SubInitParam()sType=UCase(Trim(Request.QueryString("type")))sStyleName=Trim(Request.QueryString("style"))sCusDir=Trim(Request.QueryString("cusdir"))Dimi,aStyleConfig,bValidStyle
bValidStyle=FalseFori=1ToUbound(aStyle)aStyleConfig=Split(aStyle(i),"|||")IfLcase(sStyleName)=Lcase(aStyleConfig(0))ThenbValidStyle=TrueExitForEndIfNextIfbValidStyle=FalseThenOutScript("alert('Invalid Style.')")EndIfsBaseUrl=aStyleConfig(19)nAllowBrowse=CLng(aStyleConfig(43))nCusDirFlag=Clng(aStyleConfig(61))IfnAllowBrowse<>1ThenOutScript("alert('Do not allow browse!')")EndIfIfnCusDirFlag<>1ThensCusDir=""ElsesCusDir=Replace(sCusDir,"","/")IfLeft(sCusDir,1)="/"OrLeft(sCusDir,1)="."OrRight(sCusDir,1)="."OrInStr(sCusDir,"./")>0OrInStr(sCusDir,"/.")>0OrInStr(sCusDir,"//")>0ThensCusDir=""ElseIfRight(sCusDir,1)<>"/"ThensCusDir=sCusDir&"/"EndIfEndIfEndIfsUploadDir=aStyleConfig(3)IfLeft(sUploadDir,1)<>"/"ThensUploadDir="../"&sUploadDirEndIfSelectCasesBaseUrlCase"0"sContentPath=aStyleConfig(23)Case"1"sContentPath=RelativePath2RootPath(sUploadDir)Case"2"sContentPath=RootPath2DomainPath(RelativePath2RootPath(sUploadDir))EndSelectsUploadDir=sUploadDir&sCusDir
sContentPath=sContentPath&sCusDirSelectCasesTypeCase"FILE"sAllowExt=""Case"MEDIA"sAllowExt="rm|mp3|wav|mid|midi|ra|avi|mpg|mpeg|asf|asx|wma|mov"Case"FLASH"sAllowExt="swf"CaseElsesAllowExt="bmp|jpg|jpeg|png|gif"EndSelectsCurrDir=sUploadDir
sDir=Trim(Request("dir"))'1.假设dir= ../
'2.假设dir=...//'3.假设dir=.....///
sDir = Replace(sDir, "", "/") '过滤1sDir=Replace(sDir,"../","")'过滤2
'1.到这里就被过滤了sDir=Replace(sDir,"./","")'过滤3
'2到这里也被功率了'3到这里就成../了。比较有趣的饶过!好象不少cms这样过滤过。[/color]
If sDir <> "" Then
If CheckValidDir(Server.Mappath(sUploadDir & sDir)) = True Then
sCurrDir = sUploadDir & sDir & "/"
Else
sDir = ""
End If
End If
End Sub