/** * @brief showAttachment 防盗链显示、下载附件 * * @param $params 参数 * * @return void */ public function showAttachment($params) { $meta = new MetaLibrary(); $meta->setType(3); $meta->setMID($params['mid']); if (!($m = $meta->getMeta())) { Response::error(404); return; } $m = $m[0]; // 判断 referer 防盗链 $referer = Request::S('HTTP_REFERER', 'string'); if ($referer) { $referer = parse_url($referer); $host = parse_url(OptionLibrary::get('domain')); if (LogX::getDomain($referer['host']) != LogX::getDomain($host['host'])) { Response::error(403); exit; } } $m['alias'] = LOGX_FILE . $m['alias']; // 通过判断getimagesize取出的图片信息是否存在类型标记和色彩位深来防止伪造。 $isimage = false; if (stristr($m['description'], 'image')) { if (function_exists('getimagesize')) { $imginfo = @getimagesize($m['alias']); if (isset($imginfo[2]) && isset($imginfo['bits'])) { $isimage = true; } unset($imginfo); } else { $isimage = true; } } // 附件读取形式,inline直接读取,attachment下载到本地 $disposition = $isimage ? 'inline' : 'attachment'; // 统计附件下载次数 if ($disposition == 'attachment') { $meta->incReply($params['mid']); } $m['description'] = $m['description'] ? $m['description'] : 'application/octet-stream'; if (is_readable($m['alias'])) { @ob_end_clean(); if ($disposition == 'inline') { Response::setExpire(60 * 24 * 365); } header('content-Encoding: none'); header('content-type: ' . $m['description']); header('content-Disposition: ' . $disposition . '; filename=' . urlencode($m['name'])); header('content-Length: ' . abs(filesize($m['alias']))); $fp = @fopen($m['alias'], 'rb'); @fpassthru($fp); @fclose($fp); exit; } else { Response::error(404); } }
?> </a></dt> <dd id="tabTagAdd" style="display: <?php if (!Request::G('page')) { ?> block<?php } else { ?> none<?php } ?> ; "> <?php if ($mid = Request::G('mid')) { $meta = new MetaLibrary(); $meta->setMID($mid); $m = $meta->getMeta(); $m = $m[0]; ?> <form action="<?php path(array('do' => 'editTag'), 'AdminDo'); ?> " method="post" name="add_tag" id="add-tag"> <ul id="add-post-option"> <li> <label for="add-tag-title" class="add-post-label"><?php _e('Name'); ?> </label> <p><input type="text" id="add-tag-title" name="name" value="<?php echo $m['name'];
/** * @brief postPath 输出文章路径 * * @return void */ public function postPath() { // 检查是否有文章 if (!$this->postHave()) { return; } $path = $this->postTitle(0, FALSE); $meta = new MetaLibrary(); $meta->setType(1); $meta->setPID($this->postID(FALSE)); $metas = $meta->getMeta(); $me = isset($metas[0]['mid']) ? $metas[0]['mid'] : 0; $m = isset($metas[0]) ? $metas[0] : array(); $meta->setPID(0); while ($me) { $path = '<a href="' . Router::patch('Category', array('alias' => $m['alias'])) . '">' . $m['name'] . '</a> » ' . $path; if ($m['parent'] == 0) { break; } $meta->setMID($m['parent']); $metas = $meta->getMeta(); $me = isset($metas[0]['mid']) ? $metas[0]['mid'] : 0; $m = isset($metas[0]) ? $metas[0] : array(); } $path = '<a href="' . LOGX_PATH . '">' . OptionLibrary::get('title') . '</a> » ' . $path; echo $path; }