Esempio n. 1
0
 private boolean CheckValidExt(String s_AllowExt, String sExt) {
   if (s_AllowExt.equals("")) {
     return true;
   }
   String[] aExt = myUtil.split(s_AllowExt, "|");
   for (int i = 0; i < aExt.length; i++) {
     if (aExt[i].toLowerCase().equals(sExt)) {
       return true;
     }
   }
   return false;
 }
Esempio n. 2
0
  private void InitUpload() throws ServletException, IOException {
    String sConfig = myUtil.ReadFile(myUtil.getConfigFileRealPath(m_request.getServletPath()));
    ArrayList aStyle = myUtil.getConfigArray("Style", sConfig);

    String sAllowExt, sUploadDir, sBaseUrl, sContentPath;
    String sCurrDir, sDir;
    int nAllowBrowse;
    String sPathShareImage, sPathShareFlash, sPathShareMedia, sPathShareOther;

    // param
    String sType = myUtil.dealNull(m_request.getParameter("type")).toUpperCase();
    String sStyleName = myUtil.dealNull(m_request.getParameter("style"));
    String sCusDir = myUtil.dealNull(m_request.getParameter("cusdir"));
    String sAction = myUtil.dealNull(m_request.getParameter("action")).toUpperCase();

    String s_SKey = myUtil.dealNull(m_request.getParameter("skey"));

    // InitUpload

    String[] aStyleConfig = new String[1];
    boolean bValidStyle = false;

    for (int i = 0; i < aStyle.size(); i++) {
      aStyleConfig = myUtil.split(aStyle.get(i).toString(), "|||");
      if (sStyleName.toLowerCase().equals(aStyleConfig[0].toLowerCase())) {
        bValidStyle = true;
        break;
      }
    }

    if (!bValidStyle) {
      out.print(getOutScript("alert('Invalid Style!')"));
      out.close();
      return;
    }

    if (!aStyleConfig[61].equals("1")) {
      sCusDir = "";
    }

    String ss_FileSize = "",
        ss_FileBrowse = "",
        ss_SpaceSize = "",
        ss_SpacePath = "",
        ss_PathMode = "",
        ss_PathUpload = "",
        ss_PathCusDir = "",
        ss_PathCode = "",
        ss_PathView = "";
    if ((aStyleConfig[61].equals("2")) && (!s_SKey.equals(""))) {
      ss_FileSize =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_FileSize"));
      ss_FileBrowse =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_FileBrowse"));
      ss_SpaceSize =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_SpaceSize"));
      ss_SpacePath =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_SpacePath"));
      ss_PathMode =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_PathMode"));
      ss_PathUpload =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_PathUpload"));
      ss_PathCusDir =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_PathCusDir"));
      ss_PathCode =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_PathCode"));
      ss_PathView =
          (String) myUtil.dealNull(m_session.getAttribute("eWebEditor_" + s_SKey + "_PathView"));

      if (myUtil.IsInt(ss_FileSize)) {
        aStyleConfig[11] = ss_FileSize;
        aStyleConfig[12] = ss_FileSize;
        aStyleConfig[13] = ss_FileSize;
        aStyleConfig[14] = ss_FileSize;
        aStyleConfig[15] = ss_FileSize;
        aStyleConfig[45] = ss_FileSize;
      } else {
        ss_FileSize = "";
      }
      if (ss_FileBrowse.equals("0") || ss_FileBrowse.equals("1")) {
        aStyleConfig[43] = ss_FileBrowse;
      } else {
        ss_FileBrowse = "";
      }
      if (myUtil.IsInt(ss_SpaceSize)) {
        aStyleConfig[78] = ss_SpaceSize;
      } else {
        ss_SpaceSize = "";
      }
      if (!ss_PathMode.equals("")) {
        aStyleConfig[19] = ss_PathMode;
      }
      if (!ss_PathUpload.equals("")) {
        aStyleConfig[3] = ss_PathUpload;
      }
      if (!ss_PathCode.equals("")) {
        aStyleConfig[23] = ss_PathCode;
      }
      if (!ss_PathView.equals("")) {
        aStyleConfig[22] = ss_PathView;
      }

      sCusDir = ss_PathCusDir;
    }

    sBaseUrl = aStyleConfig[19];
    nAllowBrowse = Integer.valueOf(aStyleConfig[43]).intValue();

    if (nAllowBrowse != 1) {
      out.print(getOutScript("alert('Do not allow browse!')"));
      out.close();
      return;
    }

    if (!sCusDir.equals("")) {
      sCusDir = myUtil.replace(sCusDir, "\\", "/");
      if ((sCusDir.startsWith("/"))
          || (sCusDir.startsWith("."))
          || (sCusDir.endsWith("."))
          || (sCusDir.indexOf("./") >= 0)
          || (sCusDir.indexOf("/.") >= 0)
          || (sCusDir.indexOf("//") >= 0)
          || (sCusDir.indexOf("..") >= 0)) {
        sCusDir = "";
      } else {
        if (!sCusDir.endsWith("/")) {
          sCusDir = sCusDir + "/";
        }
      }
    }

    sUploadDir = aStyleConfig[3];
    if (!sBaseUrl.equals("3")) {
      sUploadDir = myUtil.getRealPathFromRelative(m_request.getServletPath(), sUploadDir);
    }
    sUploadDir = GetSlashPath(sUploadDir);
    sUploadDir =
        sUploadDir
            + myUtil.replace(myUtil.replace(sCusDir, "/", sFileSeparator), "\\", sFileSeparator);

