/**
* @brief showAttachment 防盗链显示、下载附件
*
* @param $params 参数
*
* @return void
*/
public function showAttachment($params)
{
$meta = new MetaLibrary();
$meta->setType(3);
$meta->setMID($params['mid']);
if (!($m = $meta->getMeta())) {
Response::error(404);
return;
}
$m = $m[0];
// 判断 referer 防盗链
$referer = Request::S('HTTP_REFERER', 'string');
if ($referer) {
$referer = parse_url($referer);
$host = parse_url(OptionLibrary::get('domain'));
if (LogX::getDomain($referer['host']) != LogX::getDomain($host['host'])) {
Response::error(403);
exit;
}
}
$m['alias'] = LOGX_FILE . $m['alias'];
// 通过判断getimagesize取出的图片信息是否存在类型标记和色彩位深来防止伪造。
$isimage = false;
if (stristr($m['description'], 'image')) {
if (function_exists('getimagesize')) {
$imginfo = @getimagesize($m['alias']);
if (isset($imginfo[2]) && isset($imginfo['bits'])) {
$isimage = true;
}
unset($imginfo);
} else {
$isimage = true;
}
}
// 附件读取形式,inline直接读取,attachment下载到本地
$disposition = $isimage ? 'inline' : 'attachment';
// 统计附件下载次数
if ($disposition == 'attachment') {
$meta->incReply($params['mid']);
}
$m['description'] = $m['description'] ? $m['description'] : 'application/octet-stream';
if (is_readable($m['alias'])) {
@ob_end_clean();
if ($disposition == 'inline') {
Response::setExpire(60 * 24 * 365);
}
header('content-Encoding: none');
header('content-type: ' . $m['description']);
header('content-Disposition: ' . $disposition . '; filename=' . urlencode($m['name']));
header('content-Length: ' . abs(filesize($m['alias'])));
$fp = @fopen($m['alias'], 'rb');
@fpassthru($fp);
@fclose($fp);
exit;
} else {
Response::error(404);
}
}
</ul>
</li>
<li>
<label class="add-post-label"><?php
_e('Attachment');
?>
</label> <a href="#" onclick="uploadPanel(); return false;" style="font-size:12px;"><?php
_e('Upload');
?>
</a>
<ul class="clearfix" id="fsUpload">
<?php
$meta = new MetaLibrary();
$meta->setType(3);
$meta->setPID(1000000000);
$attachments = $meta->getMeta();
foreach ($attachments as $c) {
?>
<li class="multiline"><label for="attach-<?php
echo $c['mid'];
?>
"><?php
echo $c['name'];
?>
</label><a href="#" onclick="insertToEditor('<?php
path(array('mid' => $c['mid']), 'Attachment');
?>
','<?php
echo $c['description'];
?>
','<?php
</th>
<th><?php
_e('Alias');
?>
</th>
<th class="radius-topright"><?php
_e('Reply');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$meta = new MetaLibrary();
$meta->setType(2);
$categories = $meta->getMeta();
$i = 0;
foreach ($categories as $c) {
?>
<tr<?php
if ($i % 2 == 0) {
?>
class="even"<?php
}
?>
id="tag-<?php
echo $c['mid'];
?>
">
<td><input type="checkbox" value="<?php
echo $c['mid'];
/**
* @brief deletePost 删除一篇文章
*
* @return void
*/
public function deletePost()
{
$pid = Request::P('pid');
// 删除文章
$post = new PostLibrary();
$post->deletePost($pid);
// 删除 Meta 关系
$meta = new MetaLibrary();
$meta->setPID($pid);
$metas = $meta->getMeta();
foreach ($metas as $m) {
if ($m['type'] == 1 || $m['type'] == 2) {
$meta->delRelation($m['mid'], $pid);
} elseif ($m['type'] == 3) {
$meta->movRelation($m['mid'], $pid, 1000000000);
}
}
// 删除评论
$comment = new CommentLibrary();
$comment->deleteComments($pid);
$r = array('success' => TRUE);
Response::ajaxReturn($r);
}
/**
* @brief editPostDo 编辑文章
*
* @return void
*/
private function editPostDo()
{
// 验证用户权限
// 非管理员只能编辑自己的文章
// 如果原文章属于多个分类,那么编辑者必须拥有所有从属分类的权限
// 如果原文章不属于任何一个分类(正常情况下不会出现),那么任何人均可以编辑该文章
if (!Widget::getWidget('User')->isAdmin()) {
$pid = Request::P('pid');
$meta = new MetaLibrary();
$meta->setPID($pid);
$meta->setType(1);
$metas = $meta->getMeta(FALSE);
foreach ($metas as $m) {
if (!Widget::getWidget('User')->checkPrivilege('POST', $m['mid'])) {
Response::ajaxReturn(array('success' => FALSE, 'message' => _t('Permission denied.')));
return;
}
}
}
Widget::initWidget('Post');
Widget::getWidget('Post')->editPost();
}
