| 1: | <?php
|
| 2: | namespace Opencart\Admin\Controller\Common;
|
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: |
|
| 8: | class FileManager extends \Opencart\System\Engine\Controller {
|
| 9: | |
| 10: | |
| 11: | |
| 12: | |
| 13: |
|
| 14: | public function index(): void {
|
| 15: | $this->load->language('common/filemanager');
|
| 16: |
|
| 17: | $data['error_upload_size'] = sprintf($this->language->get('error_upload_size'), $this->config->get('config_file_max_size'));
|
| 18: |
|
| 19: | $data['config_file_max_size'] = ((int)$this->config->get('config_file_max_size') * 1024 * 1024);
|
| 20: |
|
| 21: |
|
| 22: | if (isset($this->request->get['target'])) {
|
| 23: | $data['target'] = $this->request->get['target'];
|
| 24: | } else {
|
| 25: | $data['target'] = '';
|
| 26: | }
|
| 27: |
|
| 28: |
|
| 29: | if (isset($this->request->get['thumb'])) {
|
| 30: | $data['thumb'] = $this->request->get['thumb'];
|
| 31: | } else {
|
| 32: | $data['thumb'] = '';
|
| 33: | }
|
| 34: |
|
| 35: | if (isset($this->request->get['ckeditor'])) {
|
| 36: | $data['ckeditor'] = $this->request->get['ckeditor'];
|
| 37: | } else {
|
| 38: | $data['ckeditor'] = '';
|
| 39: | }
|
| 40: |
|
| 41: | $data['user_token'] = $this->session->data['user_token'];
|
| 42: |
|
| 43: | $this->response->setOutput($this->load->view('common/filemanager', $data));
|
| 44: | }
|
| 45: |
|
| 46: | |
| 47: | |
| 48: | |
| 49: | |
| 50: |
|
| 51: | public function list(): void {
|
| 52: | $this->load->language('common/filemanager');
|
| 53: |
|
| 54: | $base = DIR_IMAGE . 'catalog/';
|
| 55: |
|
| 56: |
|
| 57: | if (isset($this->request->get['directory'])) {
|
| 58: | $directory = $base . html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8') . '/';
|
| 59: | } else {
|
| 60: | $directory = $base;
|
| 61: | }
|
| 62: |
|
| 63: | if (isset($this->request->get['filter_name'])) {
|
| 64: | $filter_name = basename(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
|
| 65: | } else {
|
| 66: | $filter_name = '';
|
| 67: | }
|
| 68: |
|
| 69: | if (isset($this->request->get['page'])) {
|
| 70: | $page = (int)$this->request->get['page'];
|
| 71: | } else {
|
| 72: | $page = 1;
|
| 73: | }
|
| 74: |
|
| 75: | $allowed = [
|
| 76: | '.ico',
|
| 77: | '.jpg',
|
| 78: | '.jpeg',
|
| 79: | '.png',
|
| 80: | '.gif',
|
| 81: | '.webp',
|
| 82: | '.JPG',
|
| 83: | '.JPEG',
|
| 84: | '.PNG',
|
| 85: | '.GIF'
|
| 86: | ];
|
| 87: |
|
| 88: | $data['directories'] = [];
|
| 89: | $data['images'] = [];
|
| 90: |
|
| 91: | $this->load->model('tool/image');
|
| 92: |
|
| 93: |
|
| 94: | $paths = array_merge(
|
| 95: | glob($directory . $filter_name . '*', GLOB_ONLYDIR),
|
| 96: | glob($directory . $filter_name . '*{' . implode(',', $allowed) . '}', GLOB_BRACE)
|
| 97: | );
|
| 98: |
|
| 99: | $total = count($paths);
|
| 100: | $limit = 16;
|
| 101: | $start = ($page - 1) * $limit;
|
| 102: |
|
| 103: | if ($paths) {
|
| 104: | $url = '';
|
| 105: |
|
| 106: | if (isset($this->request->get['target'])) {
|
| 107: | $url .= '&target=' . $this->request->get['target'];
|
| 108: | }
|
| 109: |
|
| 110: | if (isset($this->request->get['thumb'])) {
|
| 111: | $url .= '&thumb=' . $this->request->get['thumb'];
|
| 112: | }
|
| 113: |
|
