code

service/ocean_order.class.php

@@ -96,6 +96,7 @@ class ocean_order {
             $url = $_POST['url'];
             $h_bol = $_POST['h_bol'];
             $label = $_POST['label'];
+            $standard = $_POST['standard'];
             $is_topocean = $_POST['is_topocean'];
 
             $fileMap = array();
@@ -128,10 +129,13 @@ class ocean_order {
                     // $myfile = fopen($path, "w") or die("Unable to open file!");
                     // fwrite($myfile, $data);
                     // fclose($myfile);
-                   
-                    // //真实路径 => 压缩包内新名字
-                    // $customName = $label."_".$h_bol."_".basename($path);
-                    // $fileMap[] = array($path =>$customName);
+
+                    // $fileMap[] = [
+                    //         'file_path' => $path,
+                    //         'h_bol' => $h_bol[$key],
+                    //         'format_name' => $label[$key],
+                    //         'standard' => $standard[$key]
+                    //     ];
                 }else{
                     $filename = common::deCode($_url_param, 'D');
                     $filename = str_replace("/", DIRECTORY_SEPARATOR, $filename);
@@ -142,7 +146,8 @@ class ocean_order {
                     $fileMap[] = [
                             'file_path' => $filename,
                             'h_bol' => $h_bol[$key],
-                            'format_name' => $label[$key]
+                            'format_name' => $label[$key],
+                            'standard' => $standard[$key]
                         ];
                 }
             }
@@ -1964,6 +1969,7 @@ class ocean_order {
         //ocean的相关配置参数    
         $OutFileURL = common::excuteOneSql("select item_value from config where item='OutFileURL'");
         $ocean_can_view_file = common::excuteOneSql("select ocean_can_view_file from ra_online_user where user_login='".$_SESSION['ONLINE_USER']['user_login']."'");
+        //$ocean_can_view_file = '{"HBL":[{"type":"TELEX","value":""}],"MBL":[{"type":"TELEX","value":""}]}';
         $tar = json_decode($ocean_can_view_file,true);
         $sqlFiterWhere = "1<>1 ";
         foreach($tar as $_tar){
@@ -2016,7 +2022,7 @@ class ocean_order {
                 $file_serial_nos = utils::implode(';',$file_serial_nos);
 
                 $filefilter = " ('TELEX') ";
-                $fileSql = "SELECT ff.format_name,
+                $fileSql = "SELECT ff.format_name,ff.standard,
                             from_system,doc.serial_no,file_path, file_name, upload_by, to_char(upload_date, 'MM/DD/YYYY') as upload_date
                         from $_schemas.ra_online_doc_upload doc
                             left join $_schemas.ra_online_file_format ff on ff.serial_no = doc.format_serailno
@@ -2034,6 +2040,7 @@ class ocean_order {
                                     "url_param" =>$OutFileURL.'/download.php?_schemas=&a='.base64_encode(base64_encode($rs['serial_no'])),
                                     "file_name" => $rs['file_name'],
                                     "format_name" => $rs['format_name'],
+                                    "standard" => $rs['standard'],
                                     "detail"=>$rs['upload_date'],
                                     "is_topocean" =>true);
                     }else {
@@ -2041,6 +2048,7 @@ class ocean_order {
                                 "url_param" => common::deCode($rs['file_path'] . DS . $rs['file_name'], 'E'),
                                 "file_name" => $rs['file_name'],
                                 "format_name" => $rs['format_name'],
+                                "standard" => $rs['standard'],
                                 "detail"=>$rs['upload_date'],
                                 "is_topocean" =>false);
                     }
@@ -2062,7 +2070,7 @@ class ocean_order {
                 $file_serial_nos = utils::implode(';',$file_serial_nos);
 
