258 lines
7.2 KiB
Plaintext
258 lines
7.2 KiB
Plaintext
<% Option Explicit %>
|
|
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="DESCRIPTION" CONTENT="ASP Source code browser">
|
|
<META NAME="GENERATOR" CONTENT="Microsoft Visual InterDev 1.0">
|
|
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso8859-1">
|
|
</HEAD>
|
|
|
|
<BODY BGCOLOR=#FFFFFF TOPMARGIN=0 LEFTMARGIN=0 ALINK=#23238E VLINK=#808080 LINK=#FFCC00>
|
|
<BASEFONT FACE="VERDANA, ARIAL, HELVETICA" SIZE=2>
|
|
|
|
<!-- DISPLAY THE COLOR LEGEND -->
|
|
<TABLE BORDER=1>
|
|
<TR>
|
|
<TD WIDTH="25" BGCOLOR="#FF0000"> </TD>
|
|
<TD><FONT FACE="VERDANA, ARIAL, HELVETICA" SIZE="2">ASP Script</FONT></TD>
|
|
</TR>
|
|
<TR>
|
|
<TD BGCOLOR="#0000FF"> </TD>
|
|
<TD><FONT FACE="VERDANA, ARIAL, HELVETICA" SIZE="2">Comments</FONT></TD>
|
|
</TR>
|
|
<TR>
|
|
<TD BGCOLOR="#000000"> </TD>
|
|
<% If InStr(UCase(Request("Source")),".CDX") > 0 Then %>
|
|
<TD><FONT FACE="VERDANA, ARIAL, HELVETICA" SIZE="2">XML and Text</FONT></TD>
|
|
<% Else %>
|
|
<TD><FONT FACE="VERDANA, ARIAL, HELVETICA" SIZE="2">HTML and Text</FONT></TD>
|
|
<% End If %>
|
|
</TR>
|
|
</TABLE>
|
|
|
|
<HR>
|
|
<FONT FACE="VERDANA, ARIAL, HELVETICA" SIZE="2">
|
|
<% OutputSource %>
|
|
</FONT>
|
|
</BODY>
|
|
</HTML>
|
|
|
|
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
|
|
|
|
|
|
REM **************************************
|
|
REM intended behavior:
|
|
REM allow access to only .asp, .htm, .html, .inc files
|
|
REM in some directory starting from /IISSAMPLES
|
|
REM and without .. in the path
|
|
REM **************************************
|
|
|
|
FUNCTION fValidPath (ByVal strPath)
|
|
If InStr(1, strPath, "/iissamples/", 1) Then
|
|
' the beginning of the string looks good
|
|
Dim dwLen
|
|
Dim SomeKnownExtension
|
|
SomeKnownExtension = false
|
|
dwLen = Len(strPath)
|
|
If Not SomeKnownExtension Then
|
|
If InStr(dwLen-5,strPath,".html",1) Then
|
|
SomeKnownExtension = true
|
|
End If
|
|
End If
|
|
If Not SomeKnownExtension Then
|
|
If InStr(dwLen-4,strPath,".htm",1) Then
|
|
SomeKnownExtension = true
|
|
End If
|
|
End If
|
|
If Not SomeKnownExtension Then
|
|
If InStr(dwLen-4,strPath,".asp",1) Then
|
|
SomeKnownExtension = true
|
|
End If
|
|
End If
|
|
If Not SomeKnownExtension Then
|
|
If InStr(dwLen-4,strPath,".inc",1) Then
|
|
SomeKnownExtension = true
|
|
End If
|
|
End If
|
|
If Not SomeKnownExtension Then
|
|
fValidPath = 0
|
|
Exit Function
|
|
End If
|
|
' now the most importan part: look for ..
|
|
If InStr(1,strPath,"..",1) Then
|
|
fValidPath = 0
|
|
Else
|
|
fValidPath = 1
|
|
End If
|
|
Else
|
|
fValidPath = 0
|
|
End If
|
|
END FUNCTION
|
|
</SCRIPT>
|
|
|
|
|
|
|
|
<%
|
|
Sub OutputSource
|
|
Dim strVirtualPath, strFilename
|
|
strVirtualPath = Request("Source")
|
|
|
|
If fValidPath(strVirtualPath) Then
|
|
strFilename = Server.MapPath(strVirtualPath)
|
|
|
|
Dim FileObject, oInStream, strOutput
|
|
Set FileObject = CreateObject("Scripting.FileSystemObject")
|
|
Set oInStream = FileObject.OpenTextFile(strFilename, 1, 0, 0)
|
|
While NOT oInStream.AtEndOfStream
|
|
strOutput = oInStream.ReadLine
|
|
Call PrintLine(strOutput, fCheckLine(strOutput))
|
|
Response.Write "<BR>"
|
|
Wend
|
|
Else
|
|
Response.Write("<H1>View Active Server Page Source-- Access Denied</H1>")
|
|
End If
|
|
End Sub
|
|
|
|
' Returns the minimum number greater than 0
|
|
' If both are 0, returns -1
|
|
Function fMin(iNum1, iNum2)
|
|
If iNum1 = 0 AND iNum2 = 0 Then
|
|
fMin = -1
|
|
ElseIf iNum2 = 0 Then