| 114: | if (isset($this->request->get['ckeditor'])) {
|
| 115: | $url .= '&ckeditor=' . $this->request->get['ckeditor'];
|
| 116: | }
|
| 117: |
|
| 118: |
|
| 119: | foreach (array_slice($paths, $start, $limit) as $path) {
|
| 120: | $path = str_replace('\\', '/', realpath($path));
|
| 121: |
|
| 122: | if (substr($path, 0, strlen($base)) == $base) {
|
| 123: | $name = basename($path);
|
| 124: |
|
| 125: | if (is_dir($path)) {
|
| 126: | $data['directories'][] = [
|
| 127: | 'name' => $name,
|
| 128: | 'path' => oc_substr($path, oc_strlen($base)) . '/',
|
| 129: | 'href' => $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . '&directory=' . urlencode(oc_substr($path, oc_strlen($base))) . $url)
|
| 130: | ];
|
| 131: | }
|
| 132: |
|
| 133: | if (is_file($path) && in_array(substr($path, strrpos($path, '.')), $allowed)) {
|
| 134: | $data['images'][] = [
|
| 135: | 'name' => $name,
|
| 136: | 'path' => oc_substr($path, oc_strlen($base)),
|
| 137: | 'href' => HTTP_CATALOG . 'image/catalog/' . oc_substr($path, oc_strlen($base)),
|
| 138: | 'thumb' => $this->model_tool_image->resize(oc_substr($path, oc_strlen(DIR_IMAGE)), $this->config->get('config_image_default_width'), $this->config->get('config_image_default_height'))
|
| 139: | ];
|
| 140: | }
|
| 141: | }
|
| 142: | }
|
| 143: | }
|
| 144: |
|
| 145: | if (isset($this->request->get['directory'])) {
|
| 146: | $data['directory'] = urldecode($this->request->get['directory']);
|
| 147: | } else {
|
| 148: | $data['directory'] = '';
|
| 149: | }
|
| 150: |
|
| 151: | if (isset($this->request->get['filter_name'])) {
|
| 152: | $data['filter_name'] = $this->request->get['filter_name'];
|
| 153: | } else {
|
| 154: | $data['filter_name'] = '';
|
| 155: | }
|
| 156: |
|
| 157: |
|
| 158: | $url = '';
|
| 159: |
|
| 160: | if (isset($this->request->get['directory'])) {
|
| 161: | $pos = strrpos($this->request->get['directory'], '/');
|
| 162: |
|
| 163: | if ($pos) {
|
| 164: | $url .= '&directory=' . urlencode(substr($this->request->get['directory'], 0, $pos));
|
| 165: | }
|
| 166: | }
|
| 167: |
|
| 168: | if (isset($this->request->get['target'])) {
|
| 169: | $url .= '&target=' . $this->request->get['target'];
|
| 170: | }
|
| 171: |
|
| 172: | if (isset($this->request->get['thumb'])) {
|
| 173: | $url .= '&thumb=' . $this->request->get['thumb'];
|
| 174: | }
|
| 175: |
|
| 176: | if (isset($this->request->get['ckeditor'])) {
|
| 177: | $url .= '&ckeditor=' . $this->request->get['ckeditor'];
|
| 178: | }
|
| 179: |
|
| 180: | $data['parent'] = $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . $url);
|
| 181: |
|
| 182: |
|
| 183: | $url = '';
|
| 184: |
|
| 185: | if (isset($this->request->get['directory'])) {
|
| 186: | $url .= '&directory=' . urlencode(html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8'));
|
| 187: | }
|
| 188: |
|
| 189: | if (isset($this->request->get['filter_name'])) {
|
| 190: | $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
|
| 191: | }
|
| 192: |
|
| 193: | if (isset($this->request->get['target'])) {
|
| 194: | $url .= '&target=' . $this->request->get['target'];
|
| 195: | }
|
| 196: |
|
| 197: | if (isset($this->request->get['thumb'])) {
|
| 198: | $url .= '&thumb=' . $this->request->get['thumb'];
|
| 199: | }
