/**
* @brief showAttachment 防盗链显示、下载附件
*
* @param $params 参数
*
* @return void
*/
public function showAttachment($params)
{
$meta = new MetaLibrary();
$meta->setType(3);
$meta->setMID($params['mid']);
if (!($m = $meta->getMeta())) {
Response::error(404);
return;
}
$m = $m[0];
// 判断 referer 防盗链
$referer = Request::S('HTTP_REFERER', 'string');
if ($referer) {
$referer = parse_url($referer);
$host = parse_url(OptionLibrary::get('domain'));
if (LogX::getDomain($referer['host']) != LogX::getDomain($host['host'])) {
Response::error(403);
exit;
}
}
$m['alias'] = LOGX_FILE . $m['alias'];
// 通过判断getimagesize取出的图片信息是否存在类型标记和色彩位深来防止伪造。
$isimage = false;
if (stristr($m['description'], 'image')) {
if (function_exists('getimagesize')) {
$imginfo = @getimagesize($m['alias']);
if (isset($imginfo[2]) && isset($imginfo['bits'])) {
$isimage = true;
}
unset($imginfo);
} else {
$isimage = true;
}
}
// 附件读取形式,inline直接读取,attachment下载到本地
$disposition = $isimage ? 'inline' : 'attachment';
// 统计附件下载次数
if ($disposition == 'attachment') {
$meta->incReply($params['mid']);
}
$m['description'] = $m['description'] ? $m['description'] : 'application/octet-stream';
if (is_readable($m['alias'])) {
@ob_end_clean();
if ($disposition == 'inline') {
Response::setExpire(60 * 24 * 365);
}
header('content-Encoding: none');
header('content-type: ' . $m['description']);
header('content-Disposition: ' . $disposition . '; filename=' . urlencode($m['name']));
header('content-Length: ' . abs(filesize($m['alias'])));
$fp = @fopen($m['alias'], 'rb');
@fpassthru($fp);
@fclose($fp);
exit;
} else {
Response::error(404);
}
}
?>
</label></li>
</ul>
</li>
<li>
<label class="add-post-label"><?php
_e('Attachment');
?>
</label> <a href="#" onclick="uploadPanel(); return false;" style="font-size:12px;"><?php
_e('Upload');
?>
</a>
<ul class="clearfix" id="fsUpload">
<?php
$meta = new MetaLibrary();
$meta->setType(3);
$meta->setPID(1000000000);
$attachments = $meta->getMeta();
foreach ($attachments as $c) {
?>
<li class="multiline"><label for="attach-<?php
echo $c['mid'];
?>
"><?php
echo $c['name'];
?>
</label><a href="#" onclick="insertToEditor('<?php
path(array('mid' => $c['mid']), 'Attachment');
?>
','<?php
echo $c['description'];
?>
</th>
<th><?php
_e('Alias');
?>
</th>
<th class="radius-topright"><?php
_e('Reply');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$meta = new MetaLibrary();
$meta->setType(2);
$categories = $meta->getMeta();
$i = 0;
foreach ($categories as $c) {
?>
<tr<?php
if ($i % 2 == 0) {
?>
class="even"<?php
}
?>
id="tag-<?php
echo $c['mid'];
?>
">
<td><input type="checkbox" value="<?php
/**
* @brief editPost 编辑一篇文章
*
* @return void
*/
public function editPost()
{
$p = array();
$p['pid'] = Request::P('pid');
$p['title'] = htmlspecialchars(Request::P('title', 'string'));
$p['content'] = Request::P('content', 'string');
$p['category'] = Request::P('category', 'array');
if (!$p['pid'] || !$p['title'] || !$p['content'] || count($p['category']) == 1 && !$p['category'][0]) {
$r = array('success' => FALSE, 'message' => _t('Title, Content and Category can not be null.'));
Response::ajaxReturn($r);
return;
}
$p['allow_reply'] = Request::P('allowComment') ? 1 : 0;
$p['top'] = Request::P('top') ? 1 : 0;
