function delfiledir($delfiles) { $delfiles = stripslashes($delfiles); $delfiles = str_replace("../", "", $delfiles); $delfiles = str_replace("./", "", $delfiles); $delfiles = "../" . $delfiles; $p_delfiles = path_tidy($delfiles); if ($p_delfiles != $delfiles) { die; } if (is_file($delfiles)) { @unlink($delfiles); } else { $dh = @opendir($delfiles); while ($file = @readdir($dh)) { if ($file != "." && $file != "..") { $fullpath = $delfiles . "/" . $file; if (@is_dir($fullpath)) { delfiledir($fullpath); } else { @unlink($fullpath); } } } @closedir($dh); if (@rmdir($delfiles)) { return true; } else { return false; } } }
function save_action() { extract($_POST); $value = "`name`='" . $name . "',"; if ($url && $is_type == 1) { $url = stripslashes($url); $url = str_replace("../", "", $url); $url = str_replace("./", "", $url); $p_delfiles = path_tidy($url); if ($p_delfiles != $url) { $this->ACT_layer_msg("无效的文件名!", 8, $_SERVER['HTTP_REFERER']); } $urlArr = explode('/', $url); foreach ($urlArr as $v) { if (!preg_match("/^[" . chr(0xa1) . "-" . chr(0xff) . " |a-z|0-9|A-Z|\\@\\.\\_\\]\\[\\!]+\$/", $v) && $v != '') { $this->ACT_layer_msg("无效的文件名!", 8, $_SERVER['HTTP_REFERER']); } } $urlarr = explode(".", $url); if (end($urlarr) != "html") { $this->ACT_layer_msg("请正确填写静态网页名称!", 8, $_SERVER['HTTP_REFERER']); } if (substr($url, 0, 1) == "/") { $url = substr($url, 1); } } $value .= "`nid`='{$nid}',"; $value .= "`url`='{$url}',"; $value .= "`title`='{$title}',"; $value .= "`keyword`='{$keyword}',"; $value .= "`descs`='{$description}',"; $value .= "`top_tpl`='{$top_tpl}',"; $value .= "`top_tpl_dir`='{$top_tpl_dir}',"; $value .= "`footer_tpl`='{$footer_tpl}',"; $value .= "`footer_tpl_dir`='{$footer_tpl_dir}',"; $value .= "`ctime`='" . mktime() . "',"; $value .= "`sort`='{$sort}',"; $value .= "`is_nav`='{$is_nav}',"; $value .= "`is_type`='{$is_type}',"; $content = str_replace(array("&", "background-color:#ffffff", "background-color:#fff", "white-space:nowrap;"), array("&", '', '', ''), html_entity_decode($_POST["content"], ENT_QUOTES, "GB2312")); $value .= "`content`='" . $content . "'"; if (!$id) { $descid = $this->obj->DB_insert_once("description", $value); $ids = $descid; $alert = "添加"; } else { $row = $this->obj->DB_select_once("description", "`id`='{$id}'"); if ($row['is_menu'] == "1") { $url = str_replace("amp;", "", $url); $values = "`url`='" . $url . "',"; $values .= "`furl`='" . $url . "',"; $values .= "`name`='" . $name . "'"; $this->obj->DB_update_all("navigation", $values, "`desc`='" . $id . "'"); $this->menu_cache_action(); } $descid = $this->obj->DB_update_all("description", $value, "`id`='{$id}'"); $ids = $id; $alert = "更新"; } if ($descid) { $this->cache_action(); if ($is_type == 1) { $this->descriptionshow($ids, $url); } $this->ACT_layer_msg("独立页面(ID:" . $ids . ")" . $alert . "成功!", 9, "index.php?m=description", 2, 1); } else { $this->ACT_layer_msg($alert . "失败!", 8, $_SERVER['HTTP_REFERER']); } }