private const string picturePath = "~/XML/Pic.xml";
[HttpPost]
public ActionResult AddImage(HttpPostedFileBase[] photo)
{
foreach (var item in photo)
{
if (item!=null)
{
var extention = Path.GetExtension(item.FileName);
if (extention == ".aspx" || extention == ".html" || extention == ".exe" || extention == ".asp" || extention == ".jsp" || extention == ".js" || extention == ".htm" || extention == ".php")
{
return Content("");
}
item.SaveAs(Server.MapPath("~/images/" + Path.GetFileName(item.FileName)));
XElement xe = XElement.Load(Server.MapPath(picturePath));
XElement element = new XElement(XName.Get("img"));
element.SetElementValue("id", DateTime.Now.ToString("yyyyMMddhhmmssfff"));
element.SetElementValue("title", Path.GetFileName(item.FileName));
element.SetElementValue("path", "/images/" + Path.GetFileName(item.FileName));
xe.Add(element);
xe.Save(Server.MapPath(picturePath));
}
}
return RedirectToAction("Index","Home");
}