<%@ codepage = 65001%> <% session.codepage = 65001 %> <%Response.CharSet = "UTF-8"%> <% Response.Buffer = False a_tablename = Request.QueryString("a_tablename") filename = Request.QueryString("filename") a_tablename = Replace(a_tablename, "..", "" ) a_tablename = Replace(a_tablename, "/", "" ) filename = Replace(filename, "..", "" ) filename = Replace(filename, "/", "" ) If filename = "" Then %> <% response.end End if strDirectory = server.mappath( "/data/banner/" )&"\" filepath = strDirectory & filename 'filepath = Request.QueryString("file") 'filename = Mid(filepath, InStrRev("\")+1) set objFS = Server.CreateObject("Scripting.FileSystemObject") If objFS.FileExists(filepath) = False Then %> <% response.end End if set objF = objFS.GetFile(filepath) Response.AddHeader "Content-Disposition","attachment;filename=" & filename Response.AddHeader "Content-Length", objF.Size set objF = nothing set objFS = nothing Response.ContentType = "application/unknown" Response.CacheControl = "public" Set objDownload = Server.CreateObject("DEXT.FileDownload") objDownload.Download filepath Set uploadform = Nothing %>