<%@ Language="VBScript" %> <% Response.Buffer = True ' Slides folder path (UNC) Const SLIDES_FOLDER = "\\tsgwp00525.rd.ds.ge.com\shared\dt\tv" ' Get filename from querystring Dim filename, filepath, fso, ext filename = Request.QueryString("file") ' Validate filename - no path traversal If InStr(filename, "..") > 0 Or InStr(filename, "/") > 0 Or InStr(filename, "\") > 0 Or filename = "" Then Response.Status = "400 Bad Request" Response.End End If filepath = SLIDES_FOLDER & "\" & filename Set fso = Server.CreateObject("Scripting.FileSystemObject") ' Check file exists If Not fso.FileExists(filepath) Then Response.Status = "404 Not Found" Set fso = Nothing Response.End End If ' Get extension and set content type ext = LCase(fso.GetExtensionName(filename)) Select Case ext Case "jpg", "jpeg" Response.ContentType = "image/jpeg" Case "png" Response.ContentType = "image/png" Case "gif" Response.ContentType = "image/gif" Case "bmp" Response.ContentType = "image/bmp" Case "webp" Response.ContentType = "image/webp" Case Else Response.Status = "415 Unsupported Media Type" Set fso = Nothing Response.End End Select Set fso = Nothing ' Read and serve the file Dim stream Set stream = Server.CreateObject("ADODB.Stream") stream.Type = 1 ' Binary stream.Open stream.LoadFromFile filepath Response.BinaryWrite stream.Read stream.Close Set stream = Nothing %>