/** 查看留言回复 */
 @RequestMapping(value = "/member/guestbook_replay.jspx")
 public String guestbook_replay(
     Integer id,
     String nextUrl,
     HttpServletRequest request,
     HttpServletResponse response,
     ModelMap model) {
   CmsSite site = CmsUtils.getSite(request);
   CmsUser user = CmsUtils.getUser(request);
   FrontUtils.frontData(request, model, site);
   MemberConfig mcfg = site.getConfig().getMemberConfig();
   // 没有开启会员功能
   if (!mcfg.isMemberOn()) {
     return FrontUtils.showMessage(request, model, "member.memberClose");
   }
   if (user == null) {
     return FrontUtils.showLogin(request, model, site);
   }
   CmsGuestbook guestbook = guestbookMng.findById(id);
   if (!guestbook.getMember().equals(user)) {
     WebErrors errors = WebErrors.create(request);
     errors.addErrorCode("error.noPermissionsView");
     return FrontUtils.showError(request, response, model, errors);
   }
   model.addAttribute("guestbook", guestbook);
   return FrontUtils.getTplPath(
       request, site.getSolutionPath(), TPLDIR_GUESTBOOK, GUESTBOOK_REPLAY);
 }
 @RequiresPermissions("data:o_revert")
 @RequestMapping("/mysql/data/o_revert.do")
 public String revert(
     String filename,
     String db,
     ModelMap model,
     HttpServletRequest request,
     HttpServletResponse response)
     throws IOException {
   String backpath = realPathResolver.get(Constants.BACKUP_PATH);
   String backFilePath = backpath + SLASH + filename;
   String sql = readFile(backFilePath);
   // 还原暂时没做备份提示。
   dataBackMng.executeSQL("use " + SPLIT + db + SPLIT + BR);
   dataBackMng.executeSQL(sql);
   // 若db发生变化,需要处理jdbc
   try {
     String defaultCatalog = dataBackMng.getDefaultCatalog();
     if (!defaultCatalog.equals(db)) {
       String dbXmlPath = realPathResolver.get(dbXmlFileName);
       dbXml(dbXmlPath, defaultCatalog, db);
     }
   } catch (Exception e) {
     WebErrors errors = WebErrors.create(request);
     errors.addErrorCode("db.revert.error");
     errors.addErrorString(e.getMessage());
     if (errors.hasErrors()) {
       return errors.showErrorPage(model);
     }
   }
   model.addAttribute("msg", "success");
   return listDataBases(model, request, response);
 }
  @RequiresPermissions("data:o_export")
  @RequestMapping(value = "/mysql/data/o_export.do")
  public String exportSubmit(
      String[] names, ModelMap model, HttpServletRequest request, HttpServletResponse response)
      throws UnsupportedEncodingException {
    if (validate(names, request)) {
      WebErrors errors = WebErrors.create(request);
      errors.addErrorCode(INVALID_PARAM);
      return errors.showErrorPage(model);
    }
    String backName = "back";
    if (names != null && names.length > 0 && names[0] != null) {
      backName =
          names[0].substring(
              names[0].indexOf(Constants.BACKUP_PATH) + Constants.BACKUP_PATH.length() + 1);
    }

    List<FileEntry> fileEntrys = new ArrayList<FileEntry>();
    response.setContentType("application/x-download;charset=UTF-8");
    response.addHeader("Content-disposition", "filename=" + backName + ".zip");
    for (String filename : names) {
      File file = new File(realPathResolver.get(filename));
      fileEntrys.add(new FileEntry("", "", file));
    }
    try {
      // 模板一般都在windows下编辑,所以默认编码为GBK
      Zipper.zip(response.getOutputStream(), fileEntrys, "GBK");
    } catch (IOException e) {
      log.error("export db error!", e);
    }
    return null;
  }
 private WebErrors validateDelete(String[] names, HttpServletRequest request) {
   WebErrors errors = WebErrors.create(request);
   errors.ifEmpty(names, "names");
   if (names != null && names.length > 0) {
     for (String name : names) {
       // 导出阻止非法获取其他目录文件
       if (!name.contains("/WEB-INF/backup/") || name.contains("../") || name.contains("..\\")) {
         errors.addErrorCode(INVALID_PARAM);
       }
     }
   } else {
     errors.addErrorCode(INVALID_PARAM);
   }
   for (String id : names) {
     vldExist(id, errors);
   }
   return errors;
 }
Exemple #5
0
 private WebErrors validatePasswordSubmit(
     Integer id, String origPwd, String newPwd, String email, HttpServletRequest request) {
   WebErrors errors = WebErrors.create(request);
   if (errors.ifBlank(origPwd, "origPwd", 100)) {
     return errors;
   }
   if (errors.ifMaxLength(newPwd, "newPwd", 100)) {
     return errors;
   }
   if (errors.ifNotEmail(email, "email", 100)) {
     return errors;
   }
   if (!cmsUserMng.isPasswordValid(id, origPwd)) {
     errors.addErrorCode("member.origPwdInvalid");
     return errors;
   }
   return errors;
 }