/** * @brief showAttachment 防盗链显示、下载附件 * * @param $params 参数 * * @return void */ public function showAttachment($params) { $meta = new MetaLibrary(); $meta->setType(3); $meta->setMID($params['mid']); if (!($m = $meta->getMeta())) { Response::error(404); return; } $m = $m[0]; // 判断 referer 防盗链 $referer = Request::S('HTTP_REFERER', 'string'); if ($referer) { $referer = parse_url($referer); $host = parse_url(OptionLibrary::get('domain')); if (LogX::getDomain($referer['host']) != LogX::getDomain($host['host'])) { Response::error(403); exit; } } $m['alias'] = LOGX_FILE . $m['alias']; // 通过判断getimagesize取出的图片信息是否存在类型标记和色彩位深来防止伪造。 $isimage = false; if (stristr($m['description'], 'image')) { if (function_exists('getimagesize')) { $imginfo = @getimagesize($m['alias']); if (isset($imginfo[2]) && isset($imginfo['bits'])) { $isimage = true; } unset($imginfo); } else { $isimage = true; } } // 附件读取形式,inline直接读取,attachment下载到本地 $disposition = $isimage ? 'inline' : 'attachment'; // 统计附件下载次数 if ($disposition == 'attachment') { $meta->incReply($params['mid']); } $m['description'] = $m['description'] ? $m['description'] : 'application/octet-stream'; if (is_readable($m['alias'])) { @ob_end_clean(); if ($disposition == 'inline') { Response::setExpire(60 * 24 * 365); } header('content-Encoding: none'); header('content-type: ' . $m['description']); header('content-Disposition: ' . $disposition . '; filename=' . urlencode($m['name'])); header('content-Length: ' . abs(filesize($m['alias']))); $fp = @fopen($m['alias'], 'rb'); @fpassthru($fp); @fclose($fp); exit; } else { Response::error(404); } }
</ul> </li> <li> <label class="add-post-label"><?php _e('Attachment'); ?> </label> <a href="#" onclick="uploadPanel(); return false;" style="font-size:12px;"><?php _e('Upload'); ?> </a> <ul class="clearfix" id="fsUpload"> <?php $meta = new MetaLibrary(); $meta->setType(3); $meta->setPID(1000000000); $attachments = $meta->getMeta(); foreach ($attachments as $c) { ?> <li class="multiline"><label for="attach-<?php echo $c['mid']; ?> "><?php echo $c['name']; ?> </label><a href="#" onclick="insertToEditor('<?php path(array('mid' => $c['mid']), 'Attachment'); ?> ','<?php echo $c['description']; ?> ','<?php
</th> <th><?php _e('Alias'); ?> </th> <th class="radius-topright"><?php _e('Reply'); ?> </th> </tr> </thead> <tbody> <?php $meta = new MetaLibrary(); $meta->setType(2); $categories = $meta->getMeta(); $i = 0; foreach ($categories as $c) { ?> <tr<?php if ($i % 2 == 0) { ?> class="even"<?php } ?> id="tag-<?php echo $c['mid']; ?> "> <td><input type="checkbox" value="<?php echo $c['mid'];
/** * @brief deletePost 删除一篇文章 * * @return void */ public function deletePost() { $pid = Request::P('pid'); // 删除文章 $post = new PostLibrary(); $post->deletePost($pid); // 删除 Meta 关系 $meta = new MetaLibrary(); $meta->setPID($pid); $metas = $meta->getMeta(); foreach ($metas as $m) { if ($m['type'] == 1 || $m['type'] == 2) { $meta->delRelation($m['mid'], $pid); } elseif ($m['type'] == 3) { $meta->movRelation($m['mid'], $pid, 1000000000); } } // 删除评论 $comment = new CommentLibrary(); $comment->deleteComments($pid); $r = array('success' => TRUE); Response::ajaxReturn($r); }
/** * @brief editPostDo 编辑文章 * * @return void */ private function editPostDo() { // 验证用户权限 // 非管理员只能编辑自己的文章 // 如果原文章属于多个分类,那么编辑者必须拥有所有从属分类的权限 // 如果原文章不属于任何一个分类(正常情况下不会出现),那么任何人均可以编辑该文章 if (!Widget::getWidget('User')->isAdmin()) { $pid = Request::P('pid'); $meta = new MetaLibrary(); $meta->setPID($pid); $meta->setType(1); $metas = $meta->getMeta(FALSE); foreach ($metas as $m) { if (!Widget::getWidget('User')->checkPrivilege('POST', $m['mid'])) { Response::ajaxReturn(array('success' => FALSE, 'message' => _t('Permission denied.'))); return; } } } Widget::initWidget('Post'); Widget::getWidget('Post')->editPost(); }