|
|
fMin = iNum1
|
|
ElseIf iNum1 = 0 Then
|
|
fMin = iNum2
|
|
ElseIf iNum1 < iNum2 Then
|
|
fMin = iNum1
|
|
Else
|
|
fMin = iNum2
|
|
End If
|
|
End Function
|
|
|
|
Function fCheckLine (ByVal strLine)
|
|
Dim iTemp, iPos
|
|
fCheckLine = 0
|
|
iTemp = 0
|
|
|
|
iPos = InStr(strLine, "<" & "%")
|
|
If fMin(iTemp, iPos) = iPos Then
|
|
iTemp = iPos
|
|
fCheckLine = 1
|
|
End If
|
|
|
|
iPos = InStr(strLine, "%" & ">")
|
|
If fMin(iTemp, iPos) = iPos Then
|
|
iTemp = iPos
|
|
fCheckLine = 2
|
|
End If
|
|
|
|
iPos = InStr(1, strLine, "<" & "SCRIPT", 1)
|
|
If fMin(iTemp, iPos) = iPos Then
|
|
iTemp = iPos
|
|
fCheckLine = 3
|
|
End If
|
|
|
|
iPos = InStr(1, strLine, "<" & "/SCRIPT", 1)
|
|
If fMin(iTemp, iPos) = iPos Then
|
|
iTemp = iPos
|
|
fCheckLine = 4
|
|
End If
|
|
|
|
iPos = InStr(1, strLine, "<" & "!--", 1)
|
|
If fMin(iTemp, iPos) = iPos Then
|
|
iTemp = iPos
|
|
fCheckLine = 5
|
|
End If
|
|
|
|
iPos = InStr(1, strLine, "-" & "->", 1)
|
|
If fMin(iTemp, iPos) = iPos Then
|
|
iTemp = iPos
|
|
fCheckLine = 6
|
|
End If
|
|
|
|
End Function
|
|
|
|
Sub PrintHTML (ByVal strLine)
|
|
Dim iPos, iSpaces, i
|
|
iSpaces = Len(strLine) - Len(LTrim(strLine))
|
|
i = 1
|
|
While Mid(Strline, i, 1) = Chr(9)
|
|
iSpaces = iSpaces + 5
|
|
i = i + 1
|
|
Wend
|
|
If iSpaces > 0 Then
|
|
For i = 1 to iSpaces
|
|
Response.Write(" ")
|
|
Next
|
|
End If
|
|
iPos = InStr(strLine, "<")
|
|
If iPos Then
|
|
Response.Write(Left(strLine, iPos - 1))
|
|
Response.Write("<")
|
|
strLine = Right(strLine, Len(strLine) - iPos)
|
|
Call PrintHTML(strLine)
|
|
Else
|
|
Response.Write(strLine)
|
|
End If
|
|
End Sub
|
|
|
|
Sub PrintLine (ByVal strLine, iFlag)
|
|
Dim iPos
|
|
Select Case iFlag
|
|
Case 0
|
|
Call PrintHTML(strLine)
|
|
|
|
Case 1
|
|
iPos = InStr(strLine, "<" & "%")
|
|
Call PrintHTML(Left(strLine, iPos - 1))
|
|
Response.Write("<FONT COLOR=#ff0000>")
|
|
Response.Write("<%")
|
|
strLine = Right(strLine, Len(strLine) - (iPos + 1))
|
|
Call PrintLine(strLine, fCheckLine(strLine))
|
|
|
|
Case 2
|
|
iPos = InStr(strLine, "%" & ">")
|
|
Call PrintHTML(Left(strLine, iPos -1))
|
|
Response.Write("%>")
|
|
Response.Write("</FONT>")
|
|
strLine = Right(strLine, Len(strLine) - (iPos + 1))
|
|
Call PrintLine(strLine, fCheckLine(strLine))
|
|
|
|
Case 3
|
|
iPos = InStr(1, strLine, "<" & "SCRIPT", 1)
|
|
Call PrintHTML(Left(strLine, iPos - 1))
|
|
Response.Write("<FONT COLOR=#0000ff>")
|
|
Response.Write("<SCRIPT")
|
|
strLine = Right(strLine, Len(strLine) - (iPos + 6))
|
|
Call PrintLine(strLine, fCheckLine(strLine))
|
|
|
|
Case 4
|
|
iPos = InStr(1, strLine, "<" & "/SCRIPT>", 1)
|
|
Call PrintHTML(Left(strLine, iPos - 1))
|
|
Response.Write("</SCRIPT>")
|
|
Response.Write("</FONT>")
|
|
strLine = Right(strLine, Len(strLine) - (iPos + 8))
|
|
Call PrintLine(strLine, fCheckLine(strLine))
|
|
|
|
Case 5
|
|
iPos = InStr(1, strLine, "<" & "!--", 1)
|
|
Call PrintHTML(Left(strLine, iPos - 1))
|
|
Response.Write("<FONT COLOR=#0000ff>")
|
|
Response.Write("<!--")
|
|
strLine = Right(strLine, Len(strLine) - (iPos + 3))
|
|
Call PrintLine(strLine, fCheckLine(strLine))
|
|
|
|
Case 6
|
|
iPos = InStr(1, strLine, "-" & "->", 1)
|
|
Call PrintHTML(Left(strLine, iPos - 1))
|
|
Response.Write("-->")
|
|
Response.Write("</FONT>")
|
|
strLine = Right(strLine, Len(strLine) - (iPos + 2))
|
|
Call PrintLine(strLine, fCheckLine(strLine))
|
|
|
|
Case Else
|
|
Response.Write("Function Error -- Please contact the administrator.")
|
|
End Select
|
|
End Sub
|
|
%>
|