    if (sType.equals("FILE")) {
      sAllowExt = aStyleConfig[6];
    } else if (sType.equals("MEDIA")) {
      sAllowExt = aStyleConfig[9];
    } else if (sType.equals("FLASH")) {
      sAllowExt = aStyleConfig[7];
    } else {
      sAllowExt = aStyleConfig[8];
    }

    sPathShareImage =
        GetSlashPath(
            myUtil.getRealPathFromRelative(m_request.getServletPath(), "sharefile/image/"));
    sPathShareFlash =
        GetSlashPath(
            myUtil.getRealPathFromRelative(m_request.getServletPath(), "sharefile/flash/"));
    sPathShareMedia =
        GetSlashPath(
            myUtil.getRealPathFromRelative(m_request.getServletPath(), "sharefile/media/"));
    sPathShareOther =
        GetSlashPath(
            myUtil.getRealPathFromRelative(m_request.getServletPath(), "sharefile/other/"));

    String s_Out = "";
    if (sAction.equals("FILE")) {

      String s_ReturnFlag = myUtil.dealNull(m_request.getParameter("returnflag"));
      String s_FolderType = myUtil.dealNull(m_request.getParameter("foldertype"));
      String s_Dir = myUtil.dealNull(m_request.getParameter("dir"));
      s_Dir = java.net.URLDecoder.decode(s_Dir, "UTF-" + "8");

      String s_CurrDir = "";
      if (s_FolderType.equals("upload")) {
        s_CurrDir = sUploadDir;
      } else if (s_FolderType.equals("shareimage")) {
        sAllowExt = "";
        s_CurrDir = sPathShareImage;
      } else if (s_FolderType.equals("shareflash")) {
        sAllowExt = "";
        s_CurrDir = sPathShareFlash;
      } else if (s_FolderType.equals("sharemedia")) {
        sAllowExt = "";
        s_CurrDir = sPathShareMedia;
      } else {
        s_FolderType = "shareother";
        sAllowExt = "";
        s_CurrDir = sPathShareOther;
      }

      s_Dir = myUtil.replace(s_Dir, "\\", "/");
      if ((s_Dir.startsWith("/"))
          || (s_Dir.startsWith("."))
          || (s_Dir.endsWith("."))
          || (s_Dir.indexOf("./") >= 0)
          || (s_Dir.indexOf("/.") >= 0)
          || (s_Dir.indexOf("//") >= 0)
          || (s_Dir.indexOf("..") >= 0)) {
        s_Dir = "";
      }

      String s_Dir2 = myUtil.replace(s_Dir, "/", sFileSeparator);
      s_Dir2 = myUtil.replace(s_Dir2, "\\", sFileSeparator);

      if (!s_Dir.equals("")) {
        if (CheckValidDir(s_CurrDir + s_Dir2)) {
          s_CurrDir += s_Dir2;
        } else {
          s_Dir = "";
        }
      }

      if (CheckValidDir(s_CurrDir)) {
        File file = new File(s_CurrDir);
        File[] filelist = file.listFiles();
        if (filelist != null && filelist.length > 0) {
          int n = -1;
          for (int i = 0; i < filelist.length; i++) {
            if (filelist[i].isFile()) {
              String s_FileName = filelist[i].getName();
              String s_FileExt = s_FileName.substring(s_FileName.lastIndexOf(".") + 1);
              s_FileExt = s_FileExt.toLowerCase();
              if (CheckValidExt(sAllowExt, s_FileExt)) {
                n++;
                s_Out =
                    s_Out
                        + "arr["
                        + String.valueOf(n)
                        + "]=new Array(\""
                        + s_FileName
                        + "\", \""
                        + String.valueOf(convertFileSize(filelist[i].length()))
                        + "\",\""
                        + formatDate(new Date(filelist[i].lastModified()))
                        + "\");\n";
              }
            }
          }
        }
      }

      s_Out =
          "var arr = new Array();\n"
              + s_Out
              + "parent.setFileList('"
              + s_ReturnFlag
              + "', '"
              + s_FolderType
              + "', '"
              + s_Dir
              + "', arr);";
      out.print(getOutScript(s_Out));

    } else {

      s_Out = "var arrUpload = new Array();\n";
      s_Out += "var arrShareImage = new Array();\n";
      s_Out += "var arrShareFlash = new Array();\n";
      s_Out += "var arrShareMedia = new Array();\n";
      s_Out += "var arrShareOther = new Array();\n";

      s_Out += GetFolderTree(sUploadDir, "Upload", 1, 0).get(0).toString();

      sAllowExt = "";
      if (sType.equals("FILE")) {
        s_Out += GetFolderTree(sPathShareImage, "ShareImage", 1, 0).get(0).toString();
        s_Out += GetFolderTree(sPathShareFlash, "ShareFlash", 1, 0).get(0).toString();
        s_Out += GetFolderTree(sPathShareMedia, "ShareMedia", 1, 0).get(0).toString();
        s_Out += GetFolderTree(sPathShareOther, "ShareOther", 1, 0).get(0).toString();
      } else if (sType.equals("MEDIA")) {
        s_Out += GetFolderTree(sPathShareMedia, "ShareMedia", 1, 0).get(0).toString();
      } else if (sType.equals("FLASH")) {
        s_Out += GetFolderTree(sPathShareFlash, "ShareFlash", 1, 0).get(0).toString();
      } else {
        s_Out += GetFolderTree(sPathShareImage, "ShareImage", 1, 0).get(0).toString();
      }

      s_Out +=
          "parent.setFolderList(arrUpload, arrShareImage, arrShareFlash, arrShareMedia, arrShareOther);";
      out.print(getOutScript(s_Out));
    }
  }