1 | <%
|
---|
2 | ' FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
---|
3 | ' Copyright (C) 2003-2009 Frederico Caldeira Knabben
|
---|
4 | '
|
---|
5 | ' == BEGIN LICENSE ==
|
---|
6 | '
|
---|
7 | ' Licensed under the terms of any of the following licenses at your
|
---|
8 | ' choice:
|
---|
9 | '
|
---|
10 | ' - GNU General Public License Version 2 or later (the "GPL")
|
---|
11 | ' http://www.gnu.org/licenses/gpl.html
|
---|
12 | '
|
---|
13 | ' - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
---|
14 | ' http://www.gnu.org/licenses/lgpl.html
|
---|
15 | '
|
---|
16 | ' - Mozilla Public License Version 1.1 or later (the "MPL")
|
---|
17 | ' http://www.mozilla.org/MPL/MPL-1.1.html
|
---|
18 | '
|
---|
19 | ' == END LICENSE ==
|
---|
20 | '
|
---|
21 | ' These are the classes used to handle ASP upload without using third
|
---|
22 | ' part components (OCX/DLL).
|
---|
23 | %>
|
---|
24 | <%
|
---|
25 | '**********************************************
|
---|
26 | ' File: NetRube_Upload.asp
|
---|
27 | ' Version: NetRube Upload Class Version 2.3 Build 20070528
|
---|
28 | ' Author: NetRube
|
---|
29 | ' Email: NetRube@126.com
|
---|
30 | ' Date: 05/28/2007
|
---|
31 | ' Comments: The code for the Upload.
|
---|
32 | ' This can free usage, but please
|
---|
33 | ' not to delete this copyright information.
|
---|
34 | ' If you have a modification version,
|
---|
35 | ' Please send out a duplicate to me.
|
---|
36 | '**********************************************
|
---|
37 | ' 文件名: NetRube_Upload.asp
|
---|
38 | ' 版本: NetRube Upload Class Version 2.3 Build 20070528
|
---|
39 | ' 作者: NetRube(网络乡巴佬)
|
---|
40 | ' 电子邮件: NetRube@126.com
|
---|
41 | ' 日期: 2007年05月28日
|
---|
42 | ' 声明: 文件上传类
|
---|
43 | ' 本上传类可以自由使用,但请保留此版权声明信息
|
---|
44 | ' 如果您对本上传类进行修改增强,
|
---|
45 | ' 请发送一份给俺。
|
---|
46 | '**********************************************
|
---|
47 |
|
---|
48 | Class NetRube_Upload
|
---|
49 |
|
---|
50 | Public File, Form
|
---|
51 | Private oSourceData
|
---|
52 | Private nMaxSize, nErr, sAllowed, sDenied, sHtmlExtensions
|
---|
53 |
|
---|
54 | Private Sub Class_Initialize
|
---|
55 | nErr = 0
|
---|
56 | nMaxSize = 1048576
|
---|
57 |
|
---|
58 | Set File = Server.CreateObject("Scripting.Dictionary")
|
---|
59 | File.CompareMode = 1
|
---|
60 | Set Form = Server.CreateObject("Scripting.Dictionary")
|
---|
61 | Form.CompareMode = 1
|
---|
62 |
|
---|
63 | Set oSourceData = Server.CreateObject("ADODB.Stream")
|
---|
64 | oSourceData.Type = 1
|
---|
65 | oSourceData.Mode = 3
|
---|
66 | oSourceData.Open
|
---|
67 | End Sub
|
---|
68 |
|
---|
69 | Private Sub Class_Terminate
|
---|
70 | Form.RemoveAll
|
---|
71 | Set Form = Nothing
|
---|
72 | File.RemoveAll
|
---|
73 | Set File = Nothing
|
---|
74 |
|
---|
75 | oSourceData.Close
|
---|
76 | Set oSourceData = Nothing
|
---|
77 | End Sub
|
---|
78 |
|
---|
79 | Public Property Get Version
|
---|
80 | Version = "NetRube Upload Class Version 2.3 Build 20070528"
|
---|
81 | End Property
|
---|
82 |
|
---|
83 | Public Property Get ErrNum
|
---|
84 | ErrNum = nErr
|
---|
85 | End Property
|
---|
86 |
|
---|
