a "page not found" page. I'm told there
is some sort of a page directive or something that is producing this, like a
security feature. I know that uploading .exe files can be a security risk,
but I need to be able to do it anyway. I tried using the validateRequest
directive and setting it to false, but that didn't work either. Any ideas?

Thanks, Matt
 
Matt,

It isn't possible to require that users place the .exe file in a .zip or
similar?

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
 
I certainly could, but I also don't want the browser to crash whenever they
try and upload one. The problem with that is that I can't seem to find a
regular expression that will work to check the filenames ahead of time to
see if they end with anything other than .exe.
 
Matt,

The following is a regular expression that I use to make certain users are
inputting a valid windows file name. It only allows the extensions you list
at the end to add more just separate them with a pipe "|":

^(([a-zA-Z]:)|(\\{2}\w+)\$?)(\\(\w[\w].*))+(.mp3|.MP3|.mpeg|.MPEG|.m3u|.M3U)
$

Or to disallow certain file types place each type not allowed in: [^ ] and
again seperate with a pipe:

^(([a-zA-Z]:)|(\\{2}\w+)\$?)(\\(\w[\w].*))+([^.exe]|[^.EXE])$


Good luck!

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
 
S. Justin Gengo said:
Matt,

Or to disallow certain file types place each type not allowed in: [^ ] and
again seperate with a pipe:

^(([a-zA-Z]:)|(\\{2}\w+)\$?)(\\(\w[\w].*))+([^.exe]|[^.EXE])$
Click to expand...

this will not work: the re-part [^.exe] means:
"a single character, not in the list '.', 'e', 'x' "

To find an re that will work is fairly difficult. First you need to specify
where the check is done: server-side or client-side, as the re-syntax
differs a lot between those platforms (for client-side you will also need
to check on multiple browsers!)

Hans Kesting
 
Hans,

Maybe it's just in IE and / or vb.net but the expression is allowing:
c:\test.txt, but does not allow c:\test.exe


--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
Hans Kesting said:
Matt,

Or to disallow certain file types place each type not allowed in: [^ ] and
again seperate with a pipe:

^(([a-zA-Z]:)|(\\{2}\w+)\$?)(\\(\w[\w].*))+([^.exe]|[^.EXE])$
Click to expand...

this will not work: the re-part [^.exe] means:
"a single character, not in the list '.', 'e', 'x' "

To find an re that will work is fairly difficult. First you need to specify
where the check is done: server-side or client-side, as the re-syntax
differs a lot between those platforms (for client-side you will also need
to check on multiple browsers!)

Hans Kesting
Click to expand...
 
Back
Top