1: | <?php
|
2: | namespace Opencart\Catalog\Controller\Tool;
|
3: | |
4: | |
5: | |
6: | |
7: |
|
8: | class Upload extends \Opencart\System\Engine\Controller {
|
9: | |
10: | |
11: |
|
12: | public function index(): void {
|
13: | $this->load->language('tool/upload');
|
14: |
|
15: | $json = [];
|
16: |
|
17: |
|
18: | if (!isset($this->request->get['upload_token']) || !isset($this->session->data['upload_token']) || ($this->session->data['upload_token'] != $this->request->get['upload_token'])) {
|
19: | $json['error'] = $this->language->get('error_token');
|
20: | }
|
21: |
|
22: | if (!$json) {
|
23: | if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
|
24: |
|
25: | $filename = basename(preg_replace('/[^a-zA-Z0-9\.\-\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')));
|
26: |
|
27: |
|
28: | if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 64)) {
|
29: | $json['error'] = $this->language->get('error_filename');
|
30: | }
|
31: |
|
32: |
|
33: | $allowed = [];
|
34: |
|
35: | $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));
|
36: |
|
37: | $filetypes = explode("\n", $extension_allowed);
|
38: |
|
39: | foreach ($filetypes as $filetype) {
|
40: | $allowed[] = trim($filetype);
|
41: | }
|
42: |
|
43: | if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
|
44: | $json['error'] = $this->language->get('error_file_type');
|
45: | }
|
46: |
|
47: |
|
48: | $allowed = [];
|
49: |
|
50: | $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));
|
51: |
|
52: | $filetypes = explode("\n", $mime_allowed);
|
53: |
|
54: | foreach ($filetypes as $filetype) {
|
55: | $allowed[] = trim($filetype);
|
56: | }
|
57: |
|
58: | if (!in_array($this->request->files['file']['type'], $allowed)) {
|
59: | $json['error'] = $this->language->get('error_file_type');
|
60: | }
|
61: |
|
62: |
|
63: | if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
|
64: | $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
|
65: | }
|
66: | } else {
|
67: | $json['error'] = $this->language->get('error_upload');
|
68: | }
|
69: | }
|
70: |
|
71: | if (!$json) {
|
72: | $file = $filename . '.' . oc_token(32);
|
73: |
|
74: | move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);
|
75: |
|
76: |
|
77: | $this->load->model('tool/upload');
|
78: |
|
79: | $json['code'] = $this->model_tool_upload->addUpload($filename, $file);
|
80: |
|
81: | $json['success'] = $this->language->get('text_upload');
|
82: | }
|
83: |
|
84: | $this->response->addHeader('Content-Type: application/json');
|
85: | $this->response->setOutput(json_encode($json));
|
86: | }
|
87: | }
|
88: | |