You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
432 lines
13 KiB
432 lines
13 KiB
5 years ago
|
<?php
|
||
|
if (!defined('__TYPECHO_ROOT_DIR__')) exit;
|
||
|
/**
|
||
|
* 上传动作
|
||
|
*
|
||
|
* @category typecho
|
||
|
* @package Widget
|
||
|
* @copyright Copyright (c) 2008 Typecho team (http://www.typecho.org)
|
||
|
* @license GNU General Public License 2.0
|
||
|
* @version $Id$
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* 上传组件
|
||
|
*
|
||
|
* @author qining
|
||
|
* @category typecho
|
||
|
* @package Widget
|
||
|
*/
|
||
|
class Widget_Upload extends Widget_Abstract_Contents implements Widget_Interface_Do
|
||
|
{
|
||
|
//上传文件目录
|
||
|
const UPLOAD_DIR = '/usr/uploads';
|
||
|
|
||
|
/**
|
||
|
* 创建上传路径
|
||
|
*
|
||
|
* @access private
|
||
|
* @param string $path 路径
|
||
|
* @return boolean
|
||
|
*/
|
||
|
private static function makeUploadDir($path)
|
||
|
{
|
||
|
$path = preg_replace("/\\\+/", '/', $path);
|
||
|
$current = rtrim($path, '/');
|
||
|
$last = $current;
|
||
|
|
||
|
while (!is_dir($current) && false !== strpos($path, '/')) {
|
||
|
$last = $current;
|
||
|
$current = dirname($current);
|
||
|
}
|
||
|
|
||
|
if ($last == $current) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
if (!@mkdir($last)) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$stat = @stat($last);
|
||
|
$perms = $stat['mode'] & 0007777;
|
||
|
@chmod($last, $perms);
|
||
|
|
||
|
return self::makeUploadDir($path);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 获取安全的文件名
|
||
|
*
|
||
|
* @param string $name
|
||
|
* @static
|
||
|
* @access private
|
||
|
* @return string
|
||
|
*/
|
||
|
private static function getSafeName(&$name)
|
||
|
{
|
||
|
$name = str_replace(array('"', '<', '>'), '', $name);
|
||
|
$name = str_replace('\\', '/', $name);
|
||
|
$name = false === strpos($name, '/') ? ('a' . $name) : str_replace('/', '/a', $name);
|
||
|
$info = pathinfo($name);
|
||
|
$name = substr($info['basename'], 1);
|
||
|
|
||
|
return isset($info['extension']) ? strtolower($info['extension']) : '';
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 上传文件处理函数,如果需要实现自己的文件哈希或者特殊的文件系统,请在options表里把uploadHandle改成自己的函数
|
||
|
*
|
||
|
* @access public
|
||
|
* @param array $file 上传的文件
|
||
|
* @return mixed
|
||
|
*/
|
||
|
public static function uploadHandle($file)
|
||
|
{
|
||
|
if (empty($file['name'])) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$result = Typecho_Plugin::factory('Widget_Upload')->trigger($hasUploaded)->uploadHandle($file);
|
||
|
if ($hasUploaded) {
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
$ext = self::getSafeName($file['name']);
|
||
|
|
||
|
if (!self::checkFileType($ext) || Typecho_Common::isAppEngine()) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$date = new Typecho_Date();
|
||
|
$path = Typecho_Common::url(defined('__TYPECHO_UPLOAD_DIR__') ? __TYPECHO_UPLOAD_DIR__ : self::UPLOAD_DIR,
|
||
|
defined('__TYPECHO_UPLOAD_ROOT_DIR__') ? __TYPECHO_UPLOAD_ROOT_DIR__ : __TYPECHO_ROOT_DIR__)
|
||
|
. '/' . $date->year . '/' . $date->month;
|
||
|
|
||
|
//创建上传目录
|
||
|
if (!is_dir($path)) {
|
||
|
if (!self::makeUploadDir($path)) {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//获取文件名
|
||
|
$fileName = sprintf('%u', crc32(uniqid())) . '.' . $ext;
|
||
|
$path = $path . '/' . $fileName;
|
||
|
|
||
|
if (isset($file['tmp_name'])) {
|
||
|
|
||
|
//移动上传文件
|
||
|
if (!@move_uploaded_file($file['tmp_name'], $path)) {
|
||
|
return false;
|
||
|
}
|
||
|
} else if (isset($file['bytes'])) {
|
||
|
|
||
|
//直接写入文件
|
||
|
if (!file_put_contents($path, $file['bytes'])) {
|
||
|
return false;
|
||
|
}
|
||
|
} else {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if (!isset($file['size'])) {
|
||
|
$file['size'] = filesize($path);
|
||
|
}
|
||
|
|
||
|
//返回相对存储路径
|
||
|
return array(
|
||
|
'name' => $file['name'],
|
||
|
'path' => (defined('__TYPECHO_UPLOAD_DIR__') ? __TYPECHO_UPLOAD_DIR__ : self::UPLOAD_DIR)
|
||
|
. '/' . $date->year . '/' . $date->month . '/' . $fileName,
|
||
|
'size' => $file['size'],
|
||
|
'type' => $ext,
|
||
|