$p['alias'] = '';
$p['status'] = 1;
// 编辑文章
$post = new PostLibrary();
$meta = new MetaLibrary();
$post->editPost($p);
// 删除原有的分类与标签
$meta->setPID($p['pid']);
$metas = $meta->getMeta(FALSE);
foreach ($metas as $m) {
if ($m['type'] == 1 || $m['type'] == 2) {
$meta->delRelation($m['mid'], $p['pid']);
}
}
$meta->setPID(0);
// 处理分类
foreach ($p['category'] as $c) {
$meta->addRelation($c, $p['pid']);
}
// 处理标签
if ($p['tags'] = Request::P('tags', 'string')) {
$p['tags'] = str_replace(array(' ', ',', '、'), ',', $p['tags']);
$p['tags'] = explode(',', $p['tags']);
$meta->setType(2);
foreach ($p['tags'] as $tag) {
$meta->setName($tag);
$t = $meta->getMeta();
if (!$t) {
$t = $meta->addMeta(array('type' => 2, 'name' => $tag));
} else {
$t = $t[0]['mid'];
}
$meta->addRelation($t, $p['pid']);
}
}
// 处理新附件
$meta = new MetaLibrary();
$meta->setType(3);
$meta->setPID(1000000000);
$attachments = $meta->getMeta();
foreach ($attachments as $a) {
$meta->movRelation($a['mid'], 1000000000, $p['pid']);
}
$r = array('success' => TRUE, 'message' => _t('Edit post success.'));
Response::ajaxReturn($r);
}
/**
* @brief editPostDo 编辑文章
*
* @return void
*/
private function editPostDo()
{
// 验证用户权限
// 非管理员只能编辑自己的文章
// 如果原文章属于多个分类,那么编辑者必须拥有所有从属分类的权限
// 如果原文章不属于任何一个分类(正常情况下不会出现),那么任何人均可以编辑该文章
if (!Widget::getWidget('User')->isAdmin()) {
$pid = Request::P('pid');
$meta = new MetaLibrary();
$meta->setPID($pid);
$meta->setType(1);
$metas = $meta->getMeta(FALSE);
foreach ($metas as $m) {
if (!Widget::getWidget('User')->checkPrivilege('POST', $m['mid'])) {
Response::ajaxReturn(array('success' => FALSE, 'message' => _t('Permission denied.')));
return;
}
}
}
Widget::initWidget('Post');
Widget::getWidget('Post')->editPost();
}
/**
* @brief editPage 编辑页面
*
* @return void
*/
public function editPage()
{
$p = array();
$p['pid'] = Request::P('pid');
$p['title'] = Request::P('title', 'string');
$p['alias'] = Request::P('alias', 'string');
$p['content'] = Request::P('content', 'string');
if (!$p['pid'] || !$p['title'] || !$p['content'] || !$p['alias']) {
$r = array('success' => FALSE, 'message' => _t('Title, Content and Alias can not be null.'));
Response::ajaxReturn($r);
return;
}
$p['allow_reply'] = Request::P('allowComment') ? 1 : 0;
$p['top'] = 0;
$p['status'] = 1;
$post = new PostLibrary();
// 检查别名是否重复
if (($pid = $post->getPage($p['alias'])) && $pid['pid'] != $p['pid']) {
$r = array('success' => FALSE, 'message' => _t('Alias already exists.'));
Response::ajaxReturn($r);
return;
}
// 写入页面
$post->editPost($p);
// 处理新附件
$meta = new MetaLibrary();
$meta->setType(3);
$meta->setPID(1000000000);
$attachments = $meta->getMeta();
foreach ($attachments as $a) {
$meta->movRelation($a['mid'], 1000000000, $p['pid']);
}
$r = array('success' => TRUE, 'message' => _t('Edit page success.'));
Response::ajaxReturn($r);
}
?>
</th>
<th><?php
_e('Alias');
?>
</th>
<th class="radius-topright"><?php
_e('Reply');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$meta = new MetaLibrary();
$meta->setType(1);
$categories = $meta->getMeta();
$i = 0;
foreach ($categories as $c) {
showItem($i, $c);
}
function showItem(&$i, $c, $pn = '')
{
?>
<tr<?php
if ($i % 2 == 0) {
?>
class="even"<?php
}
?>
id="category-<?php
