jsasg/orico-official-website-old
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: bug修复

Browse Source
This commit is contained in:
jsasg
2024-10-29 17:38:47 +08:00
parent 48bf3e6f33
commit 260c1f052d
33 changed files with 1032 additions and 664 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
app/admin/controller/Webuploader.php
View File

@@ -8,13 +8,17 @@ use think\Config;
use image\Image;
use pagination\Pagination;
class Webuploader extends BaseController {
class Webuploader extends BaseController
{
private $docDir = '';
private $rootDir = '';
private $basePath = '/';
private $saveDirectory = 'default';
private $num = '10';
public function __construct() {
public function __construct()
{
parent::__construct();
date_default_timezone_set("Asia/Shanghai");
$this->docDir = $this->request->server('DOCUMENT_ROOT');
@@ -26,7 +30,8 @@ class Webuploader extends BaseController {
header("Content-Type: text/html; charset=utf-8");
}
public function show() {
public function show()
{
$filter_name = $this->request->get('filter_name', '', 'urldecode');
if (!empty($filter_name)) {
$filter_name = trim(str_replace(['/../', '../', '*'], '', $filter_name), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
@@ -110,7 +115,11 @@ class Webuploader extends BaseController {
$path = mb_substr($image, mb_strlen($this->docDir . $this->rootDir));
$ext = strtolower(pathinfo($image, PATHINFO_EXTENSION));
switch ($ext) {
case 'jpg': case 'png': case 'gif': case 'bmp': case 'jpeg':
case 'jpg':
case 'png':
case 'gif':
case 'bmp':
case 'jpeg':
$data['images'][] = array(
'thumb' => $path,
'name' => implode(' ', $name),
@@ -119,7 +128,11 @@ class Webuploader extends BaseController {
'href' => $this->request->domain() . $path
);
break;
case 'html': case 'htm': case 'js': case 'php': case 'txt':
case 'html':
case 'htm':
case 'js':
case 'php':
case 'txt':
$data['images'][] = array(
'thumb' => $path,
'name' => implode(' ', $name),
@@ -128,7 +141,13 @@ class Webuploader extends BaseController {
'href' => 'javascript:void(0);'
);
break;
case 'avi': case 'mp4': case 'rmvb': case 'mkv': case 'wmv': case 'ogg': case 'webm':
case 'avi':
case 'mp4':
case 'rmvb':
case 'mkv':
case 'wmv':
case 'ogg':
case 'webm':
$data['images'][] = array(
'thumb' => $path,
'name' => implode(' ', $name),
@@ -137,7 +156,13 @@ class Webuploader extends BaseController {
'href' => 'javascript:void(0);'
);
break;
case 'zip': case 'rar': case 'gz': case 'tar': case 'tgz': case 'gz': case 'iso':
case 'zip':
case 'rar':
case 'gz':
case 'tar':
case 'tgz':
case 'gz':
case 'iso':
$data['images'][] = array(
'thumb' => $path,
'name' => implode(' ', $name),
@@ -203,13 +228,14 @@ class Webuploader extends BaseController {
return $this->fetch();
}
public function modal() {
public function modal()
{
$relativepath = $this->request->get('directory', '', 'urldecode');
if (!empty($relativepath)) {
$relativepath = trim(str_replace(['/../', '../', '*'], '', $relativepath), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
}
$func = $this->request->get('func', 'undefined');
$num = $this->num;
$num = $this->request->get('num', $this->num);
$type = $this->request->get('type', '');
$target = $this->request->get('target', '');
$thumb = $this->request->get('thumb', '');
@@ -252,14 +278,15 @@ class Webuploader extends BaseController {
return $this->fetch();
}
public function uploadiframe() {
public function uploadiframe()
{
$relativepath = $this->request->get('directory', '', 'urldecode');
if (!empty($relativepath)) {
$relativepath = trim(str_replace(['/../', '../', '*'], '', $relativepath), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
}
$func = $this->request->get('func', 'undefined');
//$num = $this->request->get('num/d', 1);
$num = $this->num;
$num = $this->request->get('num', $this->num);
$type = $this->request->get('type', '');
$target = $this->request->get('target', '');
$thumb = $this->request->get('thumb', '');
@@ -295,21 +322,24 @@ class Webuploader extends BaseController {
return str_replace(array_keys($tpl_replace_string), array_values($tpl_replace_string), $content);
}
public function imageupload() {
public function imageupload()
{
// 上传图片框中的描述表单名称,
$title = $this->request->get('pictitle');
$relativepath = $this->request->get('directory', '', 'urldecode');