'mime' => Typecho_Common::mimeContentType($path)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 修改文件处理函数,如果需要实现自己的文件哈希或者特殊的文件系统,请在options表里把modifyHandle改成自己的函数
|
||
|
*
|
||
|
* @access public
|
||
|
* @param array $content 老文件
|
||
|
* @param array $file 新上传的文件
|
||
|
* @return mixed
|
||
|
*/
|
||
|
public static function modifyHandle($content, $file)
|
||
|
{
|
||
|
if (empty($file['name'])) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$result = Typecho_Plugin::factory('Widget_Upload')->trigger($hasModified)->modifyHandle($content, $file);
|
||
|
if ($hasModified) {
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
$ext = self::getSafeName($file['name']);
|
||
|
|
||
|
if ($content['attachment']->type != $ext || Typecho_Common::isAppEngine()) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$path = Typecho_Common::url($content['attachment']->path,
|
||
|
defined('__TYPECHO_UPLOAD_ROOT_DIR__') ? __TYPECHO_UPLOAD_ROOT_DIR__ : __TYPECHO_ROOT_DIR__);
|
||
|
$dir = dirname($path);
|
||
|
|
||
|
//创建上传目录
|
||
|
if (!is_dir($dir)) {
|
||
|
if (!self::makeUploadDir($dir)) {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (isset($file['tmp_name'])) {
|
||
|
|
||
|
@unlink($path);
|
||
|
|
||
|
//移动上传文件
|
||
|
if (!@move_uploaded_file($file['tmp_name'], $path)) {
|
||
|
return false;
|
||
|
}
|
||
|
} else if (isset($file['bytes'])) {
|
||
|
|
||
|
@unlink($path);
|
||
|
|
||
|
//直接写入文件
|
||
|
if (!file_put_contents($path, $file['bytes'])) {
|
||
|
return false;
|
||
|
}
|
||
|
} else {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if (!isset($file['size'])) {
|
||
|
$file['size'] = filesize($path);
|
||
|
}
|
||
|
|
||
|
//返回相对存储路径
|
||
|
return array(
|
||
|
'name' => $content['attachment']->name,
|
||
|
'path' => $content['attachment']->path,
|
||
|
'size' => $file['size'],
|
||
|
'type' => $content['attachment']->type,
|
||
|
'mime' => $content['attachment']->mime
|
||
|
);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 删除文件
|
||
|
*
|
||
|
* @access public
|
||
|
* @param array $content 文件相关信息
|
||
|
* @return string
|
||
|
*/
|
||
|
public static function deleteHandle(array $content)
|
||
|
{
|
||
|
$result = Typecho_Plugin::factory('Widget_Upload')->trigger($hasDeleted)->deleteHandle($content);
|
||
|
if ($hasDeleted) {
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
return !Typecho_Common::isAppEngine()
|
||
|
&& @unlink(__TYPECHO_ROOT_DIR__ . '/' . $content['attachment']->path);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 获取实际文件绝对访问路径
|
||
|
*
|
||
|
* @access public
|
||
|
* @param array $content 文件相关信息
|
||
|
* @return string
|
||
|
*/
|
||
|
public static function attachmentHandle(array $content)
|
||
|
{
|
||
|
$result = Typecho_Plugin::factory('Widget_Upload')->trigger($hasPlugged)->attachmentHandle($content);
|
||
|
if ($hasPlugged) {
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
$options = Typecho_Widget::widget('Widget_Options');
|
||
|
return Typecho_Common::url($content['attachment']->path,
|
||
|
defined('__TYPECHO_UPLOAD_URL__') ? __TYPECHO_UPLOAD_URL__ : $options->siteUrl);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 获取实际文件数据
|
||
|
*
|
||
|
* @access public
|
||
|
* @param array $content
|
||
|
* @return string
|
||
|
*/
|
||
|
public static function attachmentDataHandle(array $content)
|
||
|
{
|
||
|
$result = Typecho_Plugin::factory('Widget_Upload')->trigger($hasPlugged)->attachmentDataHandle($content);
|
||
|
if ($hasPlugged) {
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
return file_get_contents(Typecho_Common::url($content['attachment']->path,
|
||
|
defined('__TYPECHO_UPLOAD_ROOT_DIR__') ? __TYPECHO_UPLOAD_ROOT_DIR__ : __TYPECHO_ROOT_DIR__));
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 检查文件名
|
||
|
*
|
||
|
* @access private
|
||
|
* @param string $ext 扩展名
|
||
|
* @return boolean
|
||
|
*/
|
||
|
public static function checkFileType($ext)
|
||
|
{
|
||
|
$options = Typecho_Widget::widget('Widget_Options');
|
||
|
return in_array($ext, $options->allowedAttachmentTypes);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 执行升级程序
|
||
|
*
|
||
|
* @access public
|
||
|
* @return void
|
||
|
*/
|
||
|
public function upload()
|
||
|
{
|
||
|
