docs/api/source-catalog.controller.tool.upload.html
| 1: | <?php |
| 2: | namespace Opencart\Catalog\Controller\Tool; |
| 3: | /** |
| 4: | * Class Upload |
| 5: | * |
| 6: | * @package Opencart\Catalog\Controller\Tool |
| 7: | */ |
| 8: | class Upload extends \Opencart\System\Engine\Controller { |
| 9: | /** |
| 10: | * @return void |
| 11: | */ |
| 12: | public function index(): void { |
| 13: | $this->load->language('tool/upload'); |
| 14: | |
| 15: | $json = []; |
| 16: | |
| 17: | // Validate the filename length |
| 18: | if (!isset($this->request->get['upload_token']) || !isset($this->session->data['upload_token']) || ($this->session->data['upload_token'] != $this->request->get['upload_token'])) { |
| 19: | $json['error'] = $this->language->get('error_token'); |
| 20: | } |
| 21: | |
| 22: | if (!$json) { |
| 23: | if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) { |
| 24: | // Sanitize the filename |
| 25: | $filename = basename(preg_replace('/[^a-zA-Z0-9.-\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'))); |
| 26: | |
| 27: | // Validate the filename length |
| 28: | if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 64)) { |
| 29: | $json['error'] = $this->language->get('error_filename'); |
| 30: | } |
| 31: | |
| 32: | // Allowed file extension types |
| 33: | $allowed = []; |
| 34: | |
| 35: | $extension_allowed = preg_replace('\r?\n', "\n", $this->config->get('config_file_ext_allowed')); |
| 36: | |
| 37: | $filetypes = explode("\n", $extension_allowed); |
| 38: | |
| 39: | foreach ($filetypes as $filetype) { |
| 40: | $allowed[] = trim($filetype); |
| 41: | } |
| 42: | |
| 43: | if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) { |
| 44: | $json['error'] = $this->language->get('error_file_type'); |
| 45: | } |
| 46: | |
| 47: | // Allowed file mime types |
| 48: | $allowed = []; |
| 49: | |
| 50: | $mime_allowed = preg_replace('\r?\n', "\n", $this->config->get('config_file_mime_allowed')); |
| 51: | |
| 52: | $filetypes = explode("\n", $mime_allowed); |
| 53: | |
| 54: | foreach ($filetypes as $filetype) { |
| 55: | $allowed[] = trim($filetype); |
| 56: | } |
| 57: | |
| 58: | if (!in_array($this->request->files['file']['type'], $allowed)) { |
| 59: | $json['error'] = $this->language->get('error_file_type'); |
| 60: | } |
| 61: | |
| 62: | // Return any upload error |
| 63: | if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { |
| 64: | $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); |
| 65: | } |
| 66: | } else { |
| 67: | $json['error'] = $this->language->get('error_upload'); |
| 68: | } |
| 69: | } |
| 70: | |
| 71: | if (!$json) { |
| 72: | $file = $filename . '.' . oc_token(32); |
| 73: | |
| 74: | move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file); |
| 75: | |
| 76: | // Hide the uploaded file name so people cannot link to it directly. |
| 77: | $this->load->model('tool/upload'); |
| 78: | |
| 79: | $json['code'] = $this->model_tool_upload->addUpload($filename, $file); |
| 80: | |
| 81: | $json['success'] = $this->language->get('text_upload'); |
| 82: | } |
| 83: | |
| 84: | $this->response->addHeader('Content-Type: application/json'); |
| 85: | $this->response->setOutput(json_encode($json)); |
| 86: | } |
| 87: | } |
| 88: | |
OpenCart API API documentation generated by ApiGen dev-master