if (!empty($relativepath)) {
$relativepath = trim(str_replace(['/../', '../', '*'], '', $relativepath), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
}
$this->saveDirectory = $relativepath? : 'default';
$this->saveDirectory = $relativepath ?: 'default';
// 获取表单上传文件 例如上传了001.jpg
$file = request()->file('file');
// if (empty($file))
// $file = request()->file('upfile');
// if (empty($file))
// $file = request()->file('upfile');
$image_upload_limit_size = Config::get('image_upload_limit_size');
$result = $this->validate(
['file' => $file], ['file' => 'image|fileSize:' . $image_upload_limit_size . '|fileExt:jpg,jpeg,gif,png'], ['file.image' => '上传文件必须为图片', 'file.fileSize' => '上传文件过大', 'file.fileExt' => '上传文件后缀名必须为jpg,jpeg,gif,png']
['file' => $file],
['file' => 'image|fileSize:' . $image_upload_limit_size . '|fileExt:jpg,jpeg,gif,png'],
['file.image' => '上传文件必须为图片', 'file.fileSize' => '上传文件过大', 'file.fileExt' => '上传文件后缀名必须为jpg,jpeg,gif,png']
);
if (true !== $result || !$file) {
$state = "ERROR " . $result;
@@ -332,25 +362,27 @@ class Webuploader extends BaseController {
$return_data['original'] = ''; // 这里好像没啥用 暂时注释起来
$return_data['state'] = $state;
$return_data['directory'] = $this->saveDirectory;
echo json_encode($return_data);
exit;
return json_encode($return_data);
}
public function fileupload() {
public function fileupload()
{
// 上传图片框中的描述表单名称,
$title = $this->request->get('pictitle');
$relativepath = $this->request->get('directory', '', 'urldecode');
if (!empty($relativepath)) {
$relativepath = trim(str_replace(['/../', '../', '*'], '', $relativepath), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
}
$this->saveDirectory = $relativepath? : 'default';
$this->saveDirectory = $relativepath ?: 'default';
// 获取表单上传文件 例如上传了001.jpg
$file = request()->file('file');
// if (empty($file))
// $file = request()->file('upfile');
// if (empty($file))
// $file = request()->file('upfile');
$file_upload_limit_size = Config::get('file_upload_limit_size');
$result = $this->validate(
['file' => $file], ['file' => 'fileSize:' . $file_upload_limit_size], ['file.fileSize' => '上传文件过大']
['file' => $file],
['file' => 'fileSize:' . $file_upload_limit_size],
['file.fileSize' => '上传文件过大']
);
if (true !== $result || !$file) {
$state = "ERROR " . $result;
@@ -377,12 +409,13 @@ class Webuploader extends BaseController {
删除上传的图片
*/
public function deluploadimage() {
public function deluploadimage()
{
$action = $this->request->get('action', 'del');
$filename = $this->request->get('filename');
$filename = empty($filename) ? $this->request->get('url') : $filename;
// $filename = str_replace('../', '', $filename);
// $filename = trim($filename, "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
// $filename = str_replace('../', '', $filename);
// $filename = trim($filename, "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
$filename = trim(str_replace('../', '', $filename), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
$filename = './' . $filename;
if ($action == 'del' && !empty($filename) && is_file($filename)) {
@@ -404,12 +437,13 @@ class Webuploader extends BaseController {
删除上传的文件
*/
public function deluploadfile() {
public function deluploadfile()
{
$action = $this->request->get('action', 'del');
$filename = $this->request->get('filename');
$filename = empty($filename) ? $this->request->get('url') : $filename;
// $filename = str_replace('../', '', $filename);
// $filename = trim($filename, "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
// $filename = str_replace('../', '', $filename);
// $filename = trim($filename, "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
$filename = trim(str_replace('../', '', $filename), "\x20\x09\x0A\x0D\x00\x0B\x2E\x2F");
$filename = './' . $filename;
if ($action == 'del' && !empty($filename) && is_file($filename)) {
@@ -422,7 +456,8 @@ class Webuploader extends BaseController {
exit;
}
public function preview() {
public function preview()
{
// 此页面用来协助 IE6/7 预览图片,因为 IE 6/7 不支持 base64
$DIR = 'preview';
// Create target dir
@@ -448,7 +483,10 @@ class Webuploader extends BaseController {
$src = file_get_contents('php://input');
if (preg_match("#^data:image/(\w+);base64,(.*)$#", $src, $matches)) {
$previewUrl = sprintf(
