1: <?php
2: namespace Opencart\Catalog\Controller\Tool;
3: /**
4: * Class Upload
5: *
6: * @package Opencart\Catalog\Controller\Tool
7: */
8: class Upload extends \Opencart\System\Engine\Controller {
9: /**
10: * @return void
11: */
12: public function index(): void {
13: $this->load->language('tool/upload');
14:
15: $json = [];
16:
17: // Validate the filename length
18: if (!isset($this->request->get['upload_token']) || !isset($this->session->data['upload_token']) || ($this->session->data['upload_token'] != $this->request->get['upload_token'])) {
19: $json['error'] = $this->language->get('error_token');
20: }
21:
22: if (!$json) {
23: if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
24: // Sanitize the filename
25: $filename = basename(preg_replace('/[^a-zA-Z0-9\.\-\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')));
26:
27: // Validate the filename length
28: if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 64)) {
29: $json['error'] = $this->language->get('error_filename');
30: }
31:
32: // Allowed file extension types
33: $allowed = [];
34:
35: $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));
36:
37: $filetypes = explode("\n", $extension_allowed);
38:
39: foreach ($filetypes as $filetype) {
40: $allowed[] = trim($filetype);
41: }
42:
43: if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
44: $json['error'] = $this->language->get('error_file_type');
45: }
46:
47: // Allowed file mime types
48: $allowed = [];
49:
50: $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));
51:
52: $filetypes = explode("\n", $mime_allowed);
53:
54: foreach ($filetypes as $filetype) {
55: $allowed[] = trim($filetype);
56: }
57:
58: if (!in_array($this->request->files['file']['type'], $allowed)) {
59: $json['error'] = $this->language->get('error_file_type');
60: }
61:
62: // Return any upload error
63: if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
64: $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
65: }
66: } else {
67: $json['error'] = $this->language->get('error_upload');
68: }
69: }
70:
71: if (!$json) {
72: $file = $filename . '.' . oc_token(32);
73:
74: move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);
75:
76: // Hide the uploaded file name so people cannot link to it directly.
77: $this->load->model('tool/upload');
78:
79: $json['code'] = $this->model_tool_upload->addUpload($filename, $file);
80:
81: $json['success'] = $this->language->get('text_upload');
82: }
83:
84: $this->response->addHeader('Content-Type: application/json');
85: $this->response->setOutput(json_encode($json));
86: }
87: }
88: