/**
* 执行sql
*/
public function actionExecute()
{
if (XUtils::method() == 'POST') {
parent::_acl('database_query', array('response' => 'text'));
parent::_configParams(array('action' => 'allowExecuteSql', 'val' => 'Y', 'message' => '不允许执行SQL,请在 protected/config/params.php 中配置 allowExecuteSql 为 Y', 'response' => 'text'));
$sql = $this->_gets->getParam('command');
$sqls = self::_sqlSplit($sql);
foreach ($sqls as $execute) {
self::_execute($execute);
}
}
}
/**
* 编辑
*
* @param $id
*/
public function actionUpdateTpl($filename)
{
parent::_acl();
parent::_configParams(array('action' => 'allowTplOperate', 'val' => 'Y', 'message' => '不允许创建或编辑模板,请在 protected/config/params.php 中配置 allowTplOperate 为 Y'));
$filename = CHtml::encode(trim($this->_gets->getParam('filename')));
$content = trim($this->_gets->getParam('content'));
if (isset($_POST['content'])) {
$fileputcontent = file_put_contents($this->_themePath . DS . 'views' . DS . XUtils::b64decode($filename), $content);
if ($fileputcontent == true) {
AdminLogger::_create(array('catalog' => 'update', 'intro' => '编辑模板'));
$this->redirect(array('index'));
}
}
$data['filename'] = XUtils::b64decode($filename);
$data['content'] = htmlspecialchars(file_get_contents($this->_themePath . DS . 'views' . DS . XUtils::b64decode($filename)));
$this->render('update', $data);
}