"%s://%s%s", isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http', $_SERVER['HTTP_HOST'], $_SERVER['REQUEST_URI']
"%s://%s%s",
isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http',
$_SERVER['HTTP_HOST'],
$_SERVER['REQUEST_URI']
);
$previewUrl = str_replace("preview.php", "", $previewUrl);
$base64 = $matches[2];
@@ -470,8 +508,9 @@ class Webuploader extends BaseController {
}
}
public function upload() {
$json = array();
public function upload()
{
$json = [];
// Make sure we have the correct directory
$relativepath = $this->request->get('directory', '', 'urldecode');
if (!empty($relativepath)) {
@@ -482,46 +521,57 @@ class Webuploader extends BaseController {
}
// Check its a directory
if (!is_dir($directory) || mb_substr($directory, 0, mb_strlen($this->basePath)) != $this->basePath) {
$json['error'] = '路径错误';
}
if (!$json) {
$file_upload_limit_size = Config::get('file_upload_limit_size');
// Check if multiple files are uploaded or just one
//获取上传的文件类型
//$type = $this->request->get('type', '');
// 获取表单上传文件
$files = $this->request->file('file');
foreach ($files as $k => $file) {
// 移动到框架应用根目录/public/uploads/ 目录下
$info = $file->validate(['size' => $file_upload_limit_size])->move($directory, false);
if ($info) {
// 成功上传后 获取上传信息
$ext = strtolower($info->getExtension());
if (in_array($ext, ['gif', 'jpg', 'jpeg', 'png', 'bmp'])) {
$image_upload_limit_size = Config::get('image_upload_limit_size');
$chick = $info->getInfo();
if ($chick['size']>=$image_upload_limit_size) {
$json['success'] = "文件大小超过1M";
} else {
$this->watermark('/uploads/' . $relativepath . '/' . $info->getFilename());
}
}
} else {
// 上传失败获取错误信息
$json['error'] = '';
$json['error'] .= '文件' . $k . $file->getError();
}
if (!mkdir($directory, 0755, true)) {
$json['error'] = '路径错误';
}
}
if (!$json) {
$json['success'] = '文件上传成功';
$json = [
'success' => '文件上传成功'
];
$file_upload_limit_size = Config::get('file_upload_limit_size');
$image_upload_limit_size = Config::get('image_upload_limit_size');
// 获取表单上传文件
$errors = [];
$files = $this->request->file('file');
foreach ($files as $k => $file) {
$file_info = $file->getInfo();
$idx = mb_strripos($file_info['name'], '.', 0, 'utf-8');
$file = $file->validate(['size' => $file_upload_limit_size]);
if (false !== $idx) {
$start = $idx;
if (mb_strlen($file_info['name'], 'utf-8') > $idx) {
$start = $idx + 1;
}
$ext = mb_substr($file_info['name'], $start);
if (in_array($ext, ['gif', 'jpg', 'jpeg', 'png', 'bmp'])) {
$file->validate(['size' => $image_upload_limit_size]);
}
}
// 移动到框架应用根目录/public/uploads/ 目录下
$info = $file->move($directory, false);
if ($info) {
// 成功上传后 获取上传信息
$this->watermark('/uploads/' . $relativepath . '/' . $info->getFilename());
} else {
// 上传失败获取错误信息
$errors[] = '文件【' . $file->getInfo()['name'] . '】' . $file->getError();
}
}
if (count($errors) != 0) {
$json = [
'success' => implode('\n', $errors)
];
}
}
echo json_encode($json);
exit;
}
public function folder() {
public function folder()
{
$json = array();
// Make sure we have the correct directory
$relativepath = $this->request->get('directory', '', 'urldecode');
@@ -569,7 +619,8 @@ class Webuploader extends BaseController {
exit;
}
public function rename() {
public function rename()
{
$json = array();
// Make sure we have the correct directory
$relativepath = $this->request->get('directory', '', 'urldecode');
@@ -617,7 +668,8 @@ class Webuploader extends BaseController {
exit;
}
public function delete() {
public function delete()
{
$json = array();
$paths = $this->request->post();
if (isset($paths['path'])) {
@@ -677,7 +729,8 @@ class Webuploader extends BaseController {
exit;
}
public function watermark($return_url = '/uploads/nopic.jpg') {
public function watermark($return_url = '/uploads/nopic.jpg')
{
$iswatermark = Config::get('watermark');
$return_data = ['watermark' => $iswatermark];
if ($iswatermark) {
@@ -707,7 +760,7 @@ class Webuploader extends BaseController {
$ttf = './hgzb.ttf';
if (file_exists($ttf)) {
$size = $wmconfig['mark_text_size'] ? $wmconfig['mark_text_size'] : 30;
$color = $wmconfig['mark_text_color'] ? : '#000000';
$color = $wmconfig['mark_text_color'] ?: '#000000';
if (!preg_match('/^#[0-9a-fA-F]{6}$/', $color)) {
$color = '#000000';
}
@@ -729,5 +782,4 @@ class Webuploader extends BaseController {
}
return $return_data;
}
}