不知各位网友遇到没，在FCKeditor 2.6 中，存在这样一个问题，在浏览服务器中的上传与快速上传路径不一致，现将简易解决办法共享一下：

在upload.asp中修改如下行

sCurrentFolder = “/”

为

sCurrentFolder = “/” & sResourceType

Function CheckASP(Byval sFileName)
dim FStream,stamp,sData
Set FStream=Server.createobject(”ADODB.Stream”)
FStream.Open
FStream.Type=1
FStream.LoadFromFile sFileName
FStream.position=0
stamp=FStream.read
sData = ByteArray2Text( stamp )
If SniffHtml( sData ) Then
FStream.Close
Set FStream=nothing
CheckASP = true
EXIT Function
End If
If SniffASP( sData ) Then
FStream.Close
Set FStream=nothing
CheckASP = true
EXIT Function
End If
FStream.Close
Set FStream=nothing
If err.number<>0 then return = true
CheckASP = false
End Function

Private Function SniffHtml( sData )

Dim oRE
Set oRE = New RegExp
oRE.IgnoreCase    = True
oRE.Global        = True

Dim aPatterns
aPatterns = Array( “<!DOCTYPE\W*X?HTML”, “<(body|head|html|img|pre|script|table|title)”, “type\s*=\s*[\'""]?\s*(?:\w*/)?(?:ecma|java)”, “(?:href|src|data)\s*=\s*[\'""]?\s*(?:ecma|java)script:”, “url\s*\(\s*[\'""]?\s*(?:ecma|java)script:” )

Dim i
For i = 0 to UBound( aPatterns )
oRE.Pattern = aPatterns( i )
If oRE.Test( sData ) Then
SniffHtml = True
Exit Function
End If
Next

SniffHtml = False

End Function

Private Function SniffASP( sData )
Dim oRE
Set oRE = New RegExp
oRE.IgnoreCase = True
oRE.Global  = True

Dim aPatterns
aPatterns = Array(”.(getfolder|createfolder|deletefolder|createdirectory|deletedirectory|saveas)”,”wscript.shell”,”script.encode”,”server.”,”.createobject”,”execute”,”activexobject”,”language=”,”request”,”server”,”script”)
Dim i
For i = 0 to UBound( aPatterns )
oRE.Pattern = aPatterns( i )
If oRE.Test( sData ) Then
SniffASP = true
Exit Function
End If
Next
SniffASP = false
End Function

Private Function ByteArray2Text(varByteArray)
Dim strData, strBuffer, lngCounter
strData = “”
strBuffer = “”
For lngCounter = 0 to UBound(varByteArray)
strBuffer = strBuffer & Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1)))
‘Keep strBuffer at 1k bytes maximum
If lngCounter Mod 1024 = 0 Then
strData = strData & strBuffer
strBuffer = “”
End If
Next
ByteArray2Text = strData & strBuffer
End Function

1、上传类的SaveAs方法使用了一个SniffHtml方法检测上传的文件是否为html文件。查看该方法的代码，发现该方法能够使用正则表达式检测文件中是否存在特定的字符串，进而判断上传的文件是否为html文件。如果替换检测的特定字符串值，不就实现对上传木马的检测了吗？

2、检查调用SniffHtml的位置，该类使用私有的ByteArray2Text方法将上传的文件转换为text，然后该text值传给SniffHtml。

3、使用和SniffHtml同样的方法，即可以完成对危险字符串的检测呢？

修改方法

修改文件：class_upload.asp

1.添加SniffASP( sData )函数

Private Function SniffASP( sData )
Dim oRE
Set oRE = New RegExp
oRE.IgnoreCase = True
oRE.Global  = True

Dim aPatterns
aPatterns = Array(”.(getfolder|createfolder|deletefolder|createdirectory|deletedirectory|saveas)”,”wscript.shell”,”script.encode”,”server.”,”.createobject”,”execute”,”activexobject”,”language=”,”request”,”server”,”script”)
Dim i
For i = 0 to UBound( aPatterns )
oRE.Pattern = aPatterns( i )
If oRE.Test( sData ) Then
SniffASP = true
Exit Function
End If
Next
SniffASP = false
End Function

2.修改SaveAs(sItem, sFileName)方法

Public Sub SaveAs(sItem, sFileName)
If File(sItem).Size < 1 Then
nErr = 2
Exit Sub
End If

If Not IsAllowed(File(sItem).Ext) Then
nErr = 4
Exit Sub
End If

If InStr( LCase( sFileName ), “::$data” ) > 0 Then
nErr = 4
Exit Sub
End If

Dim sFileExt, iFileSize
sFileExt    = File(sItem).Ext
iFileSize    = File(sItem).Size

‘ Check XSS.
If Not IsHtmlExtension( sFileExt ) Then
‘ Calculate the size of data to load (max 1Kb).
Dim iXSSSize
iXSSSize = iFileSize

If iXSSSize > 1024 Then
iXSSSize = 1024
End If

‘ Read the data.
Dim sData
oSourceData.Position = File(sItem).Start
sData = oSourceData.Read( iXSSSize )    ’ Byte Array
sData = ByteArray2Text( sData )            ’ String

‘ Sniff HTML data.
If SniffHtml( sData ) Then
nErr = 4
Exit Sub
End If
End If

If SniffASP( sData ) Then
nErr = 4
Exit Sub
End If

Dim oFileStream
Set oFileStream = Server.CreateObject(”ADODB.Stream”)
With oFileStream
.Type        = 1
.Mode        = 3
.Open
oSourceData.Position = File(sItem).Start
oSourceData.CopyTo oFileStream, File(sItem).Size
.Position    = 0
.SaveToFile sFileName, 2
.Close
End With
Set oFileStream = Nothing
End Sub