<% ' Fruibile - L'elemento CMS Open Source che mancava ' Copyright (C) 2002-2006 Roberto Scano ' ' Licensed under the terms of the GNU Lesser General Public License: ' http://www.opensource.org/licenses/lgpl-license.php ' ' For further information visit: ' http://www.fruibile.it/ ' ' File Author: ' Roberto Scano (mail@robertoscano.info) %> <% '' This code is absolute freeware. you can do with it as you please. '' There are no restrictions what so ever, but the code is AS IS, no warrenty or liabilty '' Please leave these commentlines intact '' Netherlands, February 2004 '' M.Blokdijk '' maarten@blokdijk.com '' V 1.0 %> <% 'controllo sicurezza -------------- if Session("WEBGODLogin") <> "W3C_VALIDATOR" then If session("argomenti")<> 1 Then response.Redirect "/backoffice/noentry.asp" end if end if '---------------------------------- 'Prevent your website from cross website attacks --------- refererUrl = Cstr(Request.ServerVariables("HTTP_REFERER")) serverName = Cstr(Request.ServerVariables("SERVER_NAME")) refererName = mid(refererUrl,8,len(serverName)) if refererName <> serverName then response.Redirect "/backoffice/noentry.asp" response.end end if '--------------------------------------------------------- %> <% Dim fs, sAction, sFile, sPath, sFolder, sFileType, scriptname, dbfile, ReadStream, WriteStream, WriteFile, fileobject, filecollection, file, startpath, lineid, bgcolor, bgcolor_on, bgcolor_off, foldercollection, folder, errornum, errorcode,AuthorizedPath ' Reset our errorcode values errornum = 0 errorcode = "" if Session("supervisor") = true then AuthorizedPath = "/files" '& Session("OfficePath") & "/" & Session("USER_ID") else AuthorizedPath = "/files/" & Session("OfficePath") & "/" & Session("USER_ID") end if scriptname=Request.ServerVariables("Script_Name") sAction = Request.Querystring("action") sFileType = Request.Querystring("filetype") If Request.Querystring("path") = "" Then ''setting the base path or rootfolder ''***************************************************** sPath = AuthorizedPath '"\" & Session("Office_ID") & "\" & Session("USER_ID") & "\ "/"''the root folder for this sytem. ''***************************************************** ''setting the base path or rootfolder Else sPath = Request.Querystring("path") If InStr(sPath,"../") Then errornum = errornum+1 errorcode = errorcode & "" & DICLanguage(272) & "" & DICLanguage(0) & "
" & vbcrlf & DICLanguage(274) & DICLanguage(0) elseif instr(sPath,AuthorizedPath) = 0 then errornum = errornum+1 errorcode = errorcode & "" & replace(DICLanguage(273),"[CARTELLA]",sPath) & "" & DICLanguage(0) & "
" & vbcrlf & DICLanguage(274) & DICLanguage(0) End If End If If sPath="/" Then If Request.Querystring("file") = "" Then sFile = sPath & Request.Form("file") Else sFile = sPath & Request.Querystring("file") End If If Request.Querystring("folder") = "" Then sFolder = sPath & Request.Form("folder") Else sFolder = sPath & Request.Querystring("folder") End If Else If Request.Querystring("file") = "" Then sFile = sPath & "/" & Request.Form("file") Else sFile = sPath & "/" & Request.Querystring("file") End If If Request.Querystring("folder") = "" Then sFolder = sPath & "/" & Request.Form("folder") Else sFolder = sPath & "/" & Request.Querystring("folder") End If End If session("foldername")=spath ' Make sure that no errors have occurred and no illegal actions have been taken before doing our stuff... If errornum < 1 Then Set fs = Server.CreateObject("Scripting.FileSystemObject") Select Case sAction Case "editfile" Select Case sFileType Case "htm", "txt", "html", "shtml", "shtm", "js", "css", "xml" EditFile Case "mdb", "dat" EditDb Case else FileTypeUnsupported End Select Case "savefile" SaveFile Case "viewfolder" Showlist Case "newfile" CreateFile Case "newfolder" CreateFolder Case "deletefile" DeleteFile Case "deletefolder" DeleteFolder Case "CreateNewFolder" CreateNewFolder Case "UploadFiles" UploadFiles Case "RenameFolder" RenameFolder Case "RenameFile" RenameFile Case Else Showlist End Select Set fs = Nothing Else DisplayErrors End If %>