昨天晚上修改了一下稻香老农老兄的无组上传组件。希望大家用得着。

<%
''请保留此信息: 稻香老农制作 http://www.5xSoft.com/
dim upfile_5xSoft_Stream
Class upload_5xSoft
dim Form,File,Version
Dim ReName '改名后的文件名 whyslr add at 05.1.21
Private Sub Class_Initialize
dim iStart,iFileNameStart,iFileNameEnd,iEnd,vbEnter,iFormStart,iFormEnd,theFile
dim strDiv,mFormName,mFormValue,mFileName,mFileSize,mFilePath,iDivLen,mStr
Version="化境编程界HTTP上传程序 Version 1.0"
if Request.TotalBytes<1 then Exit Sub
set Form=CreateObject("Scripting.Dictionary")
set File=CreateObject("Scripting.Dictionary")
set upfile_5xSoft_Stream=CreateObject("Adodb.Stream")
upfile_5xSoft_Stream.mode=3
upfile_5xSoft_Stream.type=1
upfile_5xSoft_Stream.open
upfile_5xSoft_Stream.write Request.BinaryRead(Request.TotalBytes)

vbEnter=Chr(13)&Chr(10)
iDivLen=inString(1,vbEnter)+1
strDiv=subString(1,iDivLen)
iFormStart=iDivLen
iFormEnd=inString(iformStart,strDiv)-1
while iFormStart < iFormEnd
iStart=inString(iFormStart,"name=""")
iEnd=inString(iStart+6,"""")
mFormName=subString(iStart+6,iEnd-iStart-6)
iFileNameStart=inString(iEnd+1,"filename=""")
if iFileNameStart>0 and iFileNameStart<iFormEnd then
iFileNameEnd=inString(iFileNameStart+10,"""")
mFileName=subString(iFileNameStart+10,iFileNameEnd-iFileNameStart-10)
iStart=inString(iFileNameEnd+1,vbEnter&vbEnter)
iEnd=inString(iStart+4,vbEnter&strDiv)
if iEnd>iStart then
mFileSize=iEnd-iStart-4
else
mFileSize=0
end if
ReName = fixedFileName(right(getFileName(mFileName),4))'重命名文件whyslr add at 05.1.21
set theFile=new FileInfo
theFile.FileName=getFileName(mFileName)
theFile.FilePath=getFilePath(mFileName)
theFile.FileSize=mFileSize
theFile.FileStart=iStart+4
theFile.FormName=FormName
file.add mFormName,theFile
else
iStart=inString(iEnd+1,vbEnter&vbEnter)
iEnd=inString(iStart+4,vbEnter&strDiv)

if iEnd>iStart then
mFormValue=subString(iStart+4,iEnd-iStart-4)
else
mFormValue=""
end if
if form.Exists(mFormName) then'避免读取多选表单列表时出错whyslr modify at 05.1.21
old_Value = form(mFormName)
form.Remove(mFormName)
form.Add mFormName,old_Value & "," & mFormValue
else
form.Add mFormName,mFormValue
end if
end if

iFormStart=iformEnd+iDivLen
iFormEnd=inString(iformStart,strDiv)-1
wend
End Sub

Private Function subString(theStart,theLen)
dim i,c,stemp
upfile_5xSoft_Stream.Position=theStart-1
stemp=""
for i=1 to theLen
if upfile_5xSoft_Stream.EOS then Exit for
c=ascB(upfile_5xSoft_Stream.Read(1))
If c > 127 Then
if upfile_5xSoft_Stream.EOS then Exit for
stemp=stemp&Chr(AscW(ChrB(AscB(upfile_5xSoft_Stream.Read(1)))&ChrB(c)))
i=i+1
else
stemp=stemp&Chr(c)
End If
Next
subString=stemp
End function

