From 7be6cbdc8d19978e1b59cb4ded5e658ffc1ea2ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?= <3203164629@qq.com> Date: Wed, 20 Mar 2024 21:14:58 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E8=87=B3v1.87.5=EF=BC=8C?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=86=85=E5=AE=B9=E5=9C=A8DzzOffice=20?= =?UTF-8?q?=E7=AC=94=E8=AE=B0=E4=B8=AD=E6=9F=A5=E7=9C=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/class/perm/perm_check.php | 18 +++++++++++++++++- core/core_version.php | 4 ++-- core/function/function_core.php | 10 +++++++++- share.php | 3 ++- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/core/class/perm/perm_check.php b/core/class/perm/perm_check.php index bd7cb56..0451d57 100644 --- a/core/class/perm/perm_check.php +++ b/core/class/perm/perm_check.php @@ -20,6 +20,7 @@ class perm_check{ } return $perm; } + function getPerm($fid, $bz='',$i=0){ global $_G; if(isset($_G['gperm'])) return intval($_G['gperm']);//可以通过这个参数直接使用此权限值不去查询权限 @@ -62,6 +63,21 @@ class perm_check{ }else{ //继承上级,查找上级 if($folder['pfid']>0 && $folder['pfid']!=$folder['fid']){ //有上级目录 return self::getPerm($folder['pfid'],$bz,$i); + }elseif (shareLink($_GET['shareLink'],$_GET['path'])){ + return perm_binPerm::getGroupPower('read'); + }elseif($folder = C::t('folder')->fetch_home_by_uid($uid)){//查看当前用户的个人网盘fid + if($folder['fid']){ + if(!($folder['fid']==$fid)){//判断当前用户的个人网盘fid是否等于当前用户访问的fid + $fids = array(); + $fids[] = $folder['fid']; + foreach (C::t('folder')->fetch_all_folderfid_by_pfid($folder['fid']) as $v) {//查看当前用户的个人网盘下的所有目录 + $fids[] = $v; + } + if (!(in_array($fid,$fids))){ + return false; + } + } + } }else{ //其他的情况使用 return self::getuserPerm(); } @@ -181,7 +197,7 @@ class perm_check{ if(!perm_FolderSPerm::isPower($folder['fsperm'],$action)) return false; } if($_G['adminid']==1) return true; //网站管理员 有权限; - if($_G['uid']==$arr['uid']) return true; + return self::checkperm_Container($arr['pfid'],$action,$bz); } } diff --git a/core/core_version.php b/core/core_version.php index 13a71f6..067ef14 100644 --- a/core/core_version.php +++ b/core/core_version.php @@ -14,7 +14,7 @@ if(!defined('CORE_VERSION')) { define('CORE_VERSION', '2.02'); define('CORE_RELEASE', '20180909'); define('CORE_FIXBUG' , '20000000'); - define('CORE_XHVERSION', '1.87.4'); - define('CORE_XHRELEASE', '20240316'); + define('CORE_XHVERSION', '1.87.5'); + define('CORE_XHRELEASE', '20240320'); define('CORE_XHFIXBUG' , '20240110'); } \ No newline at end of file diff --git a/core/function/function_core.php b/core/function/function_core.php index c06594d..7c92ed1 100644 --- a/core/function/function_core.php +++ b/core/function/function_core.php @@ -3571,4 +3571,12 @@ function dzz_userconfig_init() $result = Hook::listen('sms',$params); return $result[0]; - } \ No newline at end of file + } + + function shareLink($shareLink,$path){ + $path=dzzdecode($path); + $pathh=dzzencode($path.$path); + if ($pathh==$shareLink){ + return true; + } +} \ No newline at end of file diff --git a/share.php b/share.php index 373eabb..e079a40 100644 --- a/share.php +++ b/share.php @@ -77,7 +77,8 @@ if($_GET['a']=='down'){ }, $url); //添加path参数; if(strpos($url,'?')!==false && strpos($url,'path=')===false){ - $url.='&path='.$icoarr['icoid']; + $shareLink=dzzdecode($icoarr['icoid']); + $url.='&path='.$icoarr['icoid'].'&shareLink='.dzzencode($shareLink.$shareLink); } $url = $_G['siteurl'].$url; @header("Location: $url");