<% Dim url,strUrl,strPath url = Replace(Replace(Replace(Request("url"), "'", ""), "%", ""), "\", "/") //首先先进行一些字符的替换,'换成空,%也换成空,\换成/ If Len(url) > 3 Then If Left(url,1) = "/" Then Response.Redirect url //如果用户提交的url第一个字符是/,那直接转向url End If If Left(url,3) = "../" Then Response.Redirect url //同上,意思就是不给你用../跳转目录 End If strUrl = Left(url,10) If InStr(strUrl, "://") > 0 Then //这个,汗·~~://不懂干什么用的 Response.Redirect url End If If InStr(url, "/") > 0 Then strPath = Server.MapPath(".") & "\" & url //补充物理地址了 strPath = Replace(strPath, "/", "\") //替换/为\呢 Call downThisFile(strPath) //HOHO~~开始下载了 Else Response.Redirect url End If End If Sub downThisFile(thePath) Response.Clear On Error Resume Next Dim stream, fileName, fileContentType fileName = split(thePath,"\")(UBound(split(thePath,"\"))) Set stream =...
<% Dim url,strUrl,strPath url = Replace(Replace(Replace(Request("url"), "'", ""), "%", ""), "\", "/") //首先先进行一些字符的替换,'换成空,%也换成空,\换成/ If Len(url) > 3 Then If Left(url,1) = "/" Then Response.Redirect url //如果用户提交的url第一个字符是/,那直接转向url End If If Left(url,3) = "../" Then Response.Redirect url //同上,意思就是不给你用../跳转目录 End If strUrl = Left(url,10) If InStr(strUrl, "://") > 0 Then //这个,汗·~~://不懂干什么用的 Response.Redirect url End If If InStr(url, "/") > 0 Then strPath = Server.MapPath(".") & "\" & url //补充物理地址了 strPath = Replace(strPath, "/", "\") //替换/为\呢 Call downThisFile(strPath) //HOHO~~开始下载了 Else Response.Redirect url End If End If Sub downThisFile(thePath) Response.Clear On Error Resume Next Dim stream, fileName, fileContentType fileName = split(thePath,"\")(UBound(split(thePath,"\"))) Set stream = Server.CreateObject("adodb.stream") stream.Open stream.Type = 1 stream.LoadFromFile(thePath) Response.AddHeader "Content-Disposition", "attachment; filename=" & fileName Response.AddHeader "Content-Length", stream.Size Response.Charset = "UTF-8" Response.ContentType = "application/octet-stream" Response.BinaryWrite stream.Read Response.Flush stream.Close Set stream = Nothing End Sub %> ACCESS和SQL版 暂无
