帮忙修复asp上传的bug
帮忙修复一个一个asp的bug,这个上传限制了上传类型,gif,jpg,bmp,jpeg,png,但是还可以上传asp的文件,请问如何修复他,这个上传指定的路径是/upimg/files/small/ ,
利用 这样的语句
Content-Disposition: form-data; name="file1";
filename="E:xxxxxxxx./../okokok/111.asp;.gif"
就能够上传别的目录上,请问如何修复?
<!--#include file="conn.asp" -->
<!--#include file="checklogin.asp" -->
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="images/css.css" rel="stylesheet" type="text/css">
<!--#include file="ul.inc"-->
<%dim ok9
ok9=0
Set Upload = New UpFile_Class
Upload.InceptFileType = "gif,jpg,bmp,jpeg,png"
Upload.MaxSize = 102400 '--100kb
Upload.GetDate()
If Upload.Err > 0 Then
Select Case Upload.Err
Case 1 : Response.Write "请先选择你要上传的文件 [ <a href=# onclick=history.go(-1)>重新上传</a> ]"
Case 2 : Response.Write "图片大小超过了限制 "&Dvbbs.Forum_Setting(56)&"K [ <a href=# onclick=history.go(-1)>重新上传</a> ]"
Case 3 : Response.Write "所上传类型不正确 [ <a href=# onclick=history.go(-1)>重新上传</a> ]"
End Select
Else
FormPath=Upload.Form("filepath")
For Each FormName in Upload.file
Set File = Upload.File(FormName)
If File.Filesize<1 Then
Response.Write "请先选择你要上传的图片 [ <a href=# onclick=history.go(-1)>重新上传</a> ]"
End If
FileExt= FixName(File.FileExt)
If Not ( CheckFileExt(FileExt) and CheckFileType(File.FileType) ) Then
Response.Write "文件格式不正确 [ <a href=# onclick=history.go(-1)>重新上传</a> ]"
End If
FileName=FormPath&UserFaceName(FileExt)
If File.FileSize>0 Then
ok9=1
File.SaveToFile Server.mappath(FileName)
'--生成缩略图---------------
'sSmallPath = BuildSmallPic(FileName,"_small","helppic", 40, 40)
response.write "<script>window.opener.document."&upload.form("FormName")&"."&upload.form("EditName")&".value='"&FileName&"'</script>"
conn.execute("update A_user set pic='"&FileName&"' where uname='"&session("username")&"'")
Response.Write "<script language=""javascript"">window.alert(""头像上传成功!"");window.location.href ='/Main.asp';</script>"
End If
Set File=Nothing
Next
End If
Set Upload=Nothing
if ok9=1 then
else
Response.Write "<script language=""javascript"">window.alert(""上传图片出错,请重新选择图片!"");history.go(-1);</script>"
end if
Private Function CheckFileExt(FileExt)
Dim ForumUpload,i
ForumUpload="gif,jpg,bmp,jpeg,png"
ForumUpload=Split(ForumUpload,",")
CheckFileExt=False
For i=0 to UBound(ForumUpload)
If LCase(FileExt)=Lcase(Trim(ForumUpload(i))) Then
CheckFileExt=True
Exit Function
End If
Next
End Function
Function FixName(UpFileExt)
If IsEmpty(UpFileExt) Then Exit Function
FixName = Lcase(UpFileExt)
FixName = Replace(FixName,Chr(0),"")
FixName = Replace(FixName,".","")
FixName = Replace(FixName,"asp","")
FixName = Replace(FixName,"asa","")
FixName = Replace(FixName,"aspx","")
FixName = Replace(FixName,"cer","")
FixName = Replace(FixName,"cdx","")
FixName = Replace(FixName,"htr","")
End Function
Private Function UserFaceName(FileExt)
Randomize
RanNum = Int(90000*rnd)+10000
UserFaceName = UserID&Year(now)&Month(now)&Day(now)&Hour(now)&Minute(now)&Second(now)&RanNum&"."&FileExt
End Function
Private Function CheckFileType(FileType)
CheckFileType = False
If Left(Cstr(Lcase(Trim(FileType))),6)="image/" Then CheckFileType = True
End Function
%>
<%
'功能:按照指定图片生成缩略图
'注意:以下提到的“路径”都是值相对于调用本函数的文件的相对路径
'参数:
' s_OriginalPath: 原图片路径 例:images/image1.gif
' s_BuildBasePath: 生成图片的基路径,不论是否以“/”结尾均可 例:images或images/
' n_MaxWidth: 生成图片最大宽度
' 如果在前台显示的缩略图是 100*100,这里 n_MaxWidth=100,n_MaxHeight=100.
