REM ************************************** 注意这是用过滤地址的
REM intended behavior: 如不是/IISSAMPLES就不让看asp源码
REM allow access to only .asp, .htm, .html, .inc files 所以,以后的代码只要有fValidPath就要rem
REM in some directory starting from /IISSAMPLES
REM and without .. in the path
REM **************************************
FUNCTION fValidPath (ByVal strPath)
If InStr(1, strPath, "/iissamples/", 1) Then
' the beginning of the string looks good
Dim dwLen
Dim SomeKnownExtension
SomeKnownExtension = false
dwLen = Len(strPath)
If Not SomeKnownExtension Then
If InStr(dwLen-5,strPath,".html",1) Then
SomeKnownExtension = true
End If
End If
If Not SomeKnownExtension Then
If InStr(dwLen-4,strPath,".htm",1) Then
SomeKnownExtension = true
End If
End If
If Not SomeKnownExtension Then
If InStr(dwLen-4,strPath,".asp",1) Then
SomeKnownExtension = true
End If
End If
If Not SomeKnownExtension Then
If InStr(dwLen-4,strPath,".inc",1) Then
SomeKnownExtension = true
End If
End If
If Not SomeKnownExtension Then
fValidPath = 0
Exit Function
End If
' now the most importan part: look for ..
If InStr(1,strPath,"..",1) Then
fValidPath = 0
Else
fValidPath = 1
End If
Else
fValidPath = 0
End If
END FUNCTION
</SCRIPT>
<%
Sub OutputSource
Dim strVirtualPath, strFilename
strVirtualPath = Request("Source")
rem 代码只要有fValidPath就要rem
rem If fValidPath(strVirtualPath) Then
strFilename = Server.MapPath(strVirtualPath)
Dim FileObject, oInStream, strOutput
Set FileObject = CreateObject("Scripting.FileSystemObject")
Set oInStream = FileObject.OpenTextFile(strFilename, 1, 0, 0)
While NOT oInStream.AtEndOfStream
strOutput = oInStream.ReadLine
Call PrintLine(strOutput, fCheckLine(strOutput))
Response.Write "<BR>"
Wend
rem 代码只要有fValidPath就要rem
rem Else
Response.Write("<H1>View Active Server Page Source-- Access Denied</H1>")
rem 代码只要有fValidPath就要rem
rem End If
End Sub
' Returns the minimum number greater than 0
' If both are 0, returns -1
Function fMin(iNum1, iNum2)
If iNum1 = 0 AND iNum2 = 0 Then
fMin = -1
ElseIf iNum2 = 0 Then
fMin = iNum1
ElseIf iNum1 = 0 Then
fMin = iNum2
ElseIf iNum1 < iNum2 Then
fMin = iNum1
Else
fMin = iNum2
End If
End Function
Function fCheckLine (ByVal strLine)
Dim iTemp, iPos
fCheckLine = 0
iTemp = 0
iPos = InStr(strLine, "<" & "%")
If fMin(iTemp, iPos) = iPos Then
iTemp = iPos
fCheckLine = 1
End If
iPos = InStr(strLine, "%" & ">")
If fMin(iTemp, iPos) = iPos Then
iTemp = iPos
fCheckLine = 2
End If
iPos = InStr(1, strLine, "<" & "SCRIPT", 1)
If fMin(iTemp, iPos) = iPos Then
iTemp = iPos
fCheckLine = 3
End If
iPos = InStr(1, strLine, "<" & "/SCRIPT", 1)
If fMin(iTemp, iPos) = iPos Then
iTemp = iPos
fCheckLine = 4
End If
iPos = InStr(1, strLine, "<" & "!--", 1)
If fMin(iTemp, iPos) = iPos Then
iTemp = iPos
fCheckLine = 5
End If
iPos = InStr(1, strLine, "-" & "->", 1)
If fMin(iTemp, iPos) = iPos Then
iTemp = iPos
fCheckLine = 6
End If
End Function
Sub PrintHTML (ByVal strLine)
Dim iPos, iSpaces, i
iSpaces = Len(strLine) - Len(LTrim(strLine))
i = 1
While Mid(Strline, i, 1) = Chr(9)
iSpaces = iSpaces + 5
i = i + 1
Wend
If iSpaces > 0 Then
For i = 1 to iSpaces
Response.Write(" ")
Next
End If
iPos = InStr(strLine, "<")
If iPos Then
Response.Write(Left(strLine, iPos - 1))
Response.Write("<")
strLine = Right(strLine, Len(strLine) - iPos)
Call PrintHTML(strLine)
Else
Response.Write(strLine)
End If
End Sub
Sub PrintLine (ByVal strLine, iFlag)
Dim iPos
Select Case iFlag
Case 0
Call PrintHTML(strLine)