跨站提交保存图片

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="UpPicAddActivex.aspx.cs" Inherits="Home_Activeanment_UpPicAddActivex" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>无标题页</title>
    <link rel="stylesheet" type="text/css" href="/css/shengri.css" />
       <script>
     document.domain = 'omsoft.com';
    
    if(window.top.location == window.location)
    {
     window.location.href = '/home/default.aspx?add_show';
    }
     function $(e)
     {
    return document.getElementById(e);
     }
    
//===============================================
// 单个过滤
// 输入参数：

// s_Content : 要转换的数据字符串

// s_Filter : 要过滤掉的单个格式

//===============================================
function DecodeFilter(html, filter){
 switch(filter.toUpperCase()){
 case "JS_IFRAME":
  html = execRE("</?script[^>]*>", "", html);
  html = execRE("(javascript|jscript|vbscript|vbs):", "$1：", html);
  html = execRE("on(mouse|exit|error|click|key)", "<I>on$1</I>", html);
  html = execRE("&#", "<I>&#</I>", html);
  html = execRE("</?iframe[^>]*>", "", html);
  break;
 case "SCRIPT":  // 去除所有客户端脚本javascipt,vbscript,jscript,js,vbs,event,...
  html = execRE("</?script[^>]*>", "", html);
  html = execRE("(javascript|jscript|vbscript|vbs):", "$1：", html);
  html = execRE("on(mouse|exit|error|click|key)", "<I>on$1</I>", html);
  html = execRE("&#", "<I>&#</I>", html);
  break;
 case "TABLE":  // 去除表格<table><tr><td><th>
  html = execRE("</?table[^>]*>", "", html);
  html = execRE("</?tr[^>]*>", "", html);
  html = execRE("</?th[^>]*>", "", html);
  html = execRE("</?td[^>]*>", "", html);
  break;
 case "CLASS":  // 去除样式类class=""
  html = execRE("(<[^>]+) class=[^ |^>]*([^>]*>)", "$1 $2", html) ;
  break;
 case "STYLE":  // 去除样式style=""
  html = execRE("(<[^>]+) style=/"[^/"]*/"([^>]*>)", "$1 $2", html);
  break;
 case "XML":   // 去除XML<?xml>
  html = execRE("<//?xml[^>]*>", "", html);
  break;
 case "NAMESPACE": // 去除命名空间<o:p></o:p>
  html = execRE("<//?[a-z]+:[^>]*>", "", html);
  break;
 case "FONT":  // 去除字体<font></font>
  html = execRE("</?font[^>]*>", "", html);
  break;
 case "MARQUEE":  // 去除字幕<marquee></marquee>
  html = execRE("</?marquee[^>]*>", "", html);
  break;
 case "OBJECT":  // 去除对象<object><param><embed></object>
  html = execRE("</?object[^>]*>", "", html);
  html = execRE("</?param[^>]*>", "", html);
  html = execRE("</?embed[^>]*>", "", html);
  break;
 default:
 }
 return html;
}
// ============================================
// 执行正则表达式替换

// ============================================
function execRE(re, rp, content) {
 oReg = new RegExp(re, "ig");
 r = content.replace(oReg, rp);
 return r;
}

     function SaveData()
     {
    
        var html = window.frames["Editor"].document.frames["HtmlEditor"].document.getElementsByTagName("BODY")[0].innerHTML;
       
     if ( (html.toLowerCase() == "<p>&nbsp;</p>") || (html.toLowerCase() == "<p></p>") ){
      html = "";
     }
    
     var txtContent = $("Content");

     txtContent.value = DecodeFilter(html,"JS_IFRAME");
     
     if(Home_Activeanment_UpPicAddActivex.SaveContent(txtContent.value))
     {
      // alert(txtContent.value);
     }
    }
   
      function postImg()
      {
  var file=$("postedFile");

        var hidID = $("hidID");
       
  if(file.value.search(//.jpg|/.jpeg|/.gif|/.png$/i) == -1 && file.value!='')
  {
   alert("文件格式不正确");
   //DelImg(i);
   return false;
  }
  //alert("a");
  if(file.value=='')
  {
   alert('请选择一个图片');
      return false;
      }
  
     var btn = $("btnupload");

        var txtContent = $("Content");
       
        //document.writeln(txtContent.value);
       // return false;
     btn.value='正在上传...';
    
        btn.disabled = true;
//        if(Home_Activeanment_UpAddActivexPic.returntest())
//        {
//        alert(txtContent.value);
//        }
        if( Home_Activeanment_UpPicAddActivex.SaveContent(txtContent.value))
        {
            var returnUrl = escape('http://www.shengri.com/home/Activeanment/UpPicAddActivex.aspx?ID=<%=My.QueryString("ID") %>&');
           
         var form = $("form1");
        
         form.action = "http://img1.omsoft.com/photo_simple_upload.aspx?act=up&type=2&returnurl=" + returnUrl;
        
         form.submit();
        
          return true;

