% Response.Buffer = False a_tablename = Request.QueryString("a_tablename") filename = Request.QueryString("filename") a_tablename = Replace(a_tablename, "../", "" ) a_tablename = Replace(a_tablename, "/", "" ) filename = Replace(filename, "../", "" ) filename = Replace(filename, "/", "" ) If a_tablename = "" Or filename = "" Then %> <% response.end End if strDirectory = server.mappath( "/data/board/" ) & "\" & a_tablename & "\" filepath = strDirectory & filename 'filepath = Request.QueryString("file") 'filename = Mid(filepath, InStrRev("\")+1) set objFS = Server.CreateObject("Scripting.FileSystemObject") If objFS.FileExists(filepath) = False Then %>
<% response.end End if set objF = objFS.GetFile(filepath) Response.AddHeader "Content-Disposition","attachment;filename=" & server.URLPathEncode(filename) Response.AddHeader "Content-Length", objF.Size set objF = nothing set objFS = nothing Response.ContentType = "application/x-msdownload" Response.CacheControl = "public" Set objDownload = Server.CreateObject("DEXT.FileDownload") objDownload.Download filepath Set uploadform = Nothing %>