In fact, it is very simple, all related to JS.
Example 1: One document is delivered to: -------- Code Begin --------- Function CheckValue (THE) {var Yes = true; if (the.username.value == / "/ "|| the.password.value == /" / "| |" / ") {ALERT (/" in the form of the item in the form * must fill in the full! / "); YES = FALSE var fileext = the.primarykey.value.substring (the.primarykey.value.Length-4, the.primarykey.value.Length) FileExt = fileext.tolowercase () ifxt.tolowercase () if (! (fileext == '. doc' | | fileext == '. TXT' || FileExt == '. DAT')) {Alert (/ "Sorry, incorrect file location, must be .doc, .txt or .dat! /"); the.primaryKey .focus (); yes = false;} return yes;} -------- Code end --------- He only uses JavaScript to make limitations, without correction from the PHP environment. Directly changed the webpage to the local, changed the change code. The IF in him (! (Fileext == '. Doc' || filext == '. TXT' || fileext == '. DAT')) Modified to IF ((FileExt == '. Doc' || fileext = = '. txt' || fileext == '. DAT')) and modify the address of the FORM from UPLOAD.PHP to http: //ip/upload.php
Example 2: Upmission at a website: -------- Code Begin --------- Function getFileExtension (filepath) {//v1.0 filename = ((FilePath.indexof ('/' )> -1)? Filepath.substring (filepath.lastindexof ('/') 1, filepath.length): filepath.substring (filepath.lastIndexof (') 1, filepath.length); return filename.substring (filename.lastIndexof ('.') 1, filename.length);}
Function checkfileupload (form, extensions) {//v1.0 document.mm_returnvalue = true; if (extensions && extensions! = ') {for (var i = 0; i Field = form.eferences [i]; if (Field) .type.touppercase ()! = 'file') Continue; if (field.value == ') {alert (' file box must be guaranteed to be selected! '); Document.mm_ReturnValue = false; field. Focus (); break;} if (extensions.touppercase (). Indexof (Field.Value) .touppercase ()) == -1) {Alert ('This file type is not allowed to upload !.// only The following types of files are allowed to be uploaded: ' extensions ' ./n Please select another file and re-upload. '); Document.mm_ReturnValue = false; Field.focus (); Break;}}}} ------ Code end --------- At first glance, there is no obciable problem as mentioned above, then we will come again -------- Code Begin ----- ------------ CODE END ---------
The above sentence makes him die hard, convert CheckfileUpload (this, 'zip, gtp, gp3'); checkfileupload (this, 'zip') into CheckfileUpload (this, 'ASP, GTP, GP3'); CheckfileUpload THIS, 'ASP') or directly? * 猚 猚ffileupload (this, 'asp'), huh, you can go to the west! However, the address in the previous action is changed to the absolute address http: // ip / upload / webpage / upload / upl ...? GP_UPLOAD = TRUE
Example 3: This is a location uploaded by 17173: -------- Code Begin --------- Function Form1_onSubmit (Theform.File1.Value == / "/ ") {Alert (/" Select Photos / "); Return (false);
IF (theform.title.value == / "/") {alert (/ "Please enter photo name /"); theform.title.focus (); return (false);} if (theform.gameid.value == / "/") {alert (/ "Please enter ID /") in the game; theform.gameid.focus (); return (false);}
IF (theform.onetime.value == / "/") {alert (/ "Please enter your online time /"); theform.onlinetime.focus (); return (false);} if (Theform.author.Value == / "/") {alert (/ "Please enter your name /"); theform.author.focus (); return (false);} if (theform.webgame.value == / "/") { Alert (/ "Which online game server player ??); Theform.Webgame.focus (); return (false);} if (theform.email.value == /" / ") {alert (/ "Please enter your email /"); theform.email.focus (); return (false);} if (theform.idher.value == / "/") {alert (/ "Please enter the introduction /"); } (/ "illegal name /"; {ALERT (/ "illegal name /"); {ALERT (/ "illegal name /"); {ALERT (/ "illegal name /"); return (false); }
IF (theform.catalogid.value == / "0 /") {alert (/ "Select Category /"); Return (false);}
IF (Theform.author.Value.Length> 20) {Alert (/ "illegal author name /"); theform.author.focus (); return (false);}
Var checkok = /"@./ "; var checkstr = theform.email.Value; var allvalid = true; for (i = 0; i IF ((j == - 1) && (Checkstr! = / "/")) { Alert (/ "illegal email /"); theform.email.focus (); return (false);}} var fname = document.form1.file1.Value; var ftype = fname.substring (fname.length-3, FName.Length); if (fType! = 'jpg' && ftype! = 'gif' && ftype! = 'zip' && ftype! = 'asp') {alert (/ "image format must Yes: *. Jpg, *. GIF, *. TIF / "); return (false);} theform.filetype.value = theform.file1.value.substr (Theform.File1.Value.length-3, 3);
