|
|
|
@ -41,6 +41,15 @@ Class ApiController extends Controller {
@@ -41,6 +41,15 @@ Class ApiController extends Controller {
|
|
|
|
|
return $this->renderJson($params); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private function getParentDir($realpath) { |
|
|
|
|
$realpath = preg_replace('/\/$/', '', $realpath); |
|
|
|
|
$arr = explode('/', $realpath); |
|
|
|
|
if (count($arr) < 2) {return $realpath;} |
|
|
|
|
|
|
|
|
|
array_pop($arr); |
|
|
|
|
return implode('/', $arr); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//判断父目录是否合法 |
|
|
|
|
protected function isParentDirectoryValid($parentDir) { |
|
|
|
|
if (empty($parentDir) || strpos($parentDir, '../') !== false) { |
|
|
|
@ -48,6 +57,7 @@ Class ApiController extends Controller {
@@ -48,6 +57,7 @@ Class ApiController extends Controller {
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$valid = true; |
|
|
|
|
$parentDir = preg_replace('/^\//', '', $parentDir); |
|
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory'] . "/{$parentDir}"; |
|
|
|
|
if (!is_dir($target)) { |
|
|
|
|
$valid = false; |
|
|
|
@ -241,19 +251,35 @@ Class ApiController extends Controller {
@@ -241,19 +251,35 @@ Class ApiController extends Controller {
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$fromDir = $this->post('from', ''); |
|
|
|
|
$fromParent = $this->getParentDir($fromDir); |
|
|
|
|
$toDir = $this->post('to', ''); |
|
|
|
|
$toParent = $this->getParentDir($toDir); |
|
|
|
|
$maxDirLen = 50; |
|
|
|
|
if (empty($fromDir) || mb_strlen($fromDir, 'utf-8') > $maxDirLen || empty($toDir) || mb_strlen($toDir, 'utf-8') > $maxDirLen) { |
|
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
}else if ($this->isParentDirectoryValid($fromDir) == false) { //目录合法性检查 |
|
|
|
|
$err = "目录{$fromDir}不存在"; |
|
|
|
|
}else if ($this->isParentDirectoryValid($fromParent) == false) { //父目录合法性检查 |
|
|
|
|
$err = "被移动目录{$fromParent}不存在"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
}else if ($this->isParentDirectoryValid($toDir) == false) { //目录合法性检查 |
|
|
|
|
$err = "目录{$toDir}不存在"; |
|
|
|
|
}else if ($this->isParentDirectoryValid($toParent) == false) { //父目录合法性检查 |
|
|
|
|
$err = "目标目录{$toParent}不存在"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//如果from是一个文件,而to是目录 |
|
|
|
|
if (preg_match('/\.\w+$/', $fromDir) && ( |
|
|
|
|
preg_match('/\/$/', $toDir) || preg_match('/\/[^\.]+$/', $toDir) |
|
|
|
|
) |
|
|
|
|
) { |
|
|
|
|
if ($this->isParentDirectoryValid($toDir) == false) { //父目录合法性检查 |
|
|
|
|
$err = "目标目录{$toDir}不存在"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$fromFile = str_replace("{$fromParent}/", '', $fromDir); |
|
|
|
|
$toDir = preg_match('/\/$/', $toDir) ? "{$toDir}{$fromFile}" : "{$toDir}/{$fromFile}"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
|
|
try { |
|
|
|
|
$res = rename("{$target}/{$fromDir}", "{$target}/{$toDir}"); |
|
|
|
|