我有路徑操作問題。下面的代碼放在ASPx頁面的Page_load方法中+ VB

Question

If Request.QueryString("ID") = "" Then 
       folderDirectory = Global.FileUpload.GetFolderDirectory(Request.QueryString("TFID")) 

       If Not File.Exists(folderDirectory + fileName) Then 
        If Not Directory.Exists(folderDirectory) Then 
         Directory.CreateDirectory(folderDirectory) 
        End If 

        Dim bufferSize As Integer = Me.fileUpload.PostedFile.ContentLength 
        Dim buffer As Byte() = New Byte(bufferSize) {} 
        ' write the byte to disk 
        Using fs As New FileStream(Path.Combine(folderDirectory, fileName), FileMode.Create) 
         Dim bytes As Integer = Me.fileUpload.PostedFile.InputStream.Read(buffer, 0, bufferSize) 
         ' write the bytes to the file stream 
         fs.Write(buffer, 0, bytes) 
        End Using 
       Else 
        CallOnComplete("error", "", "Error uploading '" & fileName & "'. File has been exists!") 
        Exit Sub 
       End If 

但是上面的示例代碼的Fortify掃描報告顯示Path Manipulation問題一樣高。我需要幫助來修改上面的代碼，以便它可以通過強化掃描 它顯示我在文件夾中的錯誤目錄

Answer 1

通常，當您的代碼在Web應用程序內工作時，您沒有權利使用完整的文件系統作爲你在你的本地電腦上做。任何一種'路徑操縱'都是可疑的。 您應該嘗試使用Server.MapPath方法重新編碼您的作品。 要特別注意此警告

For security reasons, the AspEnableParentPaths property has a default value set to FALSE. 
Scripts will not have access to the physical directory structure unless AspEnableParentPaths 
is set to TRUE.