<%@page import="jcms.util.SafeUtil"%> <%@page contentType="text/html;charset=UTF-8" %> <%@page import="jcms.blf.info.SearchInfoBLF"%> <%@page import="jcms.entity.SearchInfoEntity"%> <%@page import="com.hanweb.common.log.LogWriter"%> <%@page import="com.hanweb.common.util.Convert"%> <%@page import="java.util.regex.Matcher"%> <%@page import="java.util.regex.Pattern"%> <%@page import="jcms.util.AccessUtil"%> <%@page import="jcms.extramodule.redress.RedressFun"%> <%@ include file="./config.jsp"%> <% if(!AccessUtil.checkAccess(request)){ //阻止跨站点请求伪造 out.print(Convert.getAlterScript("location.href='../../';")); return; } String strURL = Convert.getParameter(request, "arturl", "", true, true); // 文章URL strURL = strURL.replaceAll("(?i)]*>.*?<\\/script>","").replaceAll("\"",""); String url = request.getHeader("Referer"); if(SafeUtil.isSqlAndXss(strURL) || SafeUtil.isXss(url)){ out.println("参数包含非法字符,禁止访问"); return; } int artId = 0; // 文章id int colId = 0; // 文章所属的栏目id String strValue = ""; if("".equals(strURL)){ out.println(Convert.getAlterScript("alert('文章URL不可为空!');window.close();")); return; } /* 找出当前html页面的name */ String regEx = "(art_)([0-9_]+)(\\.html)"; regEx = "((?i)"+regEx+")"; // 忽略大小写 Pattern p = Pattern.compile(regEx, Pattern.CASE_INSENSITIVE); Matcher m = p.matcher(strURL); boolean result = m.find(); if (result) { strValue = m.group(); }else{ strValue = ""; LogWriter.error("the parameter article's url is illegal!"); out.println(Convert.getAlterScript("alert('无法正确解析URL!');window.close();")); return; } /* 从URL中提取栏目和信息id */ if(!"".equals(strValue)){ int nPos = strValue.indexOf("."); if(nPos > 0){ strValue = strValue.substring(0, nPos); String[] strData = strValue.split("_"); if(strData != null && strData.length == 3){ colId = Convert.getStringValueInt(strData[1]); artId = Convert.getStringValueInt(strData[2]); } } }if(colId > 0 && artId > 0){ SearchInfoBLF blf = new SearchInfoBLF(strAppID, Convert.getStringValueInt(strWebID)); jcms.entity.SearchInfoEntity entity = blf.getEntityWhenNotFoundInfo(artId, colId); if( entity != null ){ /* 替换样式中的相应内容 */ String strTitle = entity.getVc_title(); strTitle = Convert.removeHTMLTag(strTitle); entity.setVc_title(strTitle); String strPath = application.getRealPath("") + "/jcms_files/jcms" + strAppID + "/web" + strWebID + "/site/module/redress/config/config.xml"; String strContent = xmlFile.getContent("content", strPath); String strHD = xmlFile.getContent("url", strPath); String strGroupId = xmlFile.getContent("groupid", strPath); String type = xmlFile.getContent("type", strPath); if("".equals(strHD) && type.equals("0") ){ out.println(Convert.getAlterScript("alert('请指定互动访问地址!');window.close();")); return; } int pos1 = 0; int pos2 =0; String strTemp = ""); if(pos1 != -1 && pos2 != -1 && pos1 < pos2) { strContent = strContent.substring(pos1+strTemp.length(),pos2); } RedressFun redress = new RedressFun(); //strContent = redress.parseContent(strContent, entity, strURL); // 替换显示内容 strContent = redress.parseContent(strContent, entity, url); // 替换显示内容 out.println( "\n "); out.println( "
\n "); out.println( "\n"); //lm out.println( "\n"); //jact out.println( "\n"); out.println( "\n"); //lm out.println( "\n"); //jact out.println( "\n"); out.println( "
\n" ); out.println( ""); } else{ out.println(Convert.getAlterScript("alert('没有找到相应信息!');window.close();")); return; } }else{ out.println(Convert.getAlterScript("alert('URL非法,无法解析!');window.close();")); return; } %>