Now we get into the good stuff. This example uses a file streaming component to give a more full-featured experience.
Security features include a "ceiling" to keep users within the desired directory structure, as well as a file size limit (set by a property in SA File-Up, or your preferred upload component).
Try it here. Download it here (~8kb).
Updates:
6/28/2002: Another security hole patched
A path check was missing from docOpen.asp, letting users climb into other folders accessible to the anonymous web user account; this has now been corrected (thanks, Gluck, for bringing this to my attention).
3/16/2002: Security hole patched
In previous versions, users could climb above the administrator-defined "ceiling" by using the "../" switch in the URL. This is now precluded by an additional security check.
12/31/2001: v1.3 -- Filtering capability
Keep crucial files away from prying eyes; filter by file extension with a simple delimited list. Filter by inclusion (hide specific files) or exclusion (hide all but specific files).
Directory filtering by leading character is supported as well.
9/12/2000: The source code is here!
Simply extract the zip file into the desired folder under your web root -- remembering to check the "Use Folder Names" option -- and change the necessary variables at the top of browser.asp. Then start browsing! Remember if you're going to use the Delete function that you should be *very* careful with the ceiling you give your users.
Stay tuned for future enhancements...
