private function _init_input()
{
if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
die('request is invalid');
}
if ($_GET) {
if ((true === IN_JISHIGOU_MOBILE || true === IN_JISHIGOU_AJAX) && 'utf-8' != $this->var['charset']) {
$_GET = array_iconv('utf-8', $this->var['charset'], $_GET);
}
$_GET = jaddslashes($_GET);
}
if ($_POST) {
if ((true === IN_JISHIGOU_MOBILE || true === IN_JISHIGOU_AJAX) && 'utf-8' != $this->var['charset']) {
$_POST = array_iconv('utf-8', $this->var['charset'], $_POST);
}
$_POST = jaddslashes($_POST);
}
$_COOKIE = jaddslashes($_COOKIE);
}
function Attach()
{
$item = $this->Get['aitem'];
$itemid = max(0, (int) $this->Get['aitemid']);
$this->_init_auth();
$field = 'topic';
if (empty($_FILES) || !$_FILES[$field]['name']) {
$this->_attach_error('FILES is empty');
}
$_FILES[$field]['name'] = get_safe_code($_FILES[$field]['name']);
$_FILES[$field]['name'] = jaddslashes($_FILES[$field]['name']);
$uid = jget('topic_uid', 'int') > 0 ? jget('topic_uid', 'int') : MEMBER_ID;
$username = jget('topic_uid', 'int') > 0 ? '' : MEMBER_NICKNAME;
$category = '';
if (jget('attch_category') > 0) {
$category = jlogic('attach_category')->get_attacht_cat(jget('attch_category'));
}
$attach_id = $this->AttachLogic->add($uid, $username, $item, $itemid, $category);
if (jget('attch_category') > 0) {
$this->auto_add_weibo($attach_id, $_FILES[$field]['name']);
}
if ($attach_id < 1) {
$this->_attach_error('write database is invalid');
}
$this->AttachLogic->clear_invalid();
$attach_size = min(is_numeric($this->Config['attach_size_limit']) ? $this->Config['attach_size_limit'] : 1024, 51200);
$attach_path = RELATIVE_ROOT_PATH . 'data/attachs/' . $field . '/' . face_path($attach_id);
$attach_type = strtolower(end(explode('.', $_FILES[$field]['name'])));
$attach_name = $attach_id . '.' . $attach_type;
$attach_file = $attach_path . $attach_name;
if (!is_dir($attach_path)) {
jio()->MakeDir($attach_path);
}
jupload()->init($attach_path, $field, false, true);
jupload()->setMaxSize($attach_size);
jupload()->setNewName($attach_name);
$ret = jupload()->doUpload();
if ($ret) {
$ret = true;
}
if (!$ret) {
jio()->DeleteFile($attach_file);
$this->DatabaseHandler->Query("delete from " . TABLE_PREFIX . "topic_attach where `id`='{$attach_id}'");
$rets = jupload()->getError();
$ret = $rets ? implode(" ", (array) $rets) : 'attach file is invalid';
$this->_attach_error($ret);
}
$attach_size = filesize($attach_file);
$site_url = '';
if ($this->Config['ftp_on']) {
$ftp_key = randgetftp();
$get_ftps = jconf::get('ftp');
$site_url = $get_ftps[$ftp_key]['attachurl'];
$ftp_result = ftpcmd('upload', $attach_file, '', $ftp_key);
if ($ftp_result > 0) {
jio()->DeleteFile($attach_file);
}
}
$name = addslashes($_FILES[$field]['name']);
$p = array('id' => $attach_id, 'site_url' => $site_url, 'file' => $attach_file, 'name' => $name, 'filetype' => $attach_type, 'filesize' => $attach_size);
$this->AttachLogic->modify($p);
update_credits_by_action('attach_add', $uid);
$retval = array('id' => $attach_id, 'src' => 'images/filetype/' . $attach_type . '.gif', 'name' => $name);
$this->_attach_result('ok', $retval);
}
function array_iconv($in_charset, $out_charset, $array, $addsl = 0)
{
if ($array && strtoupper($in_charset) != strtoupper($out_charset) && (function_exists('mb_convert_encoding') || function_exists('iconv'))) {
if (is_array($array)) {
foreach ($array as $key => $val) {
$key = lconv($in_charset, $out_charset, $key);
$array[$key] = array_iconv($in_charset, $out_charset, $val);
}
} else {
$array = lconv($in_charset, $out_charset, $array);
}
if ($addsl) {
$array = jaddslashes($array);
}
}
return $array;
}