|
|
|
|
@ -56,6 +56,22 @@ Class ApiController extends Controller {
@@ -56,6 +56,22 @@ Class ApiController extends Controller {
|
|
|
|
|
return $valid; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//判断文件名是否合法,不能为空以及不能包含空白字符 |
|
|
|
|
protected function isFilenameValid($filename) { |
|
|
|
|
$notAllowedLetters = array( |
|
|
|
|
'"', |
|
|
|
|
"'", |
|
|
|
|
'/', |
|
|
|
|
"\\", |
|
|
|
|
';', |
|
|
|
|
); |
|
|
|
|
if (empty($filename) || preg_match('/\s/', $filename) || str_replace($notAllowedLetters, '', $filename) != $filename) { |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//目录、文件列表 |
|
|
|
|
public function actionLs() { |
|
|
|
|
$code = 0; |
|
|
|
|
@ -133,8 +149,8 @@ Class ApiController extends Controller {
@@ -133,8 +149,8 @@ Class ApiController extends Controller {
|
|
|
|
|
if (empty($newDir) || mb_strlen($newDir, 'utf-8') > $maxDirLen) { |
|
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
}else if (strpos($newDir, '/') !== false) { |
|
|
|
|
$err = "待创建的目录名称中不能包含斜杠字符!"; |
|
|
|
|
}else if (!$this->isFilenameValid($newDir)) { |
|
|
|
|
$err = "待创建的目录名称中不能包含空格、单双引号、斜杠和分号字符!"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -273,8 +289,8 @@ Class ApiController extends Controller {
@@ -273,8 +289,8 @@ Class ApiController extends Controller {
|
|
|
|
|
if (empty($fromDir) || mb_strlen($fromDir, 'utf-8') > $maxDirLen || empty($toDir) || mb_strlen($toDir, 'utf-8') > $maxDirLen) { |
|
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
|
}else if (strpos($fromDir, '/') !== false || strpos($toDir, '/') !== false) { |
|
|
|
|
$err = "目录名称中不能包含斜杠字符!"; |
|
|
|
|
}else if (!$this->isFilenameValid($fromDir) || !$this->isFilenameValid($toDir)) { |
|
|
|
|
$err = "目录名称中不能包含空格、单双引号、斜杠和分号字符!"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -322,8 +338,8 @@ Class ApiController extends Controller {
@@ -322,8 +338,8 @@ Class ApiController extends Controller {
|
|
|
|
|
if (empty($delFile) || mb_strlen($delFile, 'utf-8') > $maxDirLen) { |
|
|
|
|
$err = "文件名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
}else if (strpos($delFile, '/') !== false) { |
|
|
|
|
$err = "待删除的文件名称中不能包含斜杠字符!"; |
|
|
|
|
}else if (!$this->isFilenameValid($delFile)) { |
|
|
|
|
$err = "待删除的文件名称中不能包含空格、单双引号、斜杠和分号字符!"; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -558,6 +574,9 @@ Class ApiController extends Controller {
@@ -558,6 +574,9 @@ Class ApiController extends Controller {
|
|
|
|
|
if (empty($upfile) || empty($filename)) { |
|
|
|
|
$err = '所有参数都不能为空!'; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
}else if (!$this->isFilenameValid($filename)) { |
|
|
|
|
$err = '文件名不能包含空格、单双引号、斜杠和分号字符!'; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
}else if (!preg_match('/^data:[a-z0-9]+\/[a-z0-9]+;base64,/i', $upfile)) { |
|
|
|
|
$err = '图片数据必需为base64格式!'; |
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
|
