asked on
<%
Set oFileUp = Server.CreateObject("SoftArtisans.FileUp")
oFileUp.Path = "server path..."
oFileUp.CreateNewFile = True
oFileUp.OverWriteFiles = True
'oFileUp.Maxbytes = 300
If Not oFileUp.Form("file1").IsEmpty Then
oFileUp.Form("file1").Save
If Err.Number <> 0 Then
Response.Write "<B>Error description:</B> " & Err.Description
Else
Response.Write ""
End If
Else
Response.Write "Error! There is no file chosen for upload!"
End If
strServerName = oFileUp.Form("file1").ServerName
dim fs,p
set fs=Server.CreateObject("Scripting.FileSystemObject")
e=(fs.GetExtensionName("" & strServerName & ""))
p=fs.getfilename("" & strServerName & "")
response.write(p)
response.write(e)
set fs=nothing
Set oFileUp = Nothing
%>
ASKER
Set oFileUp = Server.CreateObject("SoftArtisans.FileUp")
oFileUp.Path = "path..."
oFileUp.CreateNewFile = True
oFileUp.OverWriteFiles = True
'oFileUp.Maxbytes = 300
FileName = oFileUp.Form("file1")
if testFileType(FileName) = 0 then ' see below for function
' end
response.redirect "new_file_fail.asp"
' or
response.write "not allowed"
' and do not run the rest of the save code
end if
function testFileType(FileName)
AllowedTypes = " jpg gif png "
FileType=right(FileName,3)
if instr(AllowedTypes,FileType) > 0 Then
testFileType = 1
else
testFileType = 0
end if
' http://www.w3schools.com/asp/func_instr.asp
end function
If Not oFileUp.Form("file1").IsEmpty Then
oFileUp.Form("file1").Save
If Err.Number <> 0 Then
Response.Write "<B>Error description:</B> " & Err.Description
Else
Response.Write ""
End If
Else
Response.Write "Error! There is no file chosen for upload!"
End If
strServerName = oFileUp.Form("file1").ServerName
dim fs,p
set fs=Server.CreateObject("Scripting.FileSystemObject")
e=(fs.GetExtensionName("" & strServerName & ""))
p=fs.getfilename("" & strServerName & "")
response.write(p)
response.write(e)
set fs=nothing
Set oFileUp = Nothing
<%
test1 = "image.jpg"
test2 = "image.gif"
test3 = "image.png"
test4 = "image.txt"
response.write testFileType(test1)&"<br>"
response.write testFileType(test2)&"<br>"
response.write testFileType(test3)&"<br>"
response.write testFileType(test4)&"<br>"
if testFileType(test1) = 1 then
response.write "Your image has been saved"
else
response.write "This image is the wrong file type"
end if
function testFileType(FileName)
AllowedTypes = " jpg gif png "
FileType=right(FileName,3)
if instr(AllowedTypes,FileType) > 0 Then
testFileType = 1
else
testFileType = 0
end if
' http://www.w3schools.com/asp/func_instr.asp
end function
%>
Looking at your codeFileName = oFileUp.Form("file1")
if testFileType(FileName) = 0 then ' see below for function
' end
response.redirect "new_file_fail.asp"
' or
response.write "not allowed"
' and do not run the rest of the save code
end if
If the variable FileName = 0 then it redirects so no use using response.write it will never be seen.FileName = oFileUp.Form("file1")
' ******* FOR TESTING ONLY *********
response.write FileName
response.end ' this will prevent anything else from running.
' *********************************
if testFileType(FileName) = 0 then ' see below for function
' end
response.redirect "new_file_fail.asp"
' or
response.write "not allowed"
' and do not run the rest of the save code
end if
ASKER
ASKER
Set oFileUp = Server.CreateObject("SoftArtisans.FileUp")
oFileUp.Path = "D:\hshome\DOMAINNAME\" & link & "files\"
oFileUp.CreateNewFile = True
oFileUp.OverWriteFiles = True
'oFileUp.Maxbytes = 300
FileName = oFileUp.Form("file1")
FCONT = oFileUp.ContentType
'--- Use the Select Case Condition to restrict the file type.
Select Case LCase(FCONT)
Case "image/gif"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "image/jpeg"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "image/jpg"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "image/png"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "image/pjpeg"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "application/pdf"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case "application/msword"
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."
Case Else
oFileUp.delete
Response.write "<P>" & oFileUp.ShortFileName & " is not allowed."
End Select
strServerName = oFileUp.Form("file1").ServerName
dim fs,p
set fs=Server.CreateObject("Scripting.FileSystemObject")
e=(fs.GetExtensionName("" & strServerName & ""))
p=fs.getfilename("" & strServerName & "")
response.write(p)
response.write(e)
set fs=nothing
Set oFileUp = Nothing
Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.
TRUSTED BY
ASKER