<%@ WebHandler Language="C#" Class="getFile_m" Debug="true" %> using System; using System.Collections.Generic; using System.Web; using System.Data; using System.Data.Common; using System.Web.SessionState; using System.Text; using eMIS; using System.Collections; using System.IO; public class getFile_m : IHttpHandler, IRequiresSessionState { public void ProcessRequest (HttpContext context) { string filepath = context.Request.QueryString["filepath"].ToString(); string wwwroot = context.Request.ApplicationPath; if (wwwroot == "/") wwwroot = ""; DataManager dm = new DataManager(); if(filepath.Contains(":")) { string[] a=filepath.Split(':'); FileLogInfo file =FileDownloadManager.Md5ToFile(dm,a[0]); string path = wwwroot+file.WebPath; //context.Response.Write(path); //context.Response.End(); string fileName = HttpUtility.UrlEncode(file.FileName); fileName = fileName.Replace("+", "%20"); context.Response.ContentType = "application/octet-stream"; context.Response.AddHeader("Content-Disposition", "attachment; filename=" + fileName); context.Response.TransmitFile(path); } } public bool SecurityCheck(string wwwroot,string filepath) { // if(!checkPath(filepath)) // context.Response.End(); int lastDot = filepath.LastIndexOf("."); return filepath.ToLower().Substring(wwwroot.Length,11)=="/app_files/" && !filepath.Contains("../"); } public bool IsReusable { get { return false; } } }