I'm auto-generating .doc files (.mht really) according to this tutorial.
Generated files work great locally but not on other computers as the file is requesting the header to be loaded from my local path instead of using the base64 version that is embedded. The main content is loading fine. Here's the generated file.
I can't find the reason for this behaviour. Any suggestions appreciated.
EDIT
Turned out that the problem was caused by unnecessary carriage return and line feed characters at the beginning of my base64 strings.
Related
I am working on a web app project to block all the file executable from file upload.
Example: user can upload, txt, png, image and video files and not any executable scripts like, Perl, Python, exe, PHP, .so, .sh files.
If it is a PHP file, then I strstr for "<?php" tag, If this tag is present, then it is PHP file. How can we find the same for other script/executable files?
Edit: Some time hackers will upload the malicious files using .png or .jpg extn, so what is the pattern to check inside the files?
Rather than making your own checks you make use of an existing library and you block everything that does not register as a desired format.
Most such libraries guess the content type and encoding of a file by looking for certain signatures or magic byte sequences at specific positions within the file.
Other libraries may be more specialised and will for example only identify image or video formats.
https://www.php.net/manual/en/intro.fileinfo.php
https://github.com/ahupp/python-magic
https://docs.python.org/3/library/imghdr.html
The file programme is a command line tool for identification of file types.
After the first pass where you identify and accept only the desired file formats you should then make all files that are not rejected go through an antivirus scanner.
Depending on you use cases you may decide to strip the original file name extension and/or even the complete file name that was provided during the upload and assign the mime-type that was detected rather than rely on user provided properties.
I am exploring PDF file format and trying to edit and manipulate its internal data. the problem is that I noticed I always get corrupted files after making any minor change to a file so I tried a very simple example to just read the pdf data and rewrite it to a new "file.pdf" without making any changes, as follows:
file = open('sample.pdf','r',encoding='ansi').read()
file_ = open('output.pdf','w').write(file)
but again I got a corrupted file (can't be opened using Adode reader) so I tried to open it using Google Chrome and it worked properly but with the font has changed to the default instead of the original font file.
I opened the input and output files and compared them using notebad++ and two files matched exactly!
I also opened the output file and copied its content and pasted it to the input file and surprisingly, it worked well, exactly as the input file.
Any ideas what is the problem?
I'm looking to remotely download and detect a file from a website, like this
http://examplewebsite.com/100/download
When viewing in my browser, this automatically downloads as the appropriate file type, 100.pdf, but sometimes it can be a .xls or .doc file. etc.
Looking at libraries available, like file-type, it only works if you already have the extension
Is this possible?
If you have the url, you can split by '.' and select the last element of your list.
The file-type library you linked in your question actually checks the source of the file to guess. It doesn't use the file extension at all.
pyinstxtractor runs to completion without problem, and then suggests to decompress the PYC to get the final .PY file (my goal)
However when I tried to use uncompyle2, uncompyle6, and plethora of other tools none of them worked. (Magic Number Mismatch!) Which means that the file outputted is not a .PYC file...
I opened the outputted file with a hex editor and I can see the source code decoded from hex however Im not able to extract that code in an efficient manner.. It's filled with .'s which should probably be spaces and indentation etc. However nothing i seem to do is able to succesffuly retrieve the source code from hex, or "PYC"
Help?
When I try to upload some files with names in UTF-8 to server. It seems that several characters is cut off. For example, Đề thi đẫm máu is stored as thi đẫm máu (Đề is lost). I also try creating new UTF-8 filenames on system. And some errors occur that those files can't be deleted or opened. (i.e. indexá.php)
I found that this file is stored correctly in root. So it could be an error of display on admin control panel.
How could I fixed this?