                 $filefilter = " ('TELEX') ";
-                $fileSql = "SELECT ff.format_name,
+                $fileSql = "SELECT ff.format_name,ff.standard
                             file_path, file_name, upload_by, to_char(upload_date, 'MM/DD/YYYY') as upload_date
                         from $_schemas.air_doc_upload 
                             left join $_schemas.air_file_format ff on ff.serial_no = air_doc_upload.format_serailno
@@ -2079,6 +2087,7 @@ class ocean_order {
                                 "url_param"=>common::deCode($rs['file_path'] . DS . $rs['file_name'], 'E'),
                                 "file_name" => $rs['file_name'],
                                 "format_name" => $rs['format_name'],
+                                "standard" => $rs['standard'],
                                 "detail"=>$rs['upload_date'],
                                 "is_topocean" =>false);
                 } 

utils/common.class.php

@@ -1030,11 +1030,13 @@ class common {
             ob_end_clean();
         }
 
-        $f = ONLINE_ROOT . DS . "tmp" . DS . "Attachment Summary_" . date('Y-m-dH\hi\ms\s', time()) . ".zip";
+        $f = ONLINE_ROOT . DS . "upload" . DS . "Attachment_Summary_" . date('Y-m-dH\hi\ms\s', time()) . ".zip";
         $zip = new ZipArchive();
 
         if ($zip->open($f, ZipArchive::OVERWRITE) === TRUE ||
             $zip->open($f, ZipArchive::CREATE) === TRUE) {
+            
+        } else {
             die("create ZIP faild。");
         }
 
@@ -1052,6 +1054,7 @@ class common {
         foreach ($grouped as $formatName => $fileList) {
             // 生成子文件夹名：FormatName_YYYYMMDD_HHMMSS
             $subFolderName = $formatName . '_' . date('Ymd') . '_' . date('His');
+            $subFolderName = common::sanitizeFilename($subFolderName);
 
             // 添加子文件夹（空目录）
             $zip->addEmptyDir($subFolderName);
@@ -1068,7 +1071,8 @@ class common {
                 $realPath = $file['file_path'];
                 $extend = self::getExtendFilename($realPath);
 
-                $fileName = $file['h_bol']."_".$file['format_name']."_V".$h_bol_num[$file['h_bol']].".".$extend;
+                $fileName = $file['h_bol']."_".$file['standard']."_V".$h_bol_num[$file['h_bol']].".".$extend;
+                $fileName = common::sanitizeFilename($fileName);
 
                 if (file_exists($realPath) && is_file($realPath)) {
                     $targetPath = $subFolderName . '/' . $fileName;
@@ -4247,5 +4251,40 @@ class common {
 
         return trim($backString);
     }
+
+    /**
+     * 过滤文件名中的非法字符（适用于 Windows / Linux / macOS）
+     *
+     * @param string $filename 原始文件名
+     * @param string $replacement 替换非法字符的符号（默认用下划线）
+     * @return string 安全的文件名
+     */
+    public static function sanitizeFilename($filename, $replacement = '_')
+    {
+        // 定义非法字符（Windows 系统最严格）
+        $illegalChars = ['\\', '/', ':', '*', '?', '"', '<', '>', '|', "\0"];
+
+        // 更严格的：也替换制表符、换行符、回车
+        $illegalChars = array_merge($illegalChars, ["\t", "\n", "\r"]);
+
+        // 替换所有非法字符
+        $safeName = str_replace($illegalChars, $replacement, $filename);
+
+        // 额外清理：多个连续的替换符 → 变成一个（如 ___ → _）
+        $safeName = preg_replace('/' . preg_quote($replacement, '/') . '+/', $replacement, $safeName);
+
+        // 去除首尾空白和替换符
+        $safeName = trim($safeName, " \t\n\r\0\x0B" . $replacement);
+
+        // 防止以点或横线开头/结尾（某些系统敏感）
+        $safeName = trim($safeName, '.-');
+
+        // 如果清理后为空，返回默认名
+        if ($safeName === '' || $safeName === '.' || $safeName === '..') {
+            $safeName = 'file_' . time();
+        }
+
+        return $safeName;
+    }
 }
 ?>