bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

增强安全性,修复子目录查询错误

This commit is contained in:
wlx 2011-10-21 02:37:08 +00:00
parent 137f717777
commit 8adb04a94a
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
application/default/controllers/FilelistController.php
View File

@ -28,13 +28,13 @@ class FilelistController extends Zend_Controller_Action {
}
function subAction() {
$uuid=$this->_request->getParam('uuid');
$subpath=$this->_request->getParam('subpath');
$subpath=(int)$this->_request->getParam('subpath');
//$subPath=urldecode($getUrl);
//$depth=substr_count($subPath,'/');
$depth=$this->_request->getParam('depth');
$depth=(int)$this->_request->getParam('depth');
$depth++;
$sql="select f.filename,f.id,s.uuid,f.depth from datafile f,dataset s where s.id=f.dsid and s.uuid='".$uuid."' and f.depth=".$depth." and f.filename<>'/uuid.txt' and f.filename ilike (select filename from datafile where id=?)||'%' order by f.isdir desc,f.filename";
$files=$db->fetchAll($this->db->quoteInto($sql,$subpath));
$sql="select f.filename,f.id,s.uuid,f.depth from datafile f,dataset s where s.id=f.dsid and s.uuid=? and f.depth=".$depth." and f.filename<>'/uuid.txt' and f.filename ilike (select filename from datafile where id=".$subpath.")||'%' order by f.isdir desc,f.filename";
$files=$this->db->fetchAll($this->db->quoteInto($sql,$uuid));
/*
$documents=array();
$i=0;