コード例 #1
0
 /**
  * @brief showAttachment 防盗链显示、下载附件
  *
  * @param $params 参数
  *
  * @return void
  */
 public function showAttachment($params)
 {
     $meta = new MetaLibrary();
     $meta->setType(3);
     $meta->setMID($params['mid']);
     if (!($m = $meta->getMeta())) {
         Response::error(404);
         return;
     }
     $m = $m[0];
     // 判断 referer 防盗链
     $referer = Request::S('HTTP_REFERER', 'string');
     if ($referer) {
         $referer = parse_url($referer);
         $host = parse_url(OptionLibrary::get('domain'));
         if (LogX::getDomain($referer['host']) != LogX::getDomain($host['host'])) {
             Response::error(403);
             exit;
         }
     }
     $m['alias'] = LOGX_FILE . $m['alias'];
     // 通过判断getimagesize取出的图片信息是否存在类型标记和色彩位深来防止伪造。
     $isimage = false;
     if (stristr($m['description'], 'image')) {
         if (function_exists('getimagesize')) {
             $imginfo = @getimagesize($m['alias']);
             if (isset($imginfo[2]) && isset($imginfo['bits'])) {
                 $isimage = true;
             }
             unset($imginfo);
         } else {
             $isimage = true;
         }
     }
     // 附件读取形式,inline直接读取,attachment下载到本地
     $disposition = $isimage ? 'inline' : 'attachment';
     // 统计附件下载次数
     if ($disposition == 'attachment') {
         $meta->incReply($params['mid']);
     }
     $m['description'] = $m['description'] ? $m['description'] : 'application/octet-stream';
     if (is_readable($m['alias'])) {
         @ob_end_clean();
         if ($disposition == 'inline') {
             Response::setExpire(60 * 24 * 365);
         }
         header('content-Encoding: none');
         header('content-type: ' . $m['description']);
         header('content-Disposition: ' . $disposition . '; filename=' . urlencode($m['name']));
         header('content-Length: ' . abs(filesize($m['alias'])));
         $fp = @fopen($m['alias'], 'rb');
         @fpassthru($fp);
         @fclose($fp);
         exit;
     } else {
         Response::error(404);
     }
 }
コード例 #2
0
    ?>
</label></li>
					</ul>
				</li>
				<li>
					<label class="add-post-label"><?php 
    _e('Attachment');
    ?>
</label> <a href="#" onclick="uploadPanel(); return false;" style="font-size:12px;"><?php 
    _e('Upload');
    ?>
</a>
					<ul class="clearfix" id="fsUpload">
					<?php 
    $meta = new MetaLibrary();
    $meta->setType(3);
    $meta->setPID(1000000000);
    $attachments = $meta->getMeta();
    foreach ($attachments as $c) {
        ?>
						<li class="multiline"><label for="attach-<?php 
        echo $c['mid'];
        ?>
"><?php 
        echo $c['name'];
        ?>
</label><a href="#" onclick="insertToEditor('<?php 
        path(array('mid' => $c['mid']), 'Attachment');
        ?>
','<?php 
        echo $c['description'];
コード例 #3
0
?>
</th>
					<th><?php 
_e('Alias');
?>
</th>
					<th class="radius-topright"><?php 
_e('Reply');
?>
</th>
				</tr>
			</thead>
			<tbody>
			<?php 
$meta = new MetaLibrary();
$meta->setType(2);
$categories = $meta->getMeta();
$i = 0;
foreach ($categories as $c) {
    ?>
				<tr<?php 
    if ($i % 2 == 0) {
        ?>
 class="even"<?php 
    }
    ?>
 id="tag-<?php 
    echo $c['mid'];
    ?>
">
					<td><input type="checkbox" value="<?php 
コード例 #4
0
 /**
  * @brief editPost 编辑一篇文章
  *
  * @return void
  */
 public function editPost()
 {
     $p = array();
     $p['pid'] = Request::P('pid');
     $p['title'] = htmlspecialchars(Request::P('title', 'string'));
     $p['content'] = Request::P('content', 'string');
     $p['category'] = Request::P('category', 'array');
     if (!$p['pid'] || !$p['title'] || !$p['content'] || count($p['category']) == 1 && !$p['category'][0]) {
         $r = array('success' => FALSE, 'message' => _t('Title, Content and Category can not be null.'));
         Response::ajaxReturn($r);
         return;
     }
     $p['allow_reply'] = Request::P('allowComment') ? 1 : 0;
     $p['top'] = Request::P('top') ? 1 : 0;