if (!empty($_FILES)) {
|
||
|
$file = array_pop($_FILES);
|
||
|
if (0 == $file['error'] && is_uploaded_file($file['tmp_name'])) {
|
||
|
// xhr的send无法支持utf8
|
||
|
if ($this->request->isAjax()) {
|
||
|
$file['name'] = urldecode($file['name']);
|
||
|
}
|
||
|
$result = self::uploadHandle($file);
|
||
|
|
||
|
if (false !== $result) {
|
||
|
$this->pluginHandle()->beforeUpload($result);
|
||
|
|
||
|
$struct = array(
|
||
|
'title' => $result['name'],
|
||
|
'slug' => $result['name'],
|
||
|
'type' => 'attachment',
|
||
|
'status' => 'publish',
|
||
|
'text' => serialize($result),
|
||
|
'allowComment' => 1,
|
||
|
'allowPing' => 0,
|
||
|
'allowFeed' => 1
|
||
|
);
|
||
|
|
||
|
if (isset($this->request->cid)) {
|
||
|
$cid = $this->request->filter('int')->cid;
|
||
|
|
||
|
if ($this->isWriteable($this->db->sql()->where('cid = ?', $cid))) {
|
||
|
$struct['parent'] = $cid;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$insertId = $this->insert($struct);
|
||
|
|
||
|
$this->db->fetchRow($this->select()->where('table.contents.cid = ?', $insertId)
|
||
|
->where('table.contents.type = ?', 'attachment'), array($this, 'push'));
|
||
|
|
||
|
/** 增加插件接口 */
|
||
|
$this->pluginHandle()->upload($this);
|
||
|
|
||
|
$this->response->throwJson(array($this->attachment->url, array(
|
||
|
'cid' => $insertId,
|
||
|
'title' => $this->attachment->name,
|
||
|
'type' => $this->attachment->type,
|
||
|
'size' => $this->attachment->size,
|
||
|
'bytes' => number_format(ceil($this->attachment->size / 1024)) . ' Kb',
|
||
|
'isImage' => $this->attachment->isImage,
|
||
|
'url' => $this->attachment->url,
|
||
|
'permalink' => $this->permalink
|
||
|
)));
|
||
|
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$this->response->throwJson(false);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 执行升级程序
|
||
|
*
|
||
|
* @access public
|
||
|
* @return void
|
||
|
*/
|
||
|
public function modify()
|
||
|
{
|
||
|
if (!empty($_FILES)) {
|
||
|
$file = array_pop($_FILES);
|
||
|
if (0 == $file['error'] && is_uploaded_file($file['tmp_name'])) {
|
||
|
$this->db->fetchRow($this->select()->where('table.contents.cid = ?', $this->request->filter('int')->cid)
|
||
|
->where('table.contents.type = ?', 'attachment'), array($this, 'push'));
|
||
|
|
||
|
if (!$this->have()) {
|
||
|
$this->response->setStatus(404);
|
||
|
exit;
|
||
|
}
|
||
|
|
||
|
if (!$this->allow('edit')) {
|
||
|
$this->response->setStatus(403);
|
||
|
exit;
|
||
|
}
|
||
|
|
||
|
// xhr的send无法支持utf8
|
||
|
if ($this->request->isAjax()) {
|
||
|
$file['name'] = urldecode($file['name']);
|
||
|
}
|
||
|
|
||
|
$result = self::modifyHandle($this->row, $file);
|
||
|
|
||
|
if (false !== $result) {
|
||
|
$this->pluginHandle()->beforeModify($result);
|
||
|
|
||
|
$this->update(array(
|
||
|
'text' => serialize($result)
|
||
|
), $this->db->sql()->where('cid = ?', $this->cid));
|
||
|
|
||
|
$this->db->fetchRow($this->select()->where('table.contents.cid = ?', $this->cid)
|
||
|
->where('table.contents.type = ?', 'attachment'), array($this, 'push'));
|
||
|
|
||
|
/** 增加插件接口 */
|
||
|
$this->pluginHandle()->modify($this);
|
||
|
|
||
|
$this->response->throwJson(array($this->attachment->url, array(
|
||
|
'cid' => $this->cid,
|
||
|
'title' => $this->attachment->name,
|
||
|
'type' => $this->attachment->type,
|
||
|
'size' => $this->attachment->size,
|
||
|
'bytes' => number_format(ceil($this->attachment->size / 1024)) . ' Kb',
|
||
|
'isImage' => $this->attachment->isImage,
|
||
|
'url' => $this->attachment->url,
|
||
|
'permalink' => $this->permalink
|
||
|
)));
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$this->response->throwJson(false);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 初始化函数
|
||
|
*
|
||
|
* @access public
|
||
|
* @return void
|
||
|
*/
|
||
|
public function action()
|
||
|
{
|
||
|
if ($this->user->pass('contributor', true) && $this->request->isPost()) {
|
||
|
$this->security->protect();
|
||
|
if ($this->request->is('do=modify&cid')) {
|
||
|
$this->modify();
|
||
|
} else {
|
||
|
$this->upload();
|
||
|
}
|
||
|
} else {
|
||
|
$this->response->setStatus(403);
|
||
|
}
|
||
|
}
|
||
|
}
|