偶也认为在文件类型上做限制
…… ……
if STRCOMP(right(newfile,4),".cgi",1)=0 or STRCOMP(right(newfile,4),".php",1)=0 or STRCOMP(right(newfile,4),".dll",1)=0 or STRCOMP(right(newfile,4),".jsp",1)=0
%>
<script language=vbscript>
msgbox "不支持此格式的文件名,创建文件失败!"
</script>
…… ……
_______________________________________________________________________
…… ……
if InStr(newfile,"=")<>0 or InStr(newfile,"`")<>0 or InStr(newfile,"'")<>0 or InStr(newfile," ")<>0 or InStr(newfile," ")<>0 or InStr(newfile,"'")<>0 or InStr(newfile,chr(34))<>0 or InStr(newfile,"\")<>0 or InStr(newfile,",")<>0 or InStr(newfile,"<")<>0 or InStr(newfile,">")<>0 or InStr(newfile,"/")<>0 or InStr(newfile,":")<>0 or InStr(newfile,"(")<>0 or InStr(newfile,")")<>0 or InStr(newfile,"#")<>0 or InStr(newfile,"$")<>0 or InStr(newfile,"%")<>0 or InStr(newfile,"&")<>0 or InStr(newfile,"*")<>0 or InStr(newfile,"-")<>0 or InStr(newfile,"+")<>0 or InStr(newfile,"[")<>0 or InStr(newfile,"]")<>0 or InStr(newfile,"|")<>0 or InStr(newfile,"^")<>0 then
%>
<script language=vbscript>
msgbox "文件名不能包括\/:*?"&chr(34)&"<>|等字符,创建文件失败!"