87 | Public Property Let MaxSize(nSize)
|
---|
88 | nMaxSize = nSize
|
---|
89 | End Property
|
---|
90 |
|
---|
91 | Public Property Let Allowed(sExt)
|
---|
92 | sAllowed = sExt
|
---|
93 | End Property
|
---|
94 |
|
---|
95 | Public Property Let Denied(sExt)
|
---|
96 | sDenied = sExt
|
---|
97 | End Property
|
---|
98 |
|
---|
99 | Public Property Let HtmlExtensions(sExt)
|
---|
100 | sHtmlExtensions = sExt
|
---|
101 | End Property
|
---|
102 |
|
---|
103 | Public Sub GetData
|
---|
104 | Dim aCType
|
---|
105 | aCType = Split(Request.ServerVariables("HTTP_CONTENT_TYPE"), ";")
|
---|
106 | if ( uBound(aCType) < 0 ) then
|
---|
107 | nErr = 1
|
---|
108 | Exit Sub
|
---|
109 | end if
|
---|
110 | If aCType(0) <> "multipart/form-data" Then
|
---|
111 | nErr = 1
|
---|
112 | Exit Sub
|
---|
113 | End If
|
---|
114 |
|
---|
115 | Dim nTotalSize
|
---|
116 | nTotalSize = Request.TotalBytes
|
---|
117 | If nTotalSize < 1 Then
|
---|
118 | nErr = 2
|
---|
119 | Exit Sub
|
---|
120 | End If
|
---|
121 | If nMaxSize > 0 And nTotalSize > nMaxSize Then
|
---|
122 | nErr = 3
|
---|
123 | Exit Sub
|
---|
124 | End If
|
---|
125 |
|
---|
126 | 'Thankful long(yrl031715@163.com)
|
---|
127 | 'Fix upload large file.
|
---|
128 | '**********************************************
|
---|
129 | ' 修正作者:long
|
---|
130 | ' 联系邮件: yrl031715@163.com
|
---|
131 | ' 修正时间:2007年5月6日
|
---|
132 | ' 修正说明:由于iis6的Content-Length 头信息中包含的请求长度超过了 AspMaxRequestEntityAllowed 的值(默认200K), IIS 将返回一个 403 错误信息.
|
---|
133 | ' 直接导致在iis6下调试FCKeditor上传功能时,一旦文件超过200K,上传文件时文件管理器失去响应,受此影响,文件的快速上传功能也存在在缺陷。
|
---|
134 | ' 在参考 宝玉 的 Asp无组件上传带进度条 演示程序后作出如下修改,以修正在iis6下的错误。
|
---|
135 |
|
---|
136 | Dim nTotalBytes, nPartBytes, ReadBytes
|
---|
137 | ReadBytes = 0
|
---|
138 | nTotalBytes = Request.TotalBytes
|
---|
139 | '循环分块读取
|
---|
140 | Do While ReadBytes < nTotalBytes
|
---|
141 | '分块读取
|
---|
142 | nPartBytes = 64 * 1024 '分成每块64k
|
---|
143 | If nPartBytes + ReadBytes > nTotalBytes Then
|
---|
144 | nPartBytes = nTotalBytes - ReadBytes
|
---|
145 | End If
|
---|
146 | oSourceData.Write Request.BinaryRead(nPartBytes)
|
---|
147 | ReadBytes = ReadBytes + nPartBytes
|
---|
148 | Loop
|
---|
149 | '**********************************************
|
---|
150 | oSourceData.Position = 0
|
---|
151 |
|
---|
152 | Dim oTotalData, oFormStream, sFormHeader, sFormName, bCrLf, nBoundLen, nFormStart, nFormEnd, nPosStart, nPosEnd, sBoundary
|
---|
153 |
|
---|
154 | oTotalData = oSourceData.Read
|
---|
155 | bCrLf = ChrB(13) & ChrB(10)
|
---|
156 | sBoundary = MidB(oTotalData, 1, InStrB(1, oTotalData, bCrLf) - 1)
|
---|
157 | nBoundLen = LenB(sBoundary) + 2
|
---|
158 | nFormStart = nBoundLen
|
---|
159 |
|
---|
160 | Set oFormStream = Server.CreateObject("ADODB.Stream")
|
---|
161 |
|
---|
162 | Do While (nFormStart + 2) < nTotalSize
|
---|
163 | nFormEnd = InStrB(nFormStart, oTotalData, bCrLf & bCrLf) + 3
|
---|
164 |
|
---|
165 | With oFormStream
|
---|
166 | .Type = 1
|
---|
167 | .Mode = 3
|
---|
168 | .Open
|
---|
169 | oSourceData.Position = nFormStart
|
---|
170 | oSourceData.CopyTo oFormStream, nFormEnd - nFormStart
|
---|
171 | .Position = 0
|
---|
172 | .Type = 2
|
---|
173 | .CharSet = "UTF-8"
|
---|
174 | sFormHeader = .ReadText
|
---|
175 | .Close
|
---|
176 | End With
|
---|
177 |
|
---|
178 | nFormStart = InStrB(nFormEnd, oTotalData, sBoundary) - 1
|
---|
179 | nPosStart = InStr(22, sFormHeader, " name=", 1) + 7
|
---|
180 | nPosEnd = InStr(nPosStart, sFormHeader, """")
|
---|
181 | sFormName = Mid(sFormHeader, nPosStart, nPosEnd - nPosStart)
|
---|
182 |
|
---|
183 | If InStr(45, sFormHeader, " filename=", 1) > 0 Then
|
---|
184 | Set File(sFormName) = New NetRube_FileInfo
|
---|
185 | File(sFormName).FormName = sFormName
|
---|
186 | File(sFormName).Start = nFormEnd
|
---|
187 | File(sFormName).Size = nFormStart - nFormEnd - 2
|
---|
188 | nPosStart = InStr(nPosEnd, sFormHeader, " filename=", 1) + 11
|
---|
189 | nPosEnd = InStr(nPosStart, sFormHeader, """")
|
---|
190 | File(sFormName).ClientPath = Mid(sFormHeader, nPosStart, nPosEnd - nPosStart)
|
---|
191 | File(sFormName).Name = Mid(File(sFormName).ClientPath, InStrRev(File(sFormName).ClientPath, "\") + 1)
|
---|
192 | File(sFormName).Ext = LCase(Mid(File(sFormName).Name, InStrRev(File(sFormName).Name, ".") + 1))
|
---|
193 | nPosStart = InStr(nPosEnd, sFormHeader, "Content-Type: ", 1) + 14
|
---|
194 | nPosEnd = InStr(nPosStart, sFormHeader, vbCr)
|
---|
195 | File(sFormName).MIME = Mid(sFormHeader, nPosStart, nPosEnd - nPosStart)
|
---|
196 | Else
|
---|
197 | With oFormStream
|
---|
198 | .Type = 1
|
---|
199 | .Mode = 3
|
---|
200 | .Open
|
---|
201 | oSourceData.Position = nFormEnd
|
---|
202 | oSourceData.CopyTo oFormStream, nFormStart - nFormEnd - 2
|
---|
203 | .Position = 0
|
---|
204 | .Type = 2
|
---|
205 | .CharSet = "UTF-8"
|
---|
206 | Form(sFormName) = .ReadText
|
---|
207 | .Close
|
---|
208 | End With
|
---|
209 | End If
|
---|
210 |
|
---|
211 | nFormStart = nFormStart + nBoundLen
|
---|
212 | Loop
|
---|
213 |
|
---|
214 | oTotalData = ""
|
---|
215 | Set oFormStream = Nothing
|
---|
216 | End Sub
|
---|
217 |
|
---|
218 | Public Sub SaveAs(sItem, sFileName)
|
---|
219 | If File(sItem).Size < 1 Then
|
---|
220 | nErr = 2
|
---|
221 | Exit Sub
|
---|
222 | End If
|
---|
223 |
|
---|
224 | If Not IsAllowed(File(sItem).Ext) Then
|
---|
225 | nErr = 4
|
---|
226 | Exit Sub
|
---|
227 | End If
|
---|
228 |
|
---|
229 | If InStr( LCase( sFileName ), "::$data" ) > 0 Then
|
---|
230 | nErr = 4
|
---|
231 | Exit Sub
|
---|
232 | End If
|
---|
233 |
|
---|
234 | Dim sFileExt, iFileSize
|
---|
235 | sFileExt = File(sItem).Ext
|
---|
236 | iFileSize = File(sItem).Size
|
---|
237 |
|
---|
238 | ' Check XSS.
|
---|
239 | If Not IsHtmlExtension( sFileExt ) Then
|
---|
240 | ' Calculate the size of data to load (max 1Kb).
|
---|
241 | Dim iXSSSize
|
---|
242 | iXSSSize = iFileSize
|
---|
243 |
|
---|
244 | If iXSSSize > 1024 Then
|
---|
245 | iXSSSize = 1024
|
---|
246 | End If
|
---|
247 |
|
---|
248 | ' Read the data.
|
---|
249 | Dim sData
|
---|
250 | oSourceData.Position = File(sItem).Start
|
---|
251 | sData = oSourceData.Read( iXSSSize ) ' Byte Array
|
---|
252 | sData = ByteArray2Text( sData ) ' String
|
---|
253 |
|
---|
254 | ' Sniff HTML data.
|
---|
255 | If SniffHtml( sData ) Then
|
---|
256 | nErr = 4
|
---|
257 | Exit Sub
|
---|
258 | End If
|
---|
259 | End If
|
---|
260 |
|
---|
261 | Dim oFileStream
|
---|
262 | Set oFileStream = Server.CreateObject("ADODB.Stream")
|
---|
263 | With oFileStream
|
---|
264 | .Type = 1
|
---|
265 | .Mode = 3
|
---|
266 | .Open
|
---|
267 | oSourceData.Position = File(sItem).Start
|
---|
268 | oSourceData.CopyTo oFileStream, File(sItem).Size
|
---|
269 | .Position = 0
|
---|
270 | .SaveToFile sFileName, 2
|
---|
271 | .Close
|
---|
272 | End With
|
---|
273 | Set oFileStream = Nothing
|
---|
274 | End Sub
|
---|
275 |
|
---|
276 | Private Function IsAllowed(sExt)
|
---|
277 | Dim oRE
|
---|
278 | Set oRE = New RegExp
|
---|
279 | oRE.IgnoreCase = True
|
---|
280 | oRE.Global = True
|
---|
281 |
|
---|
282 | If sDenied = "" Then
|
---|
283 | oRE.Pattern = sAllowed
|
---|
284 | IsAllowed = (sAllowed = "") Or oRE.Test(sExt)
|
---|
285 | Else
|
---|
286 | oRE.Pattern = sDenied
|
---|
287 | IsAllowed = Not oRE.Test(sExt)
|
---|
288 | End If
|
---|
289 |
|
---|
290 | Set oRE = Nothing
|
---|
291 | End Function
|
---|
292 |
|
---|
293 | Private Function IsHtmlExtension( sExt )
|
---|
294 | If sHtmlExtensions = "" Then
|
---|
295 | Exit Function
|
---|
296 | End If
|
---|
297 |
|
---|
298 | Dim oRE
|
---|
299 | Set oRE = New RegExp
|
---|
300 | oRE.IgnoreCase = True
|
---|
301 | oRE.Global = True
|
---|
302 | oRE.Pattern = sHtmlExtensions
|
---|
303 |
|
---|
304 | IsHtmlExtension = oRE.Test(sExt)
|
---|
305 |
|
---|
306 | Set oRE = Nothing
|
---|
307 | End Function
|
---|
308 |
|
---|
309 | Private Function SniffHtml( sData )
|
---|
310 |
|
---|
311 | Dim oRE
|
---|
312 | Set oRE = New RegExp
|
---|
313 | oRE.IgnoreCase = True
|
---|
314 | oRE.Global = True
|
---|
315 |
|
---|
316 | Dim aPatterns
|
---|
317 | aPatterns = Array( "<!DOCTYPE\W*X?HTML", "<(body|head|html|img|pre|script|table|title)", "type\s*=\s*[\'""]?\s*(?:\w*/)?(?:ecma|java)", "(?:href|src|data)\s*=\s*[\'""]?\s*(?:ecma|java)script:", "url\s*\(\s*[\'""]?\s*(?:ecma|java)script:" )
|
---|
318 |
|
---|
319 | Dim i
|
---|
320 | For i = 0 to UBound( aPatterns )
|
---|
321 | oRE.Pattern = aPatterns( i )
|
---|
322 | If oRE.Test( sData ) Then
|
---|
323 | SniffHtml = True
|
---|
324 | Exit Function
|
---|
325 | End If
|
---|
326 | Next
|
---|
327 |
|
---|
328 | SniffHtml = False
|
---|
329 |
|
---|
330 | End Function
|
---|
331 |
|
---|
332 | ' Thanks to http://www.ericphelps.com/q193998/index.htm
|
---|
333 | Private Function ByteArray2Text(varByteArray)
|
---|
334 | Dim strData, strBuffer, lngCounter
|
---|
335 | strData = ""
|
---|
336 | strBuffer = ""
|
---|
337 | For lngCounter = 0 to UBound(varByteArray)
|
---|
338 | strBuffer = strBuffer & Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1)))
|
---|
339 | 'Keep strBuffer at 1k bytes maximum
|
---|
340 | If lngCounter Mod 1024 = 0 Then
|
---|
341 | strData = strData & strBuffer
|
---|
342 | strBuffer = ""
|
---|
343 | End If
|
---|
344 | Next
|
---|
345 | ByteArray2Text = strData & strBuffer
|
---|
346 | End Function
|
---|
347 |
|
---|
348 | End Class
|
---|
349 |
|
---|
350 | Class NetRube_FileInfo
|
---|
351 | Dim FormName, ClientPath, Path, Name, Ext, Content, Size, MIME, Start
|
---|
352 | End Class
|
---|
353 | %>
|
---|