There are times when it's nice to have a full blown development environment like
Visual Studio to mangage your site with, but there are also times when a simple little
web app fits the bill perfectly. That's the idea behind the code in this article.
Adding a tool like this to your site's administration area can really be a godsend when
you're on the road and need to make a change. Sometimes it's the little things that
really make your day.
The User Interface
The user interface is as bare-bones as I could make it and consists of a TextBox for
the filename, two buttons, and a text area where you can edit the file's contents.
The code involved is just as simple. Aside from some very simplistic error handling,
there are really only two lines of code -- one for each button!
So without any further delay, here's the code listing:
<%@ Page Language="VB" ValidateRequest="false" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
Protected Sub btnLoadFile_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Try txtFileText.Text = File.ReadAllText(Server.MapPath(txtFileName.Text))
Catch ex As Exception
Response.Write("Error: You probably specified a file that doesn't exist!")
Protected Sub btnSaveFile_Click(ByVal sender As Object, ByVal e As System.EventArgs) File.WriteAllText(Server.MapPath(txtFileName.Text), txtFileText.Text)
<form id="myForm" runat="server">
Filename: <asp:TextBox ID="txtFileName" runat="server" />
<asp:Button ID="btnLoadFile" runat="server" Text="Load File"
<asp:Button ID="btnSaveFile" runat="server" Text="Save File"
<asp:TextBox ID="txtFileText" runat="server"
You'll notice I've highlighted three things in red. The second and third are
the two lines of code that do the real work. They read the file's contents from
the server's file system and write the changed text back to the file when we're
done editing it. The other highlighted section is the ValidateRequest property.
Since the point of this script is to edit HTML and ASP.NET files, we need to tell
.NET that it's alright that we'll be posting some scary looking data via the the form.
By setting ValidateRequest to false, we tell ASP.NET not to examine input from
the browser for dangerous values.
Using the Script
While it's extremely simple, there are a couple things of which you should be aware.
As simple as this script it, it is just as dangerous. While the user will need
NTFS permissions to write to any files they wish to edit via this script, that's
the only level of control. There are no confirmation dialog boxes or file system
browsing capabilities. The script doesn't care if you spell something wrong and is
perfectly happy to overwrite any file within your Web site with no warning at all.
The script also makes no distinction between text and binary files -- despite the
fact that it is only designed to handle plain text. This means that while opening
an image file with it may be amusing, clicking the "Save File" button
will destroy the file... so don't do it.
Which brings up another point... any file you can reference from your site, can probably be
accessed via the script. This includes things in virtual directories, parent folders
(using ..), etc.
Creating a File
Creating a file is as simple as typing a name in the "Filename:" textbox, typing the file
contents into the text area, and clicking the "Save File" button. That's it.
Copying a File
Type the path to the file you want to copy into the "Filename:" textbox and
click the "Load File" button. This will load the file's contents into the textarea.
Now simply change the file name in the text box and click the "Save File" button.
Deleting a File
While it's simple to overwrite a file, as it stands the script offers no way to
delete a file altogether.
Okay, so it's not the most exciting script around, but you never know when
something like this will come in handy. Sure you've got Visual Studio on your
laptop (which you never leave home without), but what happens when your laptop
dies? When things get tough and you find yourself at a Kinko's in the middle
of the night with nothing but a Web browser, a tool like this isn't such a
bad thing to have in your arsenal. Just make sure you use it carefully.