1: <?php
2: namespace Opencart\Admin\Controller\Tool;
3: /**
4: * Class Upload
5: *
6: * @package Opencart\Admin\Controller\Tool
7: */
8: class Upload extends \Opencart\System\Engine\Controller {
9: /**
10: * Index
11: *
12: * @return void
13: */
14: public function index(): void {
15: $this->load->language('tool/upload');
16:
17: $this->document->setTitle($this->language->get('heading_title'));
18:
19: $url = '';
20:
21: if (isset($this->request->get['sort'])) {
22: $url .= '&sort=' . $this->request->get['sort'];
23: }
24:
25: if (isset($this->request->get['order'])) {
26: $url .= '&order=' . $this->request->get['order'];
27: }
28:
29: if (isset($this->request->get['page'])) {
30: $url .= '&page=' . $this->request->get['page'];
31: }
32:
33: $data['breadcrumbs'] = [];
34:
35: $data['breadcrumbs'][] = [
36: 'text' => $this->language->get('text_home'),
37: 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'])
38: ];
39:
40: $data['breadcrumbs'][] = [
41: 'text' => $this->language->get('heading_title'),
42: 'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url)
43: ];
44:
45: $data['add'] = $this->url->link('tool/upload.form', 'user_token=' . $this->session->data['user_token'] . $url);
46: $data['delete'] = $this->url->link('tool/upload.delete', 'user_token=' . $this->session->data['user_token']);
47:
48: $data['list'] = $this->getList();
49:
50: $data['user_token'] = $this->session->data['user_token'];
51:
52: $data['header'] = $this->load->controller('common/header');
53: $data['column_left'] = $this->load->controller('common/column_left');
54: $data['footer'] = $this->load->controller('common/footer');
55:
56: $this->response->setOutput($this->load->view('tool/upload', $data));
57: }
58:
59: /**
60: * List
61: *
62: * @return void
63: */
64: public function list(): void {
65: $this->load->language('tool/upload');
66:
67: $this->response->setOutput($this->getList());
68: }
69:
70: /**
71: * Get List
72: *
73: * @return string
74: */
75: protected function getList(): string {
76: if (isset($this->request->get['filter_name'])) {
77: $filter_name = $this->request->get['filter_name'];
78: } else {
79: $filter_name = '';
80: }
81:
82: if (isset($this->request->get['filter_date_from'])) {
83: $filter_date_from = $this->request->get['filter_date_from'];
84: } else {
85: $filter_date_from = '';
86: }
87:
88: if (isset($this->request->get['filter_date_to'])) {
89: $filter_date_to = $this->request->get['filter_date_to'];
90: } else {
91: $filter_date_to = '';
92: }
93:
94: if (isset($this->request->get['sort'])) {
95: $sort = (string)$this->request->get['sort'];
96: } else {
97: $sort = 'date_added';
98: }
99:
100: if (isset($this->request->get['order'])) {
101: $order = (string)$this->request->get['order'];
102: } else {
103: $order = 'DESC';
104: }
105:
106: if (isset($this->request->get['page'])) {
107: $page = (int)$this->request->get['page'];
108: } else {
109: $page = 1;
110: }
111:
112: $url = '';
113:
114: if (isset($this->request->get['filter_name'])) {
115: $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
116: }
117:
118: if (isset($this->request->get['filter_date_from'])) {
119: $url .= '&filter_date_from=' . $this->request->get['filter_date_from'];
120: }
121:
122: if (isset($this->request->get['filter_date_to'])) {
123: $url .= '&filter_date_to=' . $this->request->get['filter_date_to'];
124: }
125:
126: if (isset($this->request->get['sort'])) {
127: $url .= '&sort=' . $this->request->get['sort'];
128: }
129:
130: if (isset($this->request->get['order'])) {
131: $url .= '&order=' . $this->request->get['order'];
132: }
133:
134: if (isset($this->request->get['page'])) {
135: $url .= '&page=' . $this->request->get['page'];
136: }
137:
138: $data['action'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . $url);
139:
140: $data['uploads'] = [];
141:
142: $filter_data = [
143: 'filter_name' => $filter_name,
144: 'filter_date_from' => $filter_date_from,
145: 'filter_date_to' => $filter_date_to,
