仍然是安全问题,如下: <%@ Page language="VB"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>cry</title> <script language="vb" runat="server"> Private Sub Page_Load(ByVal sender As System.Object,ByVal e As System.EventArgs) Handles MyBase.Load me.Button1.Attributes("onclick")="javascript:hidfile.click();return false;"//这里加上return false;就可以在file里得到选择的文件路径,但是会报错,如果去掉return false;就不会报错,但是无法得到选择文件的路径 End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Response.Write("12345") End Sub </script> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="VB"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> </HEAD> <body MS_POSITIONING="GridLayout"> <form id="Form1" method="post" runat="server"> <FONT face="宋体"><input type="file" onpropertychange="document.Form1.TextBox1.value=this.value;setTimeout('document.Form1.Button2.click();',0);" name="hidfile"> <br> <asp:TextBox id="TextBox1" runat="server"></asp:TextBox> <asp:Button id="Button1" runat="server" Text="Button" CausesValidation="False"></asp:Button> <asp:Button id="Button2" runat="server" Text="Button" style="visibility:hidden;" OnClick="Button2_Click"></asp:Button> </FONT> </form> </body> </HTML>
出于安全的考虑,<input type="file">控件是不给赋值的,如果你在局域网, 也就是说有足够的权限,可以试试用ActiveX componentsUsing XML to Improve File-Upload Processing http://www.15seconds.com/issue/010522.htm
加入Form1.submit();
在Form表单里如果有type="file"控件的话,浏览器不允许用客户端脚本自动提交表单,否则将抛出“拒绝访问”的异常,所以大概是没办法,也许是我不知道而已
用setTimeout("Form1.submit();", 1000);
来骗过浏览器, 让它不检查是不是文件, 就会提交 :)
这个测了一次, 倒是真的提交了<%@ Page language="VB"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>cry</title>
<script language="vb" runat="server">
Private Sub Page_Load(ByVal sender As System.Object,ByVal e As System.EventArgs) Handles MyBase.Load
me.Button1.Attributes("onclick")="javascript:hidfile.click();"
If Page.IsPostback then
response.write("Hello")
end if
End Sub
</script>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="VB">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
<script>
function run()
{
try
{
alert("a");
setTimeout("Form1.submit();", 1000);
alert("b");
}
catch(e)
{
alert("c");
}
}</script>
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<FONT face="宋体"><input type="file" onpropertychange="document.Form1.TextBox1.value=this.value;run();" name="hidfile" style="WIDTH: 1px; HEIGHT: 1px;visibility:hidden;">
<asp:TextBox id="TextBox1" runat="server"></asp:TextBox>
<asp:Button id="Button1" runat="server" Text="Button" CausesValidation="False"></asp:Button>
</FONT>
</form>
<div id="div1"></div>
</body>
</HTML>
<%@ Page language="VB"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>cry</title>
<script language="vb" runat="server">
Private Sub Page_Load(ByVal sender As System.Object,ByVal e As System.EventArgs) Handles MyBase.Load
me.Button1.Attributes("onclick")="javascript:hidfile.click();"
End Sub
</script>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="VB">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<FONT face="宋体"><input type="file" onpropertychange="document.Form1.TextBox1.value=this.value;setTimeout('Form1.submit();',0);" name="hidfile" style="WIDTH: 1px; HEIGHT: 1px;visibility:hidden;">
<asp:TextBox id="TextBox1" runat="server"></asp:TextBox>
<asp:Button id="Button1" runat="server" Text="Button" CausesValidation="False"></asp:Button>
</FONT>
</form>
</body>
</HTML>
//setTimeout("Form1.submit();",0);才是真正的骗过浏览器的安全策略脚本,因为延迟为0,所以跟直接提交的效果没什么两样
成功的让程序在选择文件后触发了另一个Button的click事件,我将上传的源程序写在了其中。
但是又出现了一个新的问题,Me.hidfile.PostedFile.FileName居然取不到,值为空字符串,不知道是什么回事,大家能帮我看一下吗?
