/** * @brief showAttachment 防盗链显示、下载附件 * * @param $params 参数 * * @return void */ public function showAttachment($params) { $meta = new MetaLibrary(); $meta->setType(3); $meta->setMID($params['mid']); if (!($m = $meta->getMeta())) { Response::error(404); return; } $m = $m[0]; // 判断 referer 防盗链 $referer = Request::S('HTTP_REFERER', 'string'); if ($referer) { $referer = parse_url($referer); $host = parse_url(OptionLibrary::get('domain')); if (LogX::getDomain($referer['host']) != LogX::getDomain($host['host'])) { Response::error(403); exit; } } $m['alias'] = LOGX_FILE . $m['alias']; // 通过判断getimagesize取出的图片信息是否存在类型标记和色彩位深来防止伪造。 $isimage = false; if (stristr($m['description'], 'image')) { if (function_exists('getimagesize')) { $imginfo = @getimagesize($m['alias']); if (isset($imginfo[2]) && isset($imginfo['bits'])) { $isimage = true; } unset($imginfo); } else { $isimage = true; } } // 附件读取形式,inline直接读取,attachment下载到本地 $disposition = $isimage ? 'inline' : 'attachment'; // 统计附件下载次数 if ($disposition == 'attachment') { $meta->incReply($params['mid']); } $m['description'] = $m['description'] ? $m['description'] : 'application/octet-stream'; if (is_readable($m['alias'])) { @ob_end_clean(); if ($disposition == 'inline') { Response::setExpire(60 * 24 * 365); } header('content-Encoding: none'); header('content-type: ' . $m['description']); header('content-Disposition: ' . $disposition . '; filename=' . urlencode($m['name'])); header('content-Length: ' . abs(filesize($m['alias']))); $fp = @fopen($m['alias'], 'rb'); @fpassthru($fp); @fclose($fp); exit; } else { Response::error(404); } }