     $p['alias'] = '';
     $p['status'] = 1;
     // 编辑文章
     $post = new PostLibrary();
     $meta = new MetaLibrary();
     $post->editPost($p);
     // 删除原有的分类与标签
     $meta->setPID($p['pid']);
     $metas = $meta->getMeta(FALSE);
     foreach ($metas as $m) {
         if ($m['type'] == 1 || $m['type'] == 2) {
             $meta->delRelation($m['mid'], $p['pid']);
         }
     }
     $meta->setPID(0);
     // 处理分类
     foreach ($p['category'] as $c) {
         $meta->addRelation($c, $p['pid']);
     }
     // 处理标签
     if ($p['tags'] = Request::P('tags', 'string')) {
         $p['tags'] = str_replace(array(' ', ',', '、'), ',', $p['tags']);
         $p['tags'] = explode(',', $p['tags']);
         $meta->setType(2);
         foreach ($p['tags'] as $tag) {
             $meta->setName($tag);
             $t = $meta->getMeta();
             if (!$t) {
                 $t = $meta->addMeta(array('type' => 2, 'name' => $tag));
             } else {
                 $t = $t[0]['mid'];
             }
             $meta->addRelation($t, $p['pid']);
         }
     }
     // 处理新附件
     $meta = new MetaLibrary();
     $meta->setType(3);
     $meta->setPID(1000000000);
     $attachments = $meta->getMeta();
     foreach ($attachments as $a) {
         $meta->movRelation($a['mid'], 1000000000, $p['pid']);
     }
     $r = array('success' => TRUE, 'message' => _t('Edit post success.'));
     Response::ajaxReturn($r);
 }
コード例 #5
0
 /**
  * @brief editPostDo 编辑文章
  *
  * @return void
  */
 private function editPostDo()
 {
     // 验证用户权限
     // 非管理员只能编辑自己的文章
     // 如果原文章属于多个分类,那么编辑者必须拥有所有从属分类的权限
     // 如果原文章不属于任何一个分类(正常情况下不会出现),那么任何人均可以编辑该文章
     if (!Widget::getWidget('User')->isAdmin()) {
         $pid = Request::P('pid');
         $meta = new MetaLibrary();
         $meta->setPID($pid);
         $meta->setType(1);
         $metas = $meta->getMeta(FALSE);
         foreach ($metas as $m) {
             if (!Widget::getWidget('User')->checkPrivilege('POST', $m['mid'])) {
                 Response::ajaxReturn(array('success' => FALSE, 'message' => _t('Permission denied.')));
                 return;
             }
         }
     }
     Widget::initWidget('Post');
     Widget::getWidget('Post')->editPost();
 }
コード例 #6
0
 /**
  * @brief editPage 编辑页面
  *
  * @return void
  */
 public function editPage()
 {
     $p = array();
     $p['pid'] = Request::P('pid');
     $p['title'] = Request::P('title', 'string');
     $p['alias'] = Request::P('alias', 'string');
     $p['content'] = Request::P('content', 'string');
     if (!$p['pid'] || !$p['title'] || !$p['content'] || !$p['alias']) {
         $r = array('success' => FALSE, 'message' => _t('Title, Content and Alias can not be null.'));
         Response::ajaxReturn($r);
         return;
     }
     $p['allow_reply'] = Request::P('allowComment') ? 1 : 0;
     $p['top'] = 0;
     $p['status'] = 1;
     $post = new PostLibrary();
     // 检查别名是否重复
     if (($pid = $post->getPage($p['alias'])) && $pid['pid'] != $p['pid']) {
         $r = array('success' => FALSE, 'message' => _t('Alias already exists.'));
         Response::ajaxReturn($r);
         return;
     }
     // 写入页面
     $post->editPost($p);
     // 处理新附件
     $meta = new MetaLibrary();
     $meta->setType(3);
     $meta->setPID(1000000000);
     $attachments = $meta->getMeta();
     foreach ($attachments as $a) {
         $meta->movRelation($a['mid'], 1000000000, $p['pid']);
     }
     $r = array('success' => TRUE, 'message' => _t('Edit page success.'));
     Response::ajaxReturn($r);
 }
コード例 #7
0
?>
</th>
					<th><?php 
_e('Alias');
?>
</th>
					<th class="radius-topright"><?php 
_e('Reply');
?>
</th>
				</tr>
			</thead>
			<tbody>
			<?php 
$meta = new MetaLibrary();
$meta->setType(1);
$categories = $meta->getMeta();
$i = 0;
foreach ($categories as $c) {
    showItem($i, $c);
}
function showItem(&$i, $c, $pn = '')
{
    ?>
				<tr<?php 
    if ($i % 2 == 0) {
        ?>
 class="even"<?php 
    }
    ?>
 id="category-<?php