146: 'sort' => $sort,
147: 'order' => $order,
148: 'start' => ($page - 1) * $this->config->get('config_pagination_admin'),
149: 'limit' => $this->config->get('config_pagination_admin')
150: ];
151:
152: $this->load->model('tool/upload');
153:
154: $results = $this->model_tool_upload->getUploads($filter_data);
155:
156: foreach ($results as $result) {
157: $data['uploads'][] = [
158: 'upload_id' => $result['upload_id'],
159: 'name' => $result['name'],
160: 'code' => $result['code'],
161: 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])),
162: 'download' => $this->url->link('tool/upload.download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url)
163: ];
164: }
165:
166: $url = '';
167:
168: if (isset($this->request->get['filter_name'])) {
169: $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
170: }
171:
172: if (isset($this->request->get['filter_date_from'])) {
173: $url .= '&filter_date_from=' . $this->request->get['filter_date_from'];
174: }
175:
176: if (isset($this->request->get['filter_date_to'])) {
177: $url .= '&filter_date_to=' . $this->request->get['filter_date_to'];
178: }
179:
180: if ($order == 'ASC') {
181: $url .= '&order=DESC';
182: } else {
183: $url .= '&order=ASC';
184: }
185:
186: if (isset($this->request->get['page'])) {
187: $url .= '&page=' . $this->request->get['page'];
188: }
189:
190: $data['sort_name'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url);
191: $data['sort_code'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . '&sort=code' . $url);
192: $data['sort_date_added'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url);
193:
194: $url = '';
195:
196: if (isset($this->request->get['filter_name'])) {
197: $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
198: }
199:
200: if (isset($this->request->get['filter_date_from'])) {
201: $url .= '&filter_date_from=' . $this->request->get['filter_date_from'];
202: }
203:
204: if (isset($this->request->get['filter_date_to'])) {
205: $url .= '&filter_date_to=' . $this->request->get['filter_date_to'];
206: }
207:
208: if (isset($this->request->get['sort'])) {
209: $url .= '&sort=' . $this->request->get['sort'];
210: }
211:
212: if (isset($this->request->get['order'])) {
213: $url .= '&order=' . $this->request->get['order'];
214: }
215:
216: $upload_total = $this->model_tool_upload->getTotalUploads($filter_data);
217:
218: $data['pagination'] = $this->load->controller('common/pagination', [
219: 'total' => $upload_total,
220: 'page' => $page,
221: 'limit' => $this->config->get('config_pagination_admin'),
222: 'url' => $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}')
223: ]);
224:
225: $data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_pagination_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_pagination_admin')) > ($upload_total - $this->config->get('config_pagination_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_pagination_admin')) + $this->config->get('config_pagination_admin')), $upload_total, ceil($upload_total / $this->config->get('config_pagination_admin')));
226:
227: $data['filter_name'] = $filter_name;
228: $data['filter_date_from'] = $filter_date_from;
229: $data['filter_date_to'] = $filter_date_to;
230:
231: $data['sort'] = $sort;
232: $data['order'] = $order;
233:
234: return $this->load->view('tool/upload_list', $data);
235: }
236:
237: /**
238: * Delete
239: *
240: * @return void
241: */
242: public function delete(): void {
243: $this->load->language('tool/upload');
244:
245: $json = [];
246:
247: if (isset($this->request->post['selected'])) {
248: $selected = $this->request->post['selected'];
249: } else {
250: $selected = [];
251: }
252:
253: if (!$this->user->hasPermission('modify', 'tool/upload')) {
254: $json['error'] = $this->language->get('error_permission');
255: }
256:
257: if (!$json) {
258: $this->load->model('tool/upload');
259:
260: foreach ($selected as $upload_id) {
261: // Remove file before deleting DB record.