' n_MaxHeight: 生成图片最大高度
'返回值:
' 返回生成后的缩略图的路径
'错误处理:
' 如果函数执行过程中出现错误,将返回错误代码,错误代码以 “Error”开头
' Error_01:创建AspJpeg组件失败,没有正确安装注册该组件
' Error_02:原图片不存在,检查s_OriginalPath参数传入值
' Error_03:缩略图存盘失败.可能原因:缩略图保存基地址不存在,检查s_OriginalPath参数传入值;对目录没有写权限;磁盘空间不足
' Error_Other:未知错误
'调用例子:
' Dim sSmallPath '缩略图路径
' sSmallPath = BuildSmallPic("images/image1.gif","_small","images", 100, 100)
'================================================================
Function BuildSmallPic(s_OriginalPath, fileex,s_BuildBasePath, n_MaxWidth, n_MaxHeight)
Err.Clear
On Error Resume Next
'检查组件是否已经注册
Dim AspJpeg
Set AspJpeg = Server.Createobject("Persits.Jpeg")
If Err.Number <> 0 Then
Err.Clear
BuildSmallPic = "Error_01"
Exit Function
End If
'检查原图片是否存在
Dim s_MapOriginalPath
s_MapOriginalPath = Server.MapPath(s_OriginalPath)
AspJpeg.Open s_MapOriginalPath '打开原图片
If Err.Number <> 0 Then
Err.Clear
BuildSmallPic = "Error_02"
Exit Function
End If
'按比例取得缩略图宽度和高度
Dim n_OriginalWidth, n_OriginalHeight '原图片宽度、高度
Dim n_BuildWidth, n_BuildHeight '缩略图宽度、高度
Dim div1, div2
Dim n1, n2
n_OriginalWidth = AspJpeg.Width
n_OriginalHeight = AspJpeg.Height
div1 = n_OriginalWidth / n_OriginalHeight
div2 = n_OriginalHeight / n_OriginalWidth
n1 = 0
n2 = 0
If n_OriginalWidth > n_MaxWidth Then
n1 = n_OriginalWidth / n_MaxWidth
Else
n_BuildWidth = n_OriginalWidth
End If
If n_OriginalHeight > n_MaxHeight Then
n2 = n_OriginalHeight / n_MaxHeight
Else
n_BuildHeight = n_OriginalHeight
End If
If n1 <> 0 Or n2 <> 0 Then
If n1 > n2 Then
n_BuildWidth = n_MaxWidth
n_BuildHeight = n_MaxWidth * div2
Else
n_BuildWidth = n_MaxHeight * div1
n_BuildHeight = n_MaxHeight
End If
End If
'指定宽度和高度生成
AspJpeg.Width = n_BuildWidth
AspJpeg.Height = n_BuildHeight
'--将缩略图存盘开始--
Dim pos, s_OriginalFileName, s_OriginalFileExt '位置、原文件名、原文件扩展名
pos = InStrRev(s_OriginalPath, "/") + 1
s_OriginalFileName = Mid(s_OriginalPath, pos)
pos = InStrRev(s_OriginalFileName, ".")
s_OriginalFileExt = Mid(s_OriginalFileName, pos)
Dim s_MapBuildBasePath, s_MapBuildPath, s_BuildFileName '缩略图绝对路径、缩略图文件名
Dim s_EndFlag '小图片文件名结尾标识 例: 如果大图片文件名是“image1.gif”,结尾标识是“_small”,那么小图片文件名就是“image1_small.gif”
If Right(s_BuildBasePath, 1) <> "/" Then s_BuildBasePath = s_BuildBasePath & "/"
s_MapBuildBasePath = Server.MapPath(s_BuildBasePath)
s_EndFlag = fileex '可以自定义,只要能区别大小图片即可
s_BuildFileName = Replace(s_OriginalFileName, s_OriginalFileExt, "") & s_EndFlag & s_OriginalFileExt
s_MapBuildPath = s_MapBuildBasePath & "\" & s_BuildFileName
AspJpeg.Save s_MapBuildPath '保存
If Err.Number <> 0 Then
Err.Clear
BuildSmallPic = "Error_03"
Exit Function
End If
'--将缩略图存盘结束--
'注销实例
Set AspJpeg = Nothing
If Err.Number <> 0 Then
BuildSmallPic = "Error_Other"
Err.Clear
End If
BuildSmallPic = s_BuildBasePath & s_BuildFileName
End Function
%>
[解决办法]
最简单的办法,检测文件名中是不是含有“.asp”,有的话,禁止上传。