/** * 执行sql */ public function actionExecute() { if (XUtils::method() == 'POST') { parent::_acl('database_query', array('response' => 'text')); parent::_configParams(array('action' => 'allowExecuteSql', 'val' => 'Y', 'message' => '不允许执行SQL,请在 protected/config/params.php 中配置 allowExecuteSql 为 Y', 'response' => 'text')); $sql = $this->_gets->getParam('command'); $sqls = self::_sqlSplit($sql); foreach ($sqls as $execute) { self::_execute($execute); } } }
/** * 编辑 * * @param $id */ public function actionUpdateTpl($filename) { parent::_acl(); parent::_configParams(array('action' => 'allowTplOperate', 'val' => 'Y', 'message' => '不允许创建或编辑模板,请在 protected/config/params.php 中配置 allowTplOperate 为 Y')); $filename = CHtml::encode(trim($this->_gets->getParam('filename'))); $content = trim($this->_gets->getParam('content')); if (isset($_POST['content'])) { $fileputcontent = file_put_contents($this->_themePath . DS . 'views' . DS . XUtils::b64decode($filename), $content); if ($fileputcontent == true) { AdminLogger::_create(array('catalog' => 'update', 'intro' => '编辑模板')); $this->redirect(array('index')); } } $data['filename'] = XUtils::b64decode($filename); $data['content'] = htmlspecialchars(file_get_contents($this->_themePath . DS . 'views' . DS . XUtils::b64decode($filename))); $this->render('update', $data); }