'======================增加检查文件内容是否合法===================================
'Dim CheckContent:CheckContent=CheckFileContent(FormPath &FileName,UpFileObj.File(FormNameItem).FileSize /1024) 过滤掉本行
Dim CheckContent 增加这一行
If KS.IsNul(CheckContent) Then'检查文件内容的是否合法
Function CheckFileContent(byval path,byval filesize)
dim kk,NoAllowExtArr
path=Replace(path,KS.Setting(2),"")
NoAllowExtArr=split(NoAllowExt,"|")
for kk=0 to ubound(NoAllowExtArr)
if instr(replace(lcase(path),lcase(KS.Setting(2)),""),"." & NoAllowExtArr(kk))<>0 then
call KS.DeleteFile(path)
CheckFileContent= "文件上传失败,文件名不合法"
Exit Function
end if
Next
if filesize>50 then exit function '超过1000K跳过检测
on error resume next
Dim findcontent,regEx,foundtf
findcontent=KS.ReadFromFile(Replace(path,KS.Setting(2),""))
if err then exit function:err.clear
foundtf=false
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "@\s*LANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|javascript).encode\b"
If regEx.Test(findcontent) Then
foundtf=true
end if
regEx.Pattern = "execute\s*request"
If regEx.Test(findcontent) Then
foundtf=true
end if
regEx.Pattern = "executeglobal\s*request"
If regEx.Test(findcontent) Then
foundtf=true
end if
regEx.Pattern = "<script.*runat.*server(\n|.)*execute(\n|.)*<\/script>"
If regEx.Test(findcontent) Then
foundtf=true
end if
regEx.Pattern = "\<%(.|\n)*%\>"
If regEx.Test(findcontent) Then
foundtf=true
end if
If Instr(lcase(findcontent),"scripting.filesystemobject")<>0 or instr(lcase(findcontent),"adodb.stream")<>0 Then
foundtf=true
End If
set regEx=nothing
if foundtf then
KS.DeleteFile(path)
CheckFileContent="系统检查到您上传的文件可能存在危险代码,不允许上传9!"
end if
End Function
