file object

hello again

here is the full source code, i dont use ADO only FileSystemObject

hope that it will help t find the problem

thanks

 

<%
if isAdmin then

    set fsObject = Server.CreateObject("Scripting.FileSystemObject")
   
     p_drive = Request.querystring("p_drive")

     if p_drive = "" then
%>
          <H1>Choose a Drive</H1>

<%          for each driveObj in fsObject.Drives
%>              
<A HREF="importstart.asp?p_drive=<%Response.Write driveObj.DriveLetter%>">

              <%=driveObj.driveLetter%>
               </A><BR>
<%          next
     else
%>
         <h1H1>Choose a Directory</h1H1>
          <a href<A HREF="importstart.asp">Top Level</a></A><P>
    
<%          set driveObj = fsObject.getDrive(p_drive)

             p_folder = Request.querystring("p_folder")
          if p_folder = "" then
               set FolderObj = driveObj.RootFolder
          else
               set FolderObj = fsObject.getFolder(p_folder)
          end if

%>          <h3>Folders</h3>

<%          for each subFolderObj in FolderObj.subFolders
               p_subFolder = Server.URLEncode(subFolderObj.Path)
%>         
<A HREF="importstart.asp?p_drive=<%    & nbsp;         & nbsp; Response.Write p_drive%>&p_folder=<%      ;           ; Response.Write p_subFolder%>">
                 <%=subFolderObj.path%>
           </A><BR>
<%          next

%>          <h3>Files</h3>

<%          for each fileObj in FolderObj.Files
               p_file = fileObj.Name
               p_full_path = Server.URLEncode(p_folder & "\" & p_file)
%>               <A HREF="importfile.asp?p_full_path=<%=p_full_path%>">
                   <%=FileObj.Name%>
               </A><BR>
<%          next
                
          set FolderObj = Nothing
          set driveObj = Nothing

     end if
       
     set fsObject = Nothing
else

    response.wResponse.Write "You do not have access to this page."

end if
%>

 

thanks

 

 

I use xp pro

i do have norton anti virus

how do i know if my server is open to the public?

thanks

hello again

just want to say tahanks the anti virus was making the trouble

thanks alot

 

zMaestro wrote: can Norton make such a trouble? or this is a benifit for security reasons?, cuz by this way any user upload this file to a server he can see all the files on the drive.

I'm not sure if Symantec has done this on purpose or not, but it is absolutely unnecessary..

zMaestro wrote: Yes I uploaded a file like this and i was able to see all the files and folders on the hard disk drive, like the root and program files, although some other users' folders I wasn't able to browse for secutiry permission, but i was allowed to navigate through all the other files on the drive, opening even .asp files and viewing its code.

FSO is a security threat if permissions is incorrectly set up on the server.. but with most hosts this is not a problem..
It is possible to VIEW files in the Program files, windows etc folders, but not upload/delete (write) and it's not possible to do anything with folders with explicit permissions for selected users, like folders in the documents and settings folder and users' www/ftp folders