bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

增强安全性,修复子目录查询错误

This commit is contained in:
wlx 2011-10-21 02:37:08 +00:00
parent 137f717777
commit 8adb04a94a
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
application/default/controllers/FilelistController.php
View File

@ -28,13 +28,13 @@ class FilelistController extends Zend_Controller_Action {
} }
function subAction() { function subAction() {
$uuid=$this->_request->getParam('uuid'); $uuid=$this->_request->getParam('uuid');
$subpath=$this->_request->getParam('subpath'); $subpath=(int)$this->_request->getParam('subpath');
//$subPath=urldecode($getUrl); //$subPath=urldecode($getUrl);
//$depth=substr_count($subPath,'/'); //$depth=substr_count($subPath,'/');
$depth=$this->_request->getParam('depth'); $depth=(int)$this->_request->getParam('depth');
$depth++; $depth++;
$sql="select f.filename,f.id,s.uuid,f.depth from datafile f,dataset s where s.id=f.dsid and s.uuid='".$uuid."' and f.depth=".$depth." and f.filename<>'/uuid.txt' and f.filename ilike (select filename from datafile where id=?)||'%' order by f.isdir desc,f.filename"; $sql="select f.filename,f.id,s.uuid,f.depth from datafile f,dataset s where s.id=f.dsid and s.uuid=? and f.depth=".$depth." and f.filename<>'/uuid.txt' and f.filename ilike (select filename from datafile where id=".$subpath.")||'%' order by f.isdir desc,f.filename";
$files=$db->fetchAll($this->db->quoteInto($sql,$subpath)); $files=$this->db->fetchAll($this->db->quoteInto($sql,$uuid));
/* /*
$documents=array(); $documents=array();
$i=0; $i=0;