详细说明:
<%
Dim url,strUrl,strPath
url = Replace(Replace(Replace(Request('url'), ''', ''), '%', ''), '\', '/')
//首先先进行一些字符的替换,'换成空,%也换成空,\换成/
If Len(url) > 3 Then
If Left(url,1) = '/' Then
Response.Redirect url //如果用户提交的url第一个字符是/,那直接转向url
End If
If Left(url,3) = '../' Then
Response.Redirect url //同上,意思就是不给你用../跳转目录
End If
strUrl = Left(url,10)
If InStr(strUrl, '://') > 0 Then //这个,汗·~~://不懂干什么用的
Response.Redirect url
End If
If InStr(url, '/') > 0 Then
strPath = Server.MapPath('.') & '\' & url //补充物理地址了
strPath = Replace(strPath, '/', '\') //替换/为\呢
Call downThisFile(strPath) //HOHO~~开始下载了
Else
Response.Redirect url
End If
End If
Sub downThisFile(thePath)
Response.Clear
On Error Resume Next
Dim stream, fileName, fileContentType
fileName = split(thePath,'\')(UBound(split(thePath,'\')))
Set stream = Server.CreateObject('adodb.stream')
stream.Open
stream.Type = 1
stream.LoadFromFile(thePath)
Response.AddHeader 'Content-Disposition', 'attachment; filename=' & fileName
Response.AddHeader 'Content-Length', stream.Size
Response.Charset = 'UTF-8'
Response.ContentType = 'application/octet-stream'
Response.BinaryWrite stream.Read
Response.Flush
stream.Close
Set stream = Nothing
End Sub
%>
|