|
| 200: |
|
| 201: | if (isset($this->request->get['ckeditor'])) {
|
| 202: | $url .= '&ckeditor=' . $this->request->get['ckeditor'];
|
| 203: | }
|
| 204: |
|
| 205: | if (isset($this->request->get['page'])) {
|
| 206: | $url .= '&page=' . $this->request->get['page'];
|
| 207: | }
|
| 208: |
|
| 209: | $data['refresh'] = $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . $url);
|
| 210: |
|
| 211: | $url = '';
|
| 212: |
|
| 213: | if (isset($this->request->get['directory'])) {
|
| 214: | $url .= '&directory=' . urlencode(html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8'));
|
| 215: | }
|
| 216: |
|
| 217: | if (isset($this->request->get['filter_name'])) {
|
| 218: | $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
|
| 219: | }
|
| 220: |
|
| 221: | if (isset($this->request->get['target'])) {
|
| 222: | $url .= '&target=' . $this->request->get['target'];
|
| 223: | }
|
| 224: |
|
| 225: | if (isset($this->request->get['thumb'])) {
|
| 226: | $url .= '&thumb=' . $this->request->get['thumb'];
|
| 227: | }
|
| 228: |
|
| 229: | if (isset($this->request->get['ckeditor'])) {
|
| 230: | $url .= '&ckeditor=' . $this->request->get['ckeditor'];
|
| 231: | }
|
| 232: |
|
| 233: |
|
| 234: | $data['pagination'] = $this->load->controller('common/pagination', [
|
| 235: | 'total' => $total,
|
| 236: | 'page' => $page,
|
| 237: | 'limit' => $limit,
|
| 238: | 'url' => $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}')
|
| 239: | ]);
|
| 240: |
|
| 241: | $this->response->setOutput($this->load->view('common/filemanager_list', $data));
|
| 242: | }
|
| 243: |
|
| 244: | |
| 245: | |
| 246: | |
| 247: | |
| 248: |
|
| 249: | public function upload(): void {
|
| 250: | $this->load->language('common/filemanager');
|
| 251: |
|
| 252: | $json = [];
|
| 253: |
|
| 254: | $base = DIR_IMAGE . 'catalog/';
|
| 255: |
|
| 256: |
|
| 257: | if (!$this->user->hasPermission('modify', 'common/filemanager')) {
|
| 258: | $json['error'] = $this->language->get('error_permission');
|
| 259: | }
|
| 260: |
|
| 261: |
|
| 262: | if (isset($this->request->get['directory'])) {
|
| 263: | $directory = $base . html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8') . '/';
|
| 264: | } else {
|
| 265: | $directory = $base;
|
| 266: | }
|
| 267: |
|
| 268: |
|
| 269: | if (!is_dir($directory) || substr(str_replace('\\', '/', realpath($directory)) . '/', 0, strlen($base)) != $base) {
|
| 270: | $json['error'] = $this->language->get('error_directory');
|
| 271: | }
|
| 272: |
|
| 273: | if (!$json) {
|
| 274: |
|
| 275: | $files = [];
|
| 276: |
|
| 277: | if (!empty($this->request->files['file']['name']) && is_array($this->request->files['file']['name'])) {
|
| 278: | foreach (array_keys($this->request->files['file']['name']) as $key) {
|
| 279: | $files[] = [
|
| 280: | 'name' => $this->request->files['file']['name'][$key],
|
| 281: | 'type' => $this->request->files['file']['type'][$key],
|
| 282: | 'tmp_name' => $this->request->files['file']['tmp_name'][$key],
|
| 283: | 'error' => $this->request->files['file']['error'][$key],
|
| 284: | 'size' => $this->request->files['file']['size'][$key]
|
| 285: | ];
|
| 286: | }
|
| 287: | }
|
| 288: |
|
| 289: | foreach ($files as $file) {
|
| 290: | if (is_file($file['tmp_name'])) {
