Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
IW15 FileUplader and GetUploadedFileMimeType
#1
Hi,
Intraweb XIV iwfileuploader demo has  the next code. 
It seems 'GetUploadedFileMimeType' is contained inm IWFileCheck.pas not present in the folder.
What is the equivalent to 'GetUploadedFileMimeType' in IW 15?
Regards, Luiz

Code:
procedure TIWForm7.IWFileUploader5AsyncUploadCompleted(Sender: TObject;
  var DestPath, FileName: string; var SaveFile, Overwrite: Boolean);
var
  CurDir: string;
  MimeType: string;
begin
  // get the app path
  CurDir := TIWAppInfo.GetAppPath;

  MimeType := GetUploadedFileMimeType;

  // save in the same application directory, with the same name of the original file. Overwrite if it already exists.
  IWFileUploader5.SaveToFile(FileName, CurDir + FileName, True);

  // Inform IWFileUploader that we are taking care of file saving ourselves
  SaveFile := False;
end;
Reply
#2
Use TIWFileUploader.CheckMimeType instead. This has been refactored and included in production code after I wrote this demo.

It will be updated.

This is some experimental code to retrieve the mime type of the uploaded file, based on a simple analysis of the uploaded file signature.

It can detect a very limited set of files based on this method:

MIME types *possibly* detected are:

'image/bmp';
'application/msword';
'application/x-msdownload';
'image/gif';
'image/x-ico';
'image/jpeg';
'audio/mpeg';
'audio/ogg';
'application/ogg';
'video/ogg';
'application/pdf';
'image/png';
'application/x-rar-compressed';
'image/tiff';
'application/x-font-ttf';
'video/x-msvideo';
'audio/wave';
'audio/x-ms-wma';
'video/x-ms-wmv';
'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
'application/zip';

Please have in mind that this is not a fail proof method. It is just a convenience to users which want to give some sort of protection, restricting the upload to some specific file types
Reply
#3
Hi. We have some data import functions in our web applications and the most commonly used one accepts .txt, .csv, .xlsx and .xls files. Currently we validate on file extension, but it would be nice to check the actual file contents as well for security reasons. So I tried the new CheckMimeType function in the AsyncUploadCompleted event handler. This is what it returns (for files that actually are what their file extension suggests):

.xlsx: 'application/zip'
.xls: 'application/msword'
.txt: ''
.csv: ''

If I compare with an online mime type checking tool (https://htmlstrip.com/mime-file-type-checker) I get

.xlsx: 'application/vnd.ms-excel'
.xls: 'application/vnd.ms-excel'
.txt: 'text/plain'
.csv: 'text/plain'

When I see your list above it is not so surprising that it fails to identify Excel files, but I make a feature request for it :-)
Reply
#4
The Excel/World/Powerpoint detection has been improved but there is no real way to detect a text file. An UTF-encoded text file can basically contain the same individual bytes as a binary file.
Reply
#5
With improved Word/Excel/PP support, I assume you mean that it will be included in the next release? For text files, I know you can't positively detect them. But I can settle with the text files not being detected as something else.
Reply
#6
Yes, it has been released already
Reply
#7
Hi. I came around to installing 15.1.9 and testing this function again. My IW application crashes after multiple Access violations when I try to use CheckMimeType(), this does not happen in 15.1.7.
Reply
#8
How are you using it?
Reply
#9
(11-27-2019, 09:11 AM)Alexandre Machado Wrote: How are you using it?

Hi Alexandre, to evaluate the function I just added a logging line to this event handler (I looked at a Github demo and saw that it seemed to be a class method, I also tried with (Sender as TIWFileUploader).CheckMimeType(), but it was the same):

Code:
procedure TBaseClientImportWebDialog.FileUploaderWebFrameFileUploaderAsyncUploadCompleted(
  Sender: TObject; var DestPath, FileName: string; var SaveFile, Overwrite: Boolean);
begin
  inherited;
  FileName := 'Import' + ExtractFileExt(FileName);
  ImportFileName := DestPath + FileName;
  ReportInformation('Mime type: ' + TIWFileUploader.CheckMimeType());
end;

In 15.1.7 I get a log entry "Mime type: application/zip" when tested on an Excel file, but in 15.1.9 (when I was hoping to test the improved Excel detection) I got as said several access violations. Also tried with a text file with the same result.
Reply
#10
Still the same in IW 15.1.10. I also tried putting the log line first in the method (before changing FileName) but that makes no difference. Even if I put a try/except block around the CheckMimeType code, this does not stop the web application from crashing. But as said, the same code works in 15.1.7 (although the mime type detection is not good for the files of interest for me).
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)