上传的源程序: Dim strFileName As String If Me.hidfile.PostedFile Is Nothing Then
MessageBox.Show("No selected file!", "File Upload", MessageBoxButtons.OK, MessageBoxIcon.Information, MessageBoxDefaultButton.Button2, MessageBoxOptions.DefaultDesktopOnly)
Exit Sub
Else
Dim temp() As String = Split(Me.hidfile.PostedFile.FileName, "\")
strFileName = temp(temp.Length - 1) Try
hidfile.PostedFile.SaveAs(Server.MapPath("../FileUpload") + "\" + strFileName)
MessageBox.Show("File upload succeed!", "File Upload", MessageBoxButtons.OK, MessageBoxIcon.Information, MessageBoxDefaultButton.Button2, MessageBoxOptions.DefaultDesktopOnly)
Catch ex As Exception
MessageBox.Show("File upload failed!", "File Upload", MessageBoxButtons.OK, MessageBoxIcon.Information, MessageBoxDefaultButton.Button2, MessageBoxOptions.DefaultDesktopOnly)
Exit Sub
Finally
End Try
End If
<%@ Page language="VB"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>cry</title>
<script language="vb" runat="server">
Private Sub Page_Load(ByVal sender As System.Object,ByVal e As System.EventArgs) Handles MyBase.Load
me.Button1.Attributes("onclick")="javascript:hidfile.click();return false;"//这里加上return false;就可以在file里得到选择的文件路径,但是会报错,如果去掉return false;就不会报错,但是无法得到选择文件的路径
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
Response.Write("12345")
End Sub
</script>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="VB">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<FONT face="宋体"><input type="file" onpropertychange="document.Form1.TextBox1.value=this.value;setTimeout('document.Form1.Button2.click();',0);" name="hidfile">
<br>
<asp:TextBox id="TextBox1" runat="server"></asp:TextBox>
<asp:Button id="Button1" runat="server" Text="Button" CausesValidation="False"></asp:Button>
<asp:Button id="Button2" runat="server" Text="Button" style="visibility:hidden;" OnClick="Button2_Click"></asp:Button>
</FONT>
</form>
</body>
</HTML>
苏鸿的做法提示了我,为什么用一个 return false就可以得到路径呢,我隐约觉得还是脚本语言和aspx.vb这两套消息触发系统之间的消息传递问题,欢迎大家来讨论讨论。还有,我现在从textBox1中可以获得文件路径,能不能用文件流的方式将文件上传到服务器端?或者用文件流的方式将文件写入Me.hidFile.PostedFile.InputStream中,再上传?
http://study.mesky.net/infoView/Article_4996.html我也做了些测试,真是权限放开不了
它是调用了服务端的命令, 但根本没把文件传上去.net中把代码写在服务端进行调试, 在setTimeout执行提交时会提醒不能上传,而且跳出调试状态
<title>UploadTest</title>
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.0">
<meta name="CODE_LANGUAGE" content="Visual Basic 7.0">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
<script language="vb" runat="server">
Private Sub Page_Load(ByVal sender As System.Object,ByVal e As System.EventArgs) Handles MyBase.Load
me.Button1.Attributes("onclick")="hidFile.click();"
End Sub
</script>
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server" enctype="multipart/form-data">
<FONT face="MS UI Gothic">
<asp:TextBox id="TextBox1" style="Z-INDEX: 102; LEFT: 158px; POSITION: absolute; TOP: 104px" runat="server" AutoPostBack="true"></asp:TextBox>
<asp:Button id="btnHid" style="Z-INDEX: 101; LEFT: 299px; POSITION: absolute; TOP: 262px" runat="server" Text="Hid" CausesValidation="False" Height="23px" Width="59px"></asp:Button>
<asp:Button id="Button1" style="Z-INDEX: 103; LEFT: 313px; POSITION: absolute; TOP: 102px" runat="server" Text="Button" CausesValidation="False"></asp:Button>
<INPUT id="hidFile" type="file" lang="en-us" name="hidFile" runat="server" onpropertychange="document.Form1.TextBox1.value=this.value;setTimeout('document.Form1.btnHid.click();', 0);" autocomplete="on"></FONT>
也就是说有足够的权限,可以试试用ActiveX componentsUsing XML to Improve File-Upload Processing
http://www.15seconds.com/issue/010522.htm