Book Image

Sitecore Cookbook for Developers

By : Yogesh Patel
Book Image

Sitecore Cookbook for Developers

By: Yogesh Patel

Overview of this book

This book will get you started on building rich websites, and customizing user interfaces by creating content management applications quickly. It will give you an insight into web designs and how to customize the Sitecore architecture as per your website's requirements using best practices. Packed with over 70 recipes to help you achieve and solve real-world common tasks, requirements, and the problems of content management, content delivery, and publishing instance environments. It also presents recipes on Sitecore’s backend processes of customizing pipelines, creating custom event handler and media handler, setting hooks and more. Other topics covered include creating a workflow action, publishing sublayouts and media files, securing your environment by customizing user profiles and access rights, boosting search capabilities, optimising performance, scalability and high-availability of Sitecore instances and much more. By the end of this book, you will have be able to add virtually limitless features to your websites by developing and deploying Sitecore efficiently.
Table of Contents (20 chapters)
Sitecore Cookbook for Developers
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Index

Restricting malicious files being uploaded to the media library


Sitecore has the facility of uploading media files that does not validate the extension or MIME type of file being uploaded. This would enable an adversary to upload a malicious file to the web server and attempt to execute it. To have restrictions over this, Sitecore provides the Upload Filter tool, which allows us to restrict certain extensions. You can download it from https://goo.gl/DxnwBk. However, is only restricting extensions enough? An adversary can rename the EXE file to JPG and upload it. Here, the file is still malicious. This recipe explains how we can restrict the file from being uploaded by checking its extensions, MIME types, and magic numbers.

How to do it…

Let's see how we can secure Sitecore's upload files mechanism:

  1. In the SitecoreCookbook project, create a new UploadRestrictions class in the Pipelines folder and inherit it from Sitecore.Pipelines.Upload.UploadProcessor.

  2. Create two methods, AddRestrictedContentType...