Private Function inString(theStart,varStr)
dim i,j,bt,theLen,str
InString=0
Str=toByte(varStr)
theLen=LenB(Str)
for i=theStart to upfile_5xSoft_Stream.Size-theLen
if i>upfile_5xSoft_Stream.size then exit Function
upfile_5xSoft_Stream.Position=i-1
if AscB(upfile_5xSoft_Stream.Read(1))=AscB(midB(Str,1)) then
InString=i
for j=2 to theLen
if upfile_5xSoft_Stream.EOS then
inString=0
Exit for
end if
if AscB(upfile_5xSoft_Stream.Read(1))<>AscB(MidB(Str,j,1)) then
InString=0
Exit For
end if
next
if InString<>0 then Exit Function
end if
next
End Function

Private Sub Class_Terminate
form.RemoveAll
file.RemoveAll
set form=nothing
set file=nothing
upfile_5xSoft_Stream.close
set upfile_5xSoft_Stream=nothing
End Sub

Private function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function

Private function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)
Else
GetFileName = ""
End If
End function

Private function toByte(Str)
dim i,iCode,c,iLow,iHigh
toByte=""
For i=1 To Len(Str)
c=mid(Str,i,1)
iCode =Asc(c)
If iCode<0 Then iCode = iCode + 65535
If iCode>255 Then
iLow = Left(Hex(Asc(c)),2)
iHigh =Right(Hex(Asc(c)),2)
toByte = toByte & chrB("&H"&iLow) & chrB("&H"&iHigh)
Else
toByte = toByte & chrB(AscB(c))
End If
Next
End function

private function fixedFileName(file_Ext)'将文件改名whyslr add at 05.1.21
Dim temp_STR,randomize_Num
temp_STR = ""
randomize
randomize_Num = (cint(9999*rnd()) + 100)
tempSTR = replace(now()," ","")
tempSTR = replace(tempSTR,"-","")
tempSTR = replace(tempSTR,"上午","")
tempSTR = replace(tempSTR,"下午","")
tempSTR = replace(ucase(tempSTR),"AM","")
tempSTR = replace(ucase(tempSTR),"PM","")
tempSTR = replace(ucase(tempSTR),"GTS","")
tempSTR = replace(tempSTR,":","")
fixedFileName = tempSTR & randomize_Num & file_Ext
end function
End Class


Class FileInfo
dim FormName,FileName,FilePath,FileSize,FileStart,isSafe
Private Sub Class_Initialize
FileName = ""
FilePath = ""
FileSize = 0
FileStart= 0
FormName = ""
End Sub

public function SaveAs(FullPath)
dim dr,ErrorChar,i
SaveAs=1
if trim(fullpath)="" or FileSize=0 or FileStart=0 or FileName="" then exit function
if FileStart=0 or right(fullpath,1)="/" then exit function
set dr=CreateObject("Adodb.Stream")
dr.Mode=3
dr.Type=1
dr.Open
upfile_5xSoft_Stream.position=FileStart-1
upfile_5xSoft_Stream.copyto dr,FileSize
dr.SaveToFile FullPath,2
dr.Close
set dr=nothing
isSafe = chk_Safe(fullpath) '如果你的空间不支持fso请将这行注释掉、不然保存文件时会出错whyslr add at 05.1.21
SaveAs=0
end function

private Function chk_Safe(filePath)'检查上传过来的是否是asp文件whyslr add at 05.1.21
Dim str
Dim fsoObject
Dim fileObject
set fsoObject = server.CreateObject("scripting.filesystemobject")
set fileObject = fsoObject.openTextFile(filePath,1,0)

if isObject(fileObject) then
do while not fileObject.AtEndOfStream
str = fileObject.ReadAll
Loop
end if
fileObject.close()
set fileObject = nothing

if instr(server.HTMLEncode(str),"<%") > 0 and instr(server.HTMLEncode(str),"%>") > 0 and fsoObject.fileExists(filePath) then
fsoObject.deleteFile filePath,true
chk_Safe = false
else
chk_Safe = true
end if
set fsoObject = nothing

end function
End Class
%>
最近很流行一个图片木马；本公司就有几个客户中标所以对该组件进行了修改。如果那位仁兄有更好的解决方法请不吝赐教