From 5a87939e860736da4433e4d2b9f1c54445f7ee77 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Sat, 23 Dec 2017 12:23:56 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=9C=AC=E5=9C=B0=E4=B8=8A?=
 =?UTF-8?q?=E4=BC=A0=E6=9C=AA=E9=99=90=E5=88=B6=E6=96=87=E4=BB=B6=E6=A0=BC?=
 =?UTF-8?q?=E5=BC=8F=E7=9A=84BUG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/controller/Ajax.php | 12 ++++++++++--
 application/admin/lang/zh-cn/ajax.php |  7 +++++++
 application/index/controller/Ajax.php | 28 ++++++++++++++++++---------
 application/index/lang/zh-cn/ajax.php |  7 +++++++
 4 files changed, 43 insertions(+), 11 deletions(-)
 create mode 100644 application/admin/lang/zh-cn/ajax.php
 create mode 100644 application/index/lang/zh-cn/ajax.php

diff --git a/application/admin/controller/Ajax.php b/application/admin/controller/Ajax.php
index d8970964..5c40c065 100644
--- a/application/admin/controller/Ajax.php
+++ b/application/admin/controller/Ajax.php
@@ -49,7 +49,7 @@ class Ajax extends Backend
         $file = $this->request->file('file');
         if (empty($file))
         {
-            $this->error("未上传文件或超出服务器上传限制");
+            $this->error(__('No file upload or server upload limit exceeded'));
         }
 
         //判断是否已经存在附件
@@ -64,6 +64,14 @@ class Ajax extends Backend
         $fileInfo = $file->getInfo();
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
         $suffix = $suffix ? $suffix : 'file';
+
+        $mimetypeArr = explode(',', $upload['mimetype']);
+        $typeArr = explode('/', $fileInfo['type']);
+        //验证文件后缀
+        if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr))
+        {
+            $this->error(__('Uploaded file format is limited'));
+        }
         $replaceArr = [
             '{year}'     => date("Y"),
             '{mon}'      => date("m"),
@@ -110,7 +118,7 @@ class Ajax extends Backend
             $attachment->data(array_filter($params));
             $attachment->save();
             \think\Hook::listen("upload_after", $attachment);
-            $this->success('上传成功', null, [
+            $this->success(__('Upload successful'), null, [
                 'url' => $uploadDir . $splInfo->getSaveName()
             ]);
         }
diff --git a/application/admin/lang/zh-cn/ajax.php b/application/admin/lang/zh-cn/ajax.php
new file mode 100644
index 00000000..fb78e7c1
--- /dev/null
+++ b/application/admin/lang/zh-cn/ajax.php
@@ -0,0 +1,7 @@
+<?php
+
+return [
+    'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制',
+    'Uploaded file format is limited'                => '上传文件格式受限制',
+    'Upload successful'                              => '上传成功',
+];
diff --git a/application/index/controller/Ajax.php b/application/index/controller/Ajax.php
index c656cce6..3c68fca4 100644
--- a/application/index/controller/Ajax.php
+++ b/application/index/controller/Ajax.php
@@ -37,17 +37,15 @@ class Ajax extends Frontend
      */
     public function upload()
     {
+        Config::set('default_return_type', 'json');
         $file = $this->request->file('file');
+        if (empty($file))
+        {
+            $this->error(__('No file upload or server upload limit exceeded'));
+        }
 
         //判断是否已经存在附件
         $sha1 = $file->hash();
-        $uploaded = model("attachment")->where('sha1', $sha1)->find();
-        if ($uploaded)
-        {
-            $this->success('', null, [
-                'url' => $uploaded['url']
-            ]);
-        }
 
         $upload = Config::get('upload');
 
@@ -58,6 +56,14 @@ class Ajax extends Frontend
         $fileInfo = $file->getInfo();
         $suffix = strtolower(pathinfo($fileInfo['name'], PATHINFO_EXTENSION));
         $suffix = $suffix ? $suffix : 'file';
+
+        $mimetypeArr = explode(',', $upload['mimetype']);
+        $typeArr = explode('/', $fileInfo['type']);
+        //验证文件后缀
+        if ($upload['mimetype'] !== '*' && !in_array($suffix, $mimetypeArr) && !in_array($fileInfo['type'], $mimetypeArr) && !in_array($typeArr[0] . '/*', $mimetypeArr))
+        {
+            $this->error(__('Uploaded file format is limited'));
+        }
         $replaceArr = [
             '{year}'     => date("Y"),
             '{mon}'      => date("m"),
@@ -97,10 +103,14 @@ class Ajax extends Frontend
                 'mimetype'    => $fileInfo['type'],
                 'url'         => $uploadDir . $splInfo->getSaveName(),
                 'uploadtime'  => time(),
+                'storage'     => 'local',
                 'sha1'        => $sha1,
             );
-            model("attachment")->create(array_filter($params));
-            $this->success('', null, [
+            $attachment = model("attachment");
+            $attachment->data(array_filter($params));
+            $attachment->save();
+            \think\Hook::listen("upload_after", $attachment);
+            $this->success(__('Upload successful'), null, [
                 'url' => $uploadDir . $splInfo->getSaveName()
             ]);
         }
diff --git a/application/index/lang/zh-cn/ajax.php b/application/index/lang/zh-cn/ajax.php
new file mode 100644
index 00000000..fb78e7c1
--- /dev/null
+++ b/application/index/lang/zh-cn/ajax.php
@@ -0,0 +1,7 @@
+<?php
+
+return [
+    'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制',
+    'Uploaded file format is limited'                => '上传文件格式受限制',
+    'Upload successful'                              => '上传成功',
+];