262: $upload_info = $this->model_tool_upload->getUpload($upload_id);
263:
264: if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) {
265: unlink(DIR_UPLOAD . $upload_info['filename']);
266: }
267:
268: $this->model_tool_upload->deleteUpload($upload_id);
269: }
270:
271: $json['success'] = $this->language->get('text_success');
272: }
273:
274: $this->response->addHeader('Content-Type: application/json');
275: $this->response->setOutput(json_encode($json));
276: }
277:
278: /**
279: * Download
280: *
281: * @return void
282: */
283: public function download(): void {
284: $this->load->language('tool/upload');
285:
286: if (isset($this->request->get['code'])) {
287: $code = $this->request->get['code'];
288: } else {
289: $code = '';
290: }
291:
292: $this->load->model('tool/upload');
293:
294: $upload_info = $this->model_tool_upload->getUploadByCode($code);
295:
296: if ($upload_info) {
297: $file = DIR_UPLOAD . $upload_info['filename'];
298: $mask = basename($upload_info['name']);
299:
300: if (!headers_sent()) {
301: if (is_file($file)) {
302: header('Content-Type: application/octet-stream');
303: header('Content-Description: File Transfer');
304: header('Content-Disposition: attachment; filename="' . ($mask ?: basename($file)) . '"');
305: header('Content-Transfer-Encoding: binary');
306: header('Expires: 0');
307: header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
308: header('Pragma: public');
309: header('Content-Length: ' . filesize($file));
310:
311: readfile($file);
312: exit;
313: } else {
314: exit(sprintf($this->language->get('error_not_found'), basename($file)));
315: }
316: } else {
317: exit($this->language->get('error_headers_sent'));
318: }
319: } else {
320: $this->load->language('error/not_found');
321:
322: $this->document->setTitle($this->language->get('heading_title'));
323:
324: $data['breadcrumbs'] = [];
325:
326: $data['breadcrumbs'][] = [
327: 'text' => $this->language->get('text_home'),
328: 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'])
329: ];
330:
331: $data['breadcrumbs'][] = [
332: 'text' => $this->language->get('heading_title'),
333: 'href' => $this->url->link('error/not_found', 'user_token=' . $this->session->data['user_token'])
334: ];
335:
336: $data['header'] = $this->load->controller('common/header');
337: $data['column_left'] = $this->load->controller('common/column_left');
338: $data['footer'] = $this->load->controller('common/footer');
339:
340: $this->response->setOutput($this->load->view('error/not_found', $data));
341: }
342: }
343:
344: /**
345: * Upload
346: *
347: * @return void
348: */
349: public function upload(): void {
350: $this->load->language('tool/upload');
351:
352: $json = [];
353:
354: // Check user has permission
355: if (!$this->user->hasPermission('modify', 'tool/upload')) {
356: $json['error'] = $this->language->get('error_permission');
357: }
358:
359: if (empty($this->request->files['file']['name']) || !is_file($this->request->files['file']['tmp_name'])) {
360: $json['error'] = $this->language->get('error_upload');
361: }
362:
363: if (!$json) {
364: // Sanitize the filename
365: $filename = basename(html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'));
366:
367: // Validate the filename length
368: if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 128)) {
369: $json['error'] = $this->language->get('error_filename');
370: }
371:
372: // Allowed file extension types
373: $allowed = [];
374:
375: $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));
376:
377: $filetypes = explode("\n", $extension_allowed);
378:
379: foreach ($filetypes as $filetype) {
380: $allowed[] = trim($filetype);
381: }
382:
383: if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
384: $json['error'] = $this->language->get('error_file_type');
385: }
386:
387: // Allowed file mime types
388: $allowed = [];
389:
390: $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));
391:
392: $filetypes = explode("\n", $mime_allowed);
393:
394: foreach ($filetypes as $filetype) {
395: $allowed[] = trim($filetype);
396: }
397:
398: if (!in_array($this->request->files['file']['type'], $allowed)) {
399: $json['error'] = $this->language->get('error_file_type');
400: }
401:
402: // Return any upload error
403: if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
404: $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
405: }
406: }
407:
408: if (!$json) {
409: $file = $filename . '.' . oc_token(32);
410:
411: move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);
412:
413: // Hide the uploaded file name so people cannot link to it directly.
414: $this->load->model('tool/upload');
415:
416: $json['code'] = $this->model_tool_upload->addUpload($filename, $file);
417:
418: $json['success'] = $this->language->get('text_success');
419: }
420:
421: $this->response->addHeader('Content-Type: application/json');
422: $this->response->setOutput(json_encode($json));
423: }
424: }
425: