实例介绍
【实例截图】
【核心代码】
<%@ CODEPAGE=65001 %>
<%
Response.CodePage=65001
Response.Charset="UTF-8"
dim oUpFileStream
Class upload_file
dim Form,File,Version
public AllowFiles,MaxDownFileSize
Private Sub Class_Initialize
dim RequestBinDate,sStart,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo,testStream,savePosition,strContent
dim iFileSize,sFilePath,sFileType,sFormvalue,sFileName
dim iFindStart,iFindEnd
dim iFormStart,iFormEnd,sFormName
dim intItemCount
dim vMumaKeyWord,intMKW,isHasMuma
intItemCount=0
AllowFiles="jpg,jpeg,gif,png" '所允许的文件格式
MaxDownFileSize = 30000 '限制30M
vMumaKeyWord = split("request|execute|wscript.shell|activexobject|include|function|.encode|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|.createobject","|") '要检测的木马关键字
set Form = Server.CreateObject("Scripting.Dictionary")
set File = Server.CreateObject("Scripting.Dictionary")
if Request.TotalBytes <= 0 then Exit Sub
set tStream = Server.CreateObject("adodb.stream")
set oUpFileStream = Server.CreateObject("adodb.stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead(Request.TotalBytes)
oUpFileStream.Position=0
RequestBinDate = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = chrB(13) & chrB(10)
'取得每个项目之间的分隔符
sStart = MidB(RequestBinDate,1, InStrB(1,RequestBinDate,bCrLf)-1)
iStart = LenB (sStart)
iFormStart = iStart 2
'分解项目
Do
iInfoEnd = InStrB(iFormStart,RequestBinDate,bCrLf & bCrLf) 3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.Charset ="utf-8"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB(iInfoEnd,RequestBinDate,sStart)-1
iFindStart = InStr(22,sInfo,"name=""",1) 6
iFindEnd = InStr(iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
'如果是文件
if InStr (45,sInfo,"filename=""",1) > 0 then
set oFileInfo= new FileInfo
'取得文件属性
iFindStart = InStr(iFindEnd,sInfo,"filename=""",1) 10
iFindEnd = InStr(iFindStart,sInfo,"""",1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileName = GetFileName(sFileName)
oFileInfo.FilePath = GetFilePath(sFileName)
oFileInfo.FileExt = GetFileExt(sFileName)
iFindStart = InStr(iFindEnd,sInfo,"Content-Type: ",1) 14
iFindEnd = InStr(iFindStart,sInfo,vbCr)
oFileInfo.FileType = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
oFileInfo.FileText=AllowFiles
if oFileInfo.filesize>(MaxDownFileSize*1024) then
oFileInfo.ErrCode=1
oFileInfo.ErrMsg="大小限制,最大只能上传" & MaxDownFileSize & "M的文件,您上传的文件大小是" & FormatNumber( oFileInfo.filesize / 1024 , 2 ) & "M。"
elseif instr(AllowFiles,lcase(oFileInfo.FileExt))=0 then '如果只是图片可用oFileInfo.FileType来判断是否包含image/
oFileInfo.ErrCode=2
oFileInfo.ErrMsg="类型限制,只允许上传“" & AllowFiles & "”这几种文件类型,您上传的文件类型是" & oFileInfo.FileExt & "。"
else
set testStream = Server.CreateObject("adodb.stream")
testStream.Type = 1
testStream.Mode = 3
testStream.Open
savePosition=oUpFileStream.Position '保存oUpFileStream的位置,下面要恢复
oUpFileStream.Position = oFileInfo.FileStart
oUpFileStream.CopyTo testStream,oFileInfo.FileSize
testStream.Position = 0
testStream.Type = 2
testStream.Charset ="gb2312"
strContent=lcase(testStream.ReadText)'以文本方式读取,然后判断是否包含图马相关的字符串,尽管乱码,但是基本字符串还是能检查出来的
strContent=replace(strContent,chr(0),"")
oFileInfo.FileText=strContent
for intMKW=0 to ubound(vMumaKeyWord)
if instr(strContent,vMumaKeyWord(intMKW))>0 then
if instr(oFileInfo.FileType,"image/")>0 then
oFileInfo.ErrCode=3
oFileInfo.ErrMsg="要上传的图片“" & sFileName & "”含有木马。" & vMumaKeyWord(intMKW)
else
oFileInfo.ErrCode=4
oFileInfo.ErrMsg="要上传的文件“" & sFileName & "”含有木马。" & vMumaKeyWord(intMKW)
end if
exit for
end if
next
oUpFileStream.Position = savePosition '恢复oUpFileStream,本身的位置
set testStream=nothing
end if
intItemCount=intItemCount 1'当一个file控件选择上传多个文件,添加到字典的sFormName会提示重复,所以后面加个索引区分 20180604
file.add sFormName & "_" & intItemCount,oFileInfo
set oFileInfo=nothing
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.Charset = "utf-8"
sFormvalue = tStream.ReadText
intItemCount=intItemCount 1
form.Add sFormName & "_" & intItemCount,sFormvalue
end if
tStream.Close
iFormStart = iFormStart iStart 2
'如果到文件尾了就退出
loop until (iFormStart 2) = iFormEnd
RequestBinDate=""
set tStream = nothing
End Sub
Private Sub Class_Terminate
'清除变量及对像
if not Request.TotalBytes<1 then
oUpFileStream.Close
set oUpFileStream =nothing
end if
Form.RemoveAll
File.RemoveAll
set Form=nothing
set File=nothing
End Sub
'取得文件路径
Private function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function
'取得文件名
Private function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\") 1)
Else
GetFileName = ""
End If
End function
'取得扩展名
Private function GetFileExt(FullPath)
If FullPath <> "" Then
GetFileExt = mid(FullPath,InStrRev(FullPath, ".") 1)
Else
GetFileExt = ""
End If
End function
'调试用,输出日志'
Private sub WriteToFile(s)
set fsoaa=createobject("scripting.filesystemobject")
set ff=fsoaa.OpenTextFile(Server.MapPath("debug.txt"),8 ,true)
ff.writeline now & " " & s
ff.close
End sub
End Class
'文件属性类
Class FileInfo
dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt,FileText,ErrMsg,ErrCode
Private Sub Class_Initialize
FileName = ""
FilePath = ""
FileSize = 0
FileStart= 0
FormName = ""
FileType = ""
FileExt = ""
FileText = ""
ErrCode = 0
ErrMsg = ""
End Sub
'保存文件方法
Public function SaveToFile(FullPath)
SaveToFile=1
if trim(fullpath)="" or right(fullpath,1)="/" then exit function
set oFileStream=CreateObject("Adodb.Stream")
oFileStream.Type=1
oFileStream.Mode=3
oFileStream.Open
oUpFileStream.position=FileStart
oUpFileStream.copyto oFileStream,FileSize
oFileStream.SaveToFile FullPath,2
oFileStream.Close
set oFileStream=nothing
SaveToFile=0
end function
End Class
%>
小贴士
感谢您为本站写下的评论,您的评论对其它用户来说具有重要的参考价值,所以请认真填写。
- 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
- 相信您也不想看到一排文字/表情墙,所以请不要反馈意义不大的重复字符,也请尽量不要纯表情的回复。
- 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
- 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。
关于好例子网
本站旨在为广大IT学习爱好者提供一个非营利性互相学习交流分享平台。本站所有资源都可以被免费获取学习研究。本站资源来自网友分享,对搜索内容的合法性不具有预见性、识别性、控制性,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,平台无法对用户传输的作品、信息、内容的权属或合法性、安全性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论平台是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二与二十三条之规定,若资源存在侵权或相关问题请联系本站客服人员,点此联系我们。关于更多版权及免责申明参见 版权及免责申明
网友评论
我要评论