     }else
     {
          return false;
     }
 
   }

     parent.document.all.upImg.height = "<%=Session["PicRow"].ToString() %>";
    
</script>
</head>
<body>
    <form id="form1" runat="server">
 <table width="100%" cellpadding="0" cellspacing="0" border="0">
 <tr>
<td align="right">相关图片：</td>
<td align="left">
<asp:DropDownList ID="select_albumid" runat="server">
</asp:DropDownList>&nbsp;
<input id="postedFile" runat="server" type="file" />
<input id="btnupload" type="button" value="上传" onclick="postImg();" />
&nbsp;
<asp:Button ID="btnDelPic" runat="server" Text="删除" OnClick="btnDelPic_Click"  />
</td>
</tr>
<tr>
<td width="10%" align="right"></td>
<td align="left">
<asp:DataList ID="DlImage" RepeatColumns="5" runat="server">
<ItemTemplate>
<a href="http://<%# Eval("ServerName") %>.shengri.com/<%# Convert.ToDateTime(Eval("AddTime")).Year.ToString()%>/<%# Convert.ToDateTime(Eval("AddTime")).Month >  9 ? Convert.ToDateTime(Eval("AddTime")).Month.ToString() : "0" + Convert.ToDateTime(Eval("AddTime")).Month.ToString() %>/<%# Convert.ToDateTime(Eval("AddTime")).Day > 9 ? Convert.ToDateTime(Eval("AddTime")).Day.ToString() : "0" + Convert.ToDateTime(Eval("AddTime")).Day.ToString() %>/<%# Eval("Miniature")%>" target="_blank">
<img src="http://<%# Eval("ServerName") %>.shengri.com/<%# Convert.ToDateTime(Eval("AddTime")).Year.ToString()%>/<%# Convert.ToDateTime(Eval("AddTime")).Month >  9 ? Convert.ToDateTime(Eval("AddTime")).Month.ToString() : "0" + Convert.ToDateTime(Eval("AddTime")).Month.ToString() %>/<%# Convert.ToDateTime(Eval("AddTime")).Day > 9 ? Convert.ToDateTime(Eval("AddTime")).Day.ToString() : "0" + Convert.ToDateTime(Eval("AddTime")).Day.ToString() %>/<%# Eval("Miniature")%>" border="0" width="120px" height="120px"/>
</a><input id="checkbox" name="checkbox" type="checkbox" value="<%# Eval("ID") %>" />
</ItemTemplate>
</asp:DataList></td>
</tr>
<tr>
<td align="right" valign="top" style="height: 337px">详细介绍：</td>
<td align="left" style="height: 337px">
<iframe id="Editor" name="Editor" src="/HtmlEditor/index.html?ID=Content" onblur="SaveData()" frameborder="no" width="100%" scrolling="no" height="320"></iframe>
<span style="display:none;"><asp:TextBox ID="Content"  Width="0" runat="server" TextMode="MultiLine" Height="0" AutoPostBack="True" ></asp:TextBox></span>
</td>
</tr>
 </table>
    </form>
</body>
</html>
 

以上是asp.net页面

 

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Text;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Home_Activeanment_UpPicAddActivex : System.Web.UI.Page
{
    public DataTable PicTable;

    public static string PicAllID;

    public static string StrScript;

    StringBuilder strHref;

    DateTime myDateTime;

    SR.Main_SQLServerDAL.ToGetherPic myToGetherPic;

    SR.Main_SQLServerDAL.ActivexPic myActivexPic;

    SR.Main_SQLServerDAL.ToGether myToGether;

    SR.Main_Model.ToGether myToGetherModel;

    protected void Page_Load(object sender, EventArgs e)
    {
        AjaxPro.Utility.RegisterTypeForAjax(typeof(Home_Activeanment_UpPicAddActivex));

        if (!Page.IsPostBack)
        {
            int plID = My.QueryInt("pl", 0);

            // My.Alert(ID.ToString());
            if (plID != 0)
            {

                DataTable myPicTable;

                SR.Main_Model.ToGetherPic myToGetherPicModel;

                myToGetherPic = new SR.Main_SQLServerDAL.ToGetherPic();

                myActivexPic = new SR.Main_SQLServerDAL.ActivexPic();

                #region 获得上传的图片

            
                    myToGetherPicModel = new SR.Main_Model.ToGetherPic();

                    myToGetherPicModel.ToGetherID = ID;

                    myToGetherPicModel.PicID = plID;

                   // Response.Write("myToGetherPicModel.PicID=" + plID.ToString());

                   // Response.End();

                    if (myToGetherPic.Add(myToGetherPicModel) == 0)
                    {
                        My.Alert(this, "添加失败!");

                    }

                    myPicTable = myActivexPic.GetPicDetail(plID);

                    /////////////////////////////////////////
                   // Response.Write("Count=" + myPicTable.Rows.Count.ToString());

                    if (myPicTable.Rows.Count != 0)
                    {
                        strHref = new StringBuilder("<img  src=/"http://");

                        strHref.Append(myPicTable.Rows[0]["ServerName"].ToString());

                        strHref.Append(".shengri.com/");

                        myDateTime = Convert.ToDateTime(myPicTable.Rows[0]["AddTime"]);

                        strHref.Append(myDateTime.Year.ToString()).Append("/");

                        strHref.Append(myDateTime.Month > 9 ? myDateTime.Month.ToString() : "0" + myDateTime.Month.ToString()).Append("/");

                        strHref.Append(myDateTime.Day > 9 ? myDateTime.Day.ToString() : "0" + myDateTime.Day.ToString()).Append("/").Append(myPicTable.Rows[0]["Address"].ToString());

                        strHref.Append(" width=/"300/" height=/"300/" ");

                        strHref.Append("/" />");

                        //StrScript = strHref.ToString();
                        // Response.Write("Content=" + Content.Text);
                        Session["Content"] = Session["Content"].ToString() + "<br>" + strHref.ToString();

                        Content.Text = Session["Content"].ToString();

                        //Response.Write(Content.Text);
                    }

                   
                #endregion

            }
            //装载相册目录
            LoadImagePath();

            //装载图片
            LoadPic();

            //装载内容
            myToGether = new SR.Main_SQLServerDAL.ToGether();

            myToGetherModel = new SR.Main_Model.ToGether();

            myToGetherModel = myToGether.GetModel(ID);

            Content.Text = myToGetherModel.Content;

            Session["Content"] = Content.Text;

        }
    }

    private int ID
    {
        get
        {
            if (My.QueryString("ID","0") == "0")
            {
                return 0;
            }
            else
            {
                return Convert.ToInt32(My.QueryString("ID"));
            }

        }
    }

    #region 装载上传图片
    private void LoadPic()
    {
        myToGetherPic = new SR.Main_SQLServerDAL.ToGetherPic();

        myActivexPic = new SR.Main_SQLServerDAL.ActivexPic();

        PicTable = myActivexPic.GetActivexPic(ID);

        DlImage.DataSource = PicTable;

        DlImage.DataBind();

        if (PicTable.Rows.Count != 0)
        {
            if (PicTable.Rows.Count > 5)
            {
                Session["PicRow"] = "650px";
            }
            else
            {
                Session["PicRow"] = "500px";

            }
        }
        else
        {
            Session["PicRow"] = "450px";
        }
    }
    #endregion

    #region 删除缩略图

    protected void btnDelPic_Click(object sender, EventArgs e)
    {
        if (Request.Form["checkbox"] == null)
        {
            My.Alert(this, "请选择图片!");

            return;
        }

        string[] IsPicRadio = Request.Form["checkbox"].Split(',');

        myToGetherPic = new SR.Main_SQLServerDAL.ToGetherPic();

        myActivexPic = new SR.Main_SQLServerDAL.ActivexPic();

        PicTable = myActivexPic.GetActivexPic(ID);

        for (int i = 0; i < IsPicRadio.Length; i++)
        {

            for (int j = 0; j < PicTable.Rows.Count; j++)
            {
                if (IsPicRadio[i] == PicTable.Rows[j]["ID"].ToString())
                {

                    StringBuilder strBigPic = new StringBuilder("http://").Append(PicTable.Rows[j]["ServerName"].ToString());

                    myDateTime = Convert.ToDateTime(PicTable.Rows[j]["AddTime"]);

                    strBigPic.Append(".shengri.com/").Append(myDateTime.Year.ToString()).Append("/");

                    strBigPic.Append(myDateTime.Year > 9 ? myDateTime.Year.ToString() : "0" + myDateTime.Year.ToString()).Append("/");

                    strBigPic.Append(myDateTime.Month > 9 ? myDateTime.Month.ToString() : "0" + myDateTime.Month.ToString()).Append("/");

                    strBigPic.Append(myDateTime.Day > 9 ? myDateTime.Day.ToString() : "0" + myDateTime.Day.ToString()).Append("/");

                    strBigPic.Append(PicTable.Rows[j]["Miniature"].ToString());

                    Session["Content"] = Session["Content"].ToString().Replace(strBigPic.ToString(), "");

                    Content.Text = Session["Content"].ToString();

                    myToGetherPic.Delete(Convert.ToInt32(PicTable.Rows[j]["ID"]));

                }
            }
        }

        LoadPic();

    }
    #endregion

    #region 装载图片目录
    private void LoadImagePath()
    {

        SR.Lib.Photo.BLL.Catalog catalog = new SR.Lib.Photo.BLL.Catalog();

        select_albumid.DataSource = catalog.GetListInfo(My.UserName);

        select_albumid.DataTextField = "Name";

        select_albumid.DataValueField = "ID";

        select_albumid.DataBind();
    }
    #endregion

    #region 当要上传图片时保存数据到session里

    [AjaxPro.AjaxMethod]
    public bool SaveContent(String strContent)
    {
        Session["Content"] = strContent;

        //myToGether = new SR.Main_SQLServerDAL.ToGether();

        //myToGether.UpdateContent(ID,strContent);

        return true;
    }
    #endregion
}

上页的代码页