这时在作测试时扒下来的代码有的丢掉了,只有个修补方案。大家凑合着看吧。东西很简单。
string str = filename.Substring(filename.LastIndexOf(".") + 1, 3);
if (str == "png" || str == "gif" || str == "jpg" || str == "jpeg" || str == "PNG" || str == "GIF" || str == "JPG" || str == "JPEG")
{
string sfd = savePath;
string sf = filename.Substring(0, filename.LastIndexOf(".")) + "_" + DateTime.Now.ToString("yyMMddhhmmss") + "." + str;
savePath += filename + sf;
this.hidurl.Value = "SecFile/" + sf;//保存URL这段上传代码,验证文件名是从最后[点]算起的,也就是提交后缀为gif就行,在往下看在生成新文件名时也是用的lastindexof()函数进行的截取,之后保存的,由于服务器是IIS6.0直接POST文件名为1. asp ;1.jpg就ok。修复代码:[code="csharp"]string sf =DateTime.Now.ToString("yyMMddhhmmss") + "." + str;[/code]-----<font face="宋体 "><code id="code1">fileurl = context.Request["folder"];</code></font>
从请求头里取文件夹地址。iis6直接截断或分号
------
<font face="宋体 "><code id="code2">protected void SaveImg(HttpPostedFile file,string type,string roomid,string roomname,string btntype)
{
#region 保存图片
string imgname = Path.GetFileName(file.FileName).ToLower();
if (imgname.Length==0)
{
if (btntype=="edit")
{
Response.Write("{ \"result\":\"" + AddMode("", roomid, roomname) + "\"}");
return;
}
Response.Write("{ \"result\":\"-2\"}");
return;
}
imgname = imgname.Substring(0, imgname.Length - 4);
string PicType = Path.GetExtension(file.FileName).ToLower(); //获得图片的扩展名
//if (PicType == ".jpg" || PicType == ".gif" || PicType == ".jpeg" ||PicType ==".bmp" ){
//扩展名检测
string phsavename = string.Empty;
//客户端
string phserver = Server.MapPath("roomlogpic" + "/") + "/roomImage/";
string saveserver = "http://HdhCmsTestcunlide测试数据/admin/roomlogpic/roomImage/";
if (Directory.Exists(phserver) == false) //如果不存在就创建file文件夹
{
Directory.CreateDirectory(phserver);
}
try
{
int result = 0;
switch (type)
{
case "delete"://删除临时
phsavename = DateTime.Now.Year + "" + DateTime.Now.Month + "" + DateTime.Now.Day + PicType;
System.IO.File.Delete(phserver + Path.GetFileName(file.FileName).ToLower());
break;
case "save": //上传
phsavename = imgname+"_"+DateTime.Now.Year + "" + DateTime.Now.Month + "" + DateTime.Now.Day + PicType;
//没有任何过滤下面是修补代码
// phsavename = DateTime.Now.Year + "" + DateTime.Now.Month + "" + DateTime.Now.Day + PicType;
file.SaveAs(phserver + phsavename);
System.IO.File.Delete(phserver + Path.GetFileName(file.FileName).ToLower());
result=AddMode(saveserver + phsavename, roomid, roomname);
break;
case "temp": //临时上传
phsavename =DateTime.Now.Year + "" + DateTime.Now.Month + "" + DateTime.Now.Day + PicType;
file.SaveAs(phserver + phsavename);
break;
default:
break;
}
Response.Write("{ \"result\":\""+result+"\"}");//上传结果
return;
}
catch (System.NullReferenceException)
{
Response.Write("{ \"result\":\"-1\"}");//上传失败
return;
}
#endregion
/
查看更多关于.net文件上传漏洞代码实例及修复方案 - 网站安全的详细内容...