/** 查看留言回复 */
@RequestMapping(value = "/member/guestbook_replay.jspx")
public String guestbook_replay(
Integer id,
String nextUrl,
HttpServletRequest request,
HttpServletResponse response,
ModelMap model) {
CmsSite site = CmsUtils.getSite(request);
CmsUser user = CmsUtils.getUser(request);
FrontUtils.frontData(request, model, site);
MemberConfig mcfg = site.getConfig().getMemberConfig();
// 没有开启会员功能
if (!mcfg.isMemberOn()) {
return FrontUtils.showMessage(request, model, "member.memberClose");
}
if (user == null) {
return FrontUtils.showLogin(request, model, site);
}
CmsGuestbook guestbook = guestbookMng.findById(id);
if (!guestbook.getMember().equals(user)) {
WebErrors errors = WebErrors.create(request);
errors.addErrorCode("error.noPermissionsView");
return FrontUtils.showError(request, response, model, errors);
}
model.addAttribute("guestbook", guestbook);
return FrontUtils.getTplPath(
request, site.getSolutionPath(), TPLDIR_GUESTBOOK, GUESTBOOK_REPLAY);
}
@RequiresPermissions("data:o_revert")
@RequestMapping("/mysql/data/o_revert.do")
public String revert(
String filename,
String db,
ModelMap model,
HttpServletRequest request,
HttpServletResponse response)
throws IOException {
String backpath = realPathResolver.get(Constants.BACKUP_PATH);
String backFilePath = backpath + SLASH + filename;
String sql = readFile(backFilePath);
// 还原暂时没做备份提示。
dataBackMng.executeSQL("use " + SPLIT + db + SPLIT + BR);
dataBackMng.executeSQL(sql);
// 若db发生变化,需要处理jdbc
try {
String defaultCatalog = dataBackMng.getDefaultCatalog();
if (!defaultCatalog.equals(db)) {
String dbXmlPath = realPathResolver.get(dbXmlFileName);
dbXml(dbXmlPath, defaultCatalog, db);
}
} catch (Exception e) {
WebErrors errors = WebErrors.create(request);
errors.addErrorCode("db.revert.error");
errors.addErrorString(e.getMessage());
if (errors.hasErrors()) {
return errors.showErrorPage(model);
}
}
model.addAttribute("msg", "success");
return listDataBases(model, request, response);
}
@RequiresPermissions("data:o_export")
@RequestMapping(value = "/mysql/data/o_export.do")
public String exportSubmit(
String[] names, ModelMap model, HttpServletRequest request, HttpServletResponse response)
throws UnsupportedEncodingException {
if (validate(names, request)) {
WebErrors errors = WebErrors.create(request);
errors.addErrorCode(INVALID_PARAM);
return errors.showErrorPage(model);
}
String backName = "back";
if (names != null && names.length > 0 && names[0] != null) {
backName =
names[0].substring(
names[0].indexOf(Constants.BACKUP_PATH) + Constants.BACKUP_PATH.length() + 1);
}
List<FileEntry> fileEntrys = new ArrayList<FileEntry>();
response.setContentType("application/x-download;charset=UTF-8");
response.addHeader("Content-disposition", "filename=" + backName + ".zip");
for (String filename : names) {
File file = new File(realPathResolver.get(filename));
fileEntrys.add(new FileEntry("", "", file));
}
try {
// 模板一般都在windows下编辑,所以默认编码为GBK
Zipper.zip(response.getOutputStream(), fileEntrys, "GBK");
} catch (IOException e) {
log.error("export db error!", e);
}
return null;
}
private WebErrors validateDelete(String[] names, HttpServletRequest request) {
WebErrors errors = WebErrors.create(request);
errors.ifEmpty(names, "names");
if (names != null && names.length > 0) {
for (String name : names) {
// 导出阻止非法获取其他目录文件
if (!name.contains("/WEB-INF/backup/") || name.contains("../") || name.contains("..\\")) {
errors.addErrorCode(INVALID_PARAM);
}
}
} else {
errors.addErrorCode(INVALID_PARAM);
}
for (String id : names) {
vldExist(id, errors);
}
return errors;
}
private WebErrors validatePasswordSubmit(
Integer id, String origPwd, String newPwd, String email, HttpServletRequest request) {
WebErrors errors = WebErrors.create(request);
if (errors.ifBlank(origPwd, "origPwd", 100)) {
return errors;
}
if (errors.ifMaxLength(newPwd, "newPwd", 100)) {
return errors;
}
if (errors.ifNotEmail(email, "email", 100)) {
return errors;
}
if (!cmsUserMng.isPasswordValid(id, origPwd)) {
errors.addErrorCode("member.origPwdInvalid");
return errors;
}
return errors;
}