function copy_attach($ATTACHMENT_ID, $ATTACHMENT_NAME, $MODULE_SRC = "", $MODULE_DESC = "") { global $ATTACH_PATH; global $ATTACH_PATH2; if (stristr($ATTACHMENT_ID, "/") || stristr($ATTACHMENT_ID, "\\") || stristr($ATTACHMENT_NAME, "/") || stristr($ATTACHMENT_NAME, "\\")) { message("错误", "参数含有非法字符。"); exit; } if ($MODULE_SRC == "") { $MODULE_SRC = attach_sub_dir(); } if ($MODULE_DESC == "") { $MODULE_DESC = attach_sub_dir(); } $YM_NEW = date("ym", time()); $PATH_NEW = $ATTACH_PATH2 . $MODULE_DESC; if (!file_exists($PATH_NEW)) { mkdir($PATH_NEW, 448); } $PATH_NEW = $PATH_NEW . "/" . $YM_NEW; if (!file_exists($PATH_NEW)) { mkdir($PATH_NEW, 448); } $ATTACHMENT_ID_ARRAY = explode(",", $ATTACHMENT_ID); $ATTACHMENT_NAME_ARRAY = explode("*", $ATTACHMENT_NAME); $I = 0; for (; $I < count($ATTACHMENT_ID_ARRAY); ++$I) { if (!($ATTACHMENT_ID_ARRAY[$I] == "")) { if (strstr($ATTACHMENT_ID_ARRAY[$I], "_")) { $YM = substr($ATTACHMENT_ID_ARRAY[$I], 0, strpos($ATTACHMENT_ID_ARRAY[$I], "_")); $PATH = $ATTACH_PATH2 . $MODULE_SRC . "/" . $YM; $ATTACHMENT_ID = substr($ATTACHMENT_ID_ARRAY[$I], strpos($ATTACHMENT_ID_ARRAY[$I], "_") + 1); if (strstr($ATTACHMENT_ID, ".")) { $ATTACHMENT_ID = substr($ATTACHMENT_ID, 0, strpos($ATTACHMENT_ID, ".")); } $FILENAME = $PATH . "/" . $ATTACHMENT_ID . "." . $ATTACHMENT_NAME_ARRAY[$I]; if (!file_exists($FILENAME)) { $ATTACHMENT_ID = attach_id_decode($ATTACHMENT_ID, $ATTACHMENT_NAME_ARRAY[$I]); $FILENAME = $PATH . "/" . $ATTACHMENT_ID . "." . $ATTACHMENT_NAME_ARRAY[$I]; } $SIGN_KEY = attach_id_encode($ATTACHMENT_ID, $ATTACHMENT_NAME_ARRAY[$I]); } else { $ATTACHMENT_ID = $ATTACHMENT_ID_ARRAY[$I]; $PATH = $ATTACH_PATH . $ATTACHMENT_ID; $FILENAME = $PATH . "/" . $ATTACHMENT_NAME_ARRAY[$I]; if (!file_exists($FILENAME)) { $ATTACHMENT_ID = attach_id_decode($ATTACHMENT_ID_ARRAY[$I], $ATTACHMENT_NAME_ARRAY[$I]); $PATH = $ATTACH_PATH . $ATTACHMENT_ID; $FILENAME = $PATH . "/" . $ATTACHMENT_NAME_ARRAY[$I]; } $SIGN_KEY = $ATTACHMENT_ID * 3 + 2; } if (strstr($ATTACHMENT_ID_ARRAY[$I], ".")) { $SIGN_KEY = substr($ATTACHMENT_ID_ARRAY[$I], strpos($ATTACHMENT_ID_ARRAY[$I], ".") + 1); } $ATTACHMENT_ID_NEW = mt_rand(); $FILENAME_NEW = $PATH_NEW . "/" . $ATTACHMENT_ID_NEW . "." . $ATTACHMENT_NAME_ARRAY[$I]; if (file_exists($FILENAME_NEW)) { $ATTACHMENT_ID_NEW = mt_rand(); $FILENAME_NEW = $PATH_NEW . "/" . $ATTACHMENT_ID_NEW . "." . $ATTACHMENT_NAME_ARRAY[$I]; } if (is_office($ATTACHMENT_NAME_ARRAY[$I])) { $ATTACHMENT_ID_STR .= $YM_NEW . "_" . $ATTACHMENT_ID_NEW . "." . $SIGN_KEY . ","; } else { $ATTACHMENT_ID_STR .= $YM_NEW . "_" . $ATTACHMENT_ID_NEW . ","; } if (file_exists($FILENAME)) { @copy($FILENAME, $FILENAME_NEW); } } } return substr($ATTACHMENT_ID_STR, 0, -1); }
include_once "../../config.inc.php"; include_once "utility_file.php"; //?MODULE=TDLIB&YM=1103&ATTACHMENT_ID=113270745&ATTACHMENT_NAME=0000.jpg $MODULE = $_GET['MODULE']; $YM = $_GET['YM']; $ATTACHMENT_ID = $_GET['ATTACHMENT_ID']; $ATTACHMENT_NAME = $_GET['ATTACHMENT_NAME']; $FB_STR1 = urldecode($ATTACHMENT_NAME); if (strstr($FB_STR1, "/") || strstr($FB_STR1, "\\")) { exit; } if ($ATTACH_PATH2 == '') { $ATTACH_PATH2 = ROOT_DIR . substr($_SERVER['SCRIPT_NAME'], 1, strpos($_SERVER['SCRIPT_NAME'], $MODULE) - 1); } $ATTACHMENT_ID_OLD = $ATTACHMENT_ID; $ATTACHMENT_ID = attach_id_decode($ATTACHMENT_ID, $ATTACHMENT_NAME); $MYOA_ATTACHMENT_NAME = $ATTACHMENT_NAME; if ($MODULE != "" && $YM != "") { $URL = $ATTACH_PATH2 . $MODULE . "/attachment/" . $YM . "/" . $ATTACHMENT_ID . "." . $ATTACHMENT_NAME; } else { $URL = $ATTACH_PATH . $ATTACHMENT_ID . "/" . $ATTACHMENT_NAME; } if (!file_exists($URL)) { if ($MODULE == "" && $YM == "") { $ATTACHMENT_ID = ($ATTACHMENT_ID_OLD - 2) / 3; $URL = $ATTACH_PATH . $ATTACHMENT_ID . "/" . $ATTACHMENT_NAME; if (!file_exists($URL)) { require_once 'function_system.php'; page_css("抱歉,您所访问的文件不存在,可能已经被删除或转移,请联系OA管理员。"); echo "文件名:" . $MYOA_ATTACHMENT_NAME . "<br>抱歉,您所访问的文件不存在,可能已经被删除或转移,请联系OA管理员。<br>"; button_back();