add html, htm and cshtml, and extensionless to default upload extensi…

…on blacklist

src/Serenity.Net.Core/ComponentModel/Upload/IUploadFileConstraints.cs

@@ -1,4 +1,4 @@
-namespace Serenity.ComponentModel;
+namespace Serenity.ComponentModel;
 
 /// <summary>
 /// Constraints of the uploaded file size.
@@ -21,7 +21,7 @@ public interface IUploadFileConstraints : IUploadOptions
 
     /// <summary>
     /// Contains extensions that are considered dangerous / disallowed.
-    /// Default is ".asax;.compiled;.ascx;.asmx;.aspx;.bat;.cmd;.com;.config;.dll;.jar;.jsp;.htaccess;.htpasswd;.lnk;.php;.ps1;.vbe;.vbs"
+    /// Default is ".;.asax;.compiled;.ascx;.asmx;.aspx;.bat;.cmd;.com;.config;.cshtml;.dll;.jar;.jsp;.htaccess;.htpasswd;.html;.htm;.lnk;.php;.ps1;.vbe;.vbs"
     /// </summary>
     public string? ExtensionBlacklist { get; }
 

src/Serenity.Net.Core/ComponentModel/Upload/UploadOptions.cs

@@ -1,4 +1,4 @@
-using Serenity.Web;
+using Serenity.Web;
 
 namespace Serenity.ComponentModel;
 
@@ -99,8 +99,8 @@ public class UploadOptions : IUploadFileConstraints, IUploadFileOptions, IUpload
     /// <summary>
     /// Default list of blacklisted extensions;
     /// </summary>
-    public const string DefaultExtensionBlacklist = ".asax;.compiled;.ascx;.asmx;.aspx;.bat;.cmd;.com;.config;" +
-        ".dll;.jar;.jsp;.htaccess;.htpasswd;.lnk;.php;.ps1;.vbe;.vbs";
+    public const string DefaultExtensionBlacklist = ".;.asax;.compiled;.ascx;.asmx;.aspx;.bat;.cmd;.com;.config;.cshtml;" +
+        ".dll;.jar;.jsp;.htm;.html;.htaccess;.htpasswd;.lnk;.php;.ps1;.vbe;.vbs";
 
     /// <inheritdoc/>
     public string? ExtensionBlacklist { get; set; }

src/Serenity.Net.Services/Upload/DefaultUploadValidator.cs

@@ -1,4 +1,4 @@
-using System.IO;
+using System.IO;
 
 namespace Serenity.Web;
 
@@ -39,11 +39,12 @@ public void ValidateFile(IUploadFileConstraints constraints,
             throw new ArgumentNullException(nameof(filename));
 
         isImageExtension = false;
-        var fileExtension = Path.GetExtension(filename);
-
+        var fileExtension = Path.GetExtension(filename);
+
         if ((constraints.ExtensionBlacklist ?? UploadOptions.DefaultExtensionBlacklist)
             .Split(new char[] { ',', ';' }, StringSplitOptions.RemoveEmptyEntries)
-            .Any(x => string.Equals(x.Trim(), fileExtension, StringComparison.OrdinalIgnoreCase)))
+            .Any(x => string.Equals(x.Trim(), fileExtension, StringComparison.OrdinalIgnoreCase) ||
+                (x.Trim() == "." && string.IsNullOrEmpty(fileExtension))))
             throw new ValidationError(string.Format(CultureInfo.CurrentCulture,
                 UploadTexts.Controls.ImageUpload.ExtensionBlacklisted.ToString(localizer),
                 fileExtension));