<% Response.Buffer = False filename = Request.QueryString("filename") filename = Replace(filename, "../", "" ) filename = Replace(filename, "/", "" ) If filename = "" Then %> <% response.end End if strDirectory = server.mappath( "/data/file/" ) & "\" filepath = strDirectory & filename 'filepath = Request.QueryString("file") 'filename = Mid(filepath, InStrRev("\")+1) 'response.write filepath 'response.end set objFS = Server.CreateObject("Scripting.FileSystemObject") If objFS.FileExists(filepath) = False Then %> <% response.end End if set objF = objFS.GetFile(filepath) Response.AddHeader "Content-Disposition","attachment;filename=" & server.URLPathEncode(filename) Response.AddHeader "Content-Length", objF.Size set objF = nothing set objFS = nothing Response.ContentType = "application/x-msdownload" Response.CacheControl = "public" Set objDownload = Server.CreateObject("DEXT.FileDownload") objDownload.Download filepath Set uploadform = Nothing %>