diff --git a/controller/ApiController.php b/controller/ApiController.php index 13528dd..101af9e 100644 --- a/controller/ApiController.php +++ b/controller/ApiController.php @@ -18,6 +18,9 @@ Class ApiController extends Controller { 'systemError' => 500, ); + protected $maxDirLen = 50; + protected $maxFileLen = 60; + //show api list public function actionIndex() { $params = array( @@ -155,7 +158,7 @@ Class ApiController extends Controller { $parentDir = $this->post('parent', ''); $newDir = $this->post('dir', ''); - $maxDirLen = 20; + $maxDirLen = $this->maxDirLen; if (empty($newDir) || mb_strlen($newDir, 'utf-8') > $maxDirLen) { $err = "目录名不能为空且最长 {$maxDirLen} 个字符"; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); @@ -204,7 +207,7 @@ Class ApiController extends Controller { $parentDir = $this->post('parent', ''); $delDir = $this->post('dir', ''); - $maxDirLen = 20; + $maxDirLen = $this->maxDirLen; if (empty($delDir) || mb_strlen($delDir, 'utf-8') > $maxDirLen) { $err = "目录名不能为空且最长 {$maxDirLen} 个字符"; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); @@ -254,9 +257,8 @@ Class ApiController extends Controller { $fromParent = $this->getParentDir($fromDir); $toDir = $this->post('to', ''); $toParent = $this->getParentDir($toDir); - $maxDirLen = 50; - if (empty($fromDir) || mb_strlen($fromDir, 'utf-8') > $maxDirLen || empty($toDir) || mb_strlen($toDir, 'utf-8') > $maxDirLen) { - $err = "目录名不能为空且最长 {$maxDirLen} 个字符"; + if (empty($fromDir) || empty($toDir)) { + $err = "目录名不能为空"; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); }else if ($this->isParentDirectoryValid($fromParent) == false) { //父目录合法性检查 $err = "被移动目录{$fromParent}不存在"; @@ -271,7 +273,7 @@ Class ApiController extends Controller { preg_match('/\/$/', $toDir) || preg_match('/\/[^\.]+$/', $toDir) ) ) { - if ($this->isParentDirectoryValid($toDir) == false) { //父目录合法性检查 + if ($this->isParentDirectoryValid($toDir) == false) { //目录合法性检查 $err = "目标目录{$toDir}不存在"; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); } @@ -311,9 +313,8 @@ Class ApiController extends Controller { $parentDir = $this->post('parent', ''); $fromDir = $this->post('from', ''); $toDir = $this->post('to', ''); - $maxDirLen = 20; - if (empty($fromDir) || mb_strlen($fromDir, 'utf-8') > $maxDirLen || empty($toDir) || mb_strlen($toDir, 'utf-8') > $maxDirLen) { - $err = "目录名不能为空且最长 {$maxDirLen} 个字符"; + if (empty($fromDir) || empty($toDir)) { + $err = "目录名不能为空"; return $this->renderJson(compact('code', 'msg', 'err', 'data')); }else if (!$this->isFilenameValid($fromDir) || !$this->isFilenameValid($toDir)) { $err = "目录名称中不能包含空格、单双引号、斜杠和分号字符!"; @@ -360,9 +361,9 @@ Class ApiController extends Controller { $parentDir = $this->post('parent', ''); $delFile = $this->post('file', ''); - $maxDirLen = 30; - if (empty($delFile) || mb_strlen($delFile, 'utf-8') > $maxDirLen) { - $err = "文件名不能为空且最长 {$maxDirLen} 个字符"; + $maxFileLen = $this->maxFileLen; + if (empty($delFile) || mb_strlen($delFile, 'utf-8') > $maxFileLen) { + $err = "文件名不能为空且最长 {$maxFileLen} 个字符"; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); }else if (!$this->isFilenameValid($delFile)) { $err = "待删除的文件名称中不能包含空格、单双引号、斜杠和分号字符!"; @@ -625,9 +626,14 @@ Class ApiController extends Controller { $parentDir = $this->post('parent', ''); $upfile = $this->post('file', ''); $filename = $this->post('name', ''); + + $maxFileLen = $this->maxFileLen; if (empty($upfile) || empty($filename)) { $err = '所有参数都不能为空!'; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); + }else if (mb_strlen($filename, 'utf-8') > $maxFileLen) { + $err = "文件名最长 {$maxFileLen} 个字符!"; + return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); }else if (!$this->isFilenameValid($filename)) { $err = '文件名不能包含空格、单双引号、斜杠和分号字符!'; return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']);