PHP helper_security Beispiele

Beispiel #1

Datei: edit.php Projekt: druphliu/dzzoffice

    $icoid = intval($_GET['icoid']);
    $icoarr = C::t('icos')->fetch_by_icoid($icoid);
    if (!perm_check::checkperm('edit', $icoarr)) {
        showmessage('no_privilege', dreferer());
    }
    //桌面上的文档 $area=='' && $areaid=0;
    //项目内文档  $area=='project' && $areaid==$pjid;
    $area = $_GET['area'] == 'folder' ? '' : trim($_GET['area']);
    $areaid = $_GET['area'] == 'folder' ? 0 : trim($_GET['areaid']);
    $new = intval($_GET['newversion']);
    $autosave = intval($_GET['autosave']);
    if ($autosave) {
        $new = 0;
    }
    //存储文档内容到文本文件内
    $_GET['message'] = helper_security::checkhtml($_GET['message']);
    $message = str_replace(array("\r\n", "\r", "\n"), "", $_GET['message']);
    //去除换行
    if (!($attach = getTxtAttachByMd5($message, $icoarr['name'] . '.dzzdoc'))) {
        showmessage('保存文档错误，请检查您的磁盘是否有足够空间或写入权限', dreferer());
    }
    //获取文档内附件
    $attachs = getAidsByMessage($message);
    $setarr = array('uid' => $_G['uid'], 'username' => $_G['username'], 'aid' => $attach['aid'], 'did' => $did);
    if (!($did = C::t('document')->insert($setarr, $attachs, $area, $areaid, $new))) {
        showmessage('保存文档错误，请检查您数据库是否正常');
    }
    $return = array('did' => $did, 'autosave' => $autosave, 'icoid' => dzzencode($icoid));
    showmessage('do_success', dreferer(), array('data' => rawurlencode(json_encode($return))), array('showmsg' => true));
} else {
    $navtitle = '';

Beispiel #2

Datei: edit.php Projekt: druphliu/dzzoffice

	echo "<script type=\"text/javascript\">";
	echo "try{top._login.logging();}catch(e){}";
	echo "try{win.Close();}catch(e){}";
	echo "</script>";	
	include template('common/footer_reload');
	exit('<a href="user.php?mod=logging&action=login">需要登录</a>');
}*/
if (submitcheck('edit')) {
    $news = $_GET['news'];
    $news['subject'] = getstr($news['subject'], 80);
    if (empty($news['subject'])) {
        showmessage('信息标题不能为空', dreferer(), array('data' => rawurlencode(json_encode(array('error' => '信息标题不能为空')))), array('showmsg' => true));
    }
    if ($news['type'] == 0) {
        //文本内容时
        $news['content'] = helper_security::checkhtml($news['content']);
        //str_replace(array("\r\n", "\r", "\n"), "",$_GET['message']); //去除换行
        //获取文档内附件
        $news['attachs'] = implode(',', getAidsByMessage($news['content']));
        //unset($news['url']); //删除链接地址
    } elseif ($news['type'] == 1) {
        //图片内容时
        $pics = array();
        $newpics = array();
        foreach ($_GET['picnew']['aid'] as $key => $aid) {
            $newpics[] = array('aid' => $aid, 'title' => $_GET['picnew']['title'][$key], 'dateline' => TIMESTAMP);
        }
        $pics = $_GET['pic'];
    } elseif ($news['type'] == 2) {
        //超链接内容
    }