|
| 291: |
|
| 292: | $filename = preg_replace('/[\/\\\?%*:|"<>]/', '', basename(html_entity_decode($file['name'], ENT_QUOTES, 'UTF-8')));
|
| 293: |
|
| 294: |
|
| 295: | if ((oc_strlen($filename) < 4) || (oc_strlen($filename) > 255)) {
|
| 296: | $json['error'] = $this->language->get('error_filename');
|
| 297: | }
|
| 298: |
|
| 299: |
|
| 300: | $allowed = [
|
| 301: | 'ico',
|
| 302: | 'jpg',
|
| 303: | 'jpeg',
|
| 304: | 'png',
|
| 305: | 'gif',
|
| 306: | 'webp',
|
| 307: | 'JPG',
|
| 308: | 'JPEG',
|
| 309: | 'PNG',
|
| 310: | 'GIF'
|
| 311: | ];
|
| 312: |
|
| 313: | if (!in_array(substr($filename, strrpos($filename, '.') + 1), $allowed)) {
|
| 314: | $json['error'] = $this->language->get('error_file_type');
|
| 315: | }
|
| 316: |
|
| 317: |
|
| 318: | $allowed = [
|
| 319: | 'image/x-icon',
|
| 320: | 'image/jpeg',
|
| 321: | 'image/pjpeg',
|
| 322: | 'image/png',
|
| 323: | 'image/x-png',
|
| 324: | 'image/gif',
|
| 325: | 'image/webp'
|
| 326: | ];
|
| 327: |
|
| 328: | if (!in_array($file['type'], $allowed)) {
|
| 329: | $json['error'] = $this->language->get('error_file_type');
|
| 330: | }
|
| 331: |
|
| 332: |
|
| 333: | if ($file['error'] != UPLOAD_ERR_OK) {
|
| 334: | $json['error'] = $this->language->get('error_upload_' . $file['error']);
|
| 335: | }
|
| 336: | } else {
|
| 337: | $json['error'] = $this->language->get('error_upload');
|
| 338: | }
|
| 339: |
|
| 340: | if (!$json) {
|
| 341: | move_uploaded_file($file['tmp_name'], $directory . $filename);
|
| 342: | }
|
| 343: | }
|
| 344: | }
|
| 345: |
|
| 346: | if (!$json) {
|
| 347: | $json['success'] = $this->language->get('text_uploaded');
|
| 348: | }
|
| 349: |
|
| 350: | $this->response->addHeader('Content-Type: application/json');
|
| 351: | $this->response->setOutput(json_encode($json));
|
| 352: | }
|
| 353: |
|
| 354: | |
| 355: | |
| 356: | |
| 357: | |
| 358: |
|
| 359: | public function folder(): void {
|
| 360: | $this->load->language('common/filemanager');
|
| 361: |
|
| 362: | $json = [];
|
| 363: |
|
| 364: | $base = DIR_IMAGE . 'catalog/';
|
| 365: |
|
| 366: |
|
| 367: | if (!$this->user->hasPermission('modify', 'common/filemanager')) {
|
| 368: | $json['error'] = $this->language->get('error_permission');
|
| 369: | }
|
| 370: |
|
| 371: |
|
| 372: | if (isset($this->request->get['directory'])) {
|
| 373: | $directory = $base . html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8') . '/';
|
| 374: | } else {
|
| 375: | $directory = $base;
|
| 376: | }
|
| 377: |
|
| 378: |
|
| 379: | if (!is_dir($directory) || substr(str_replace('\\', '/', realpath($directory)) . '/', 0, strlen($base)) != $base) {
|
| 380: | $json['error'] = $this->language->get('error_directory');
|
| 381: | }
|
| 382: |
|
| 383: | if ($this->request->server['REQUEST_METHOD'] == 'POST') {
|
| 384: |
|
| 385: | $folder = preg_replace('/[\/\\\?%*&:|"<>]/', '', basename(html_entity_decode($this->request->post['folder'], ENT_QUOTES, 'UTF-8')));
|
| 386: |
|
| 387: |
|
| 388: | if ((oc_strlen($folder) < 3) || (oc_strlen($folder) > 128)) {
|
| 389: | $json['error'] = $this->language->get('error_folder');
|
| 390: | }
|
| 391: |
|
| 392: |
|
| 393: | if (is_dir($directory . $folder)) {
|
| 394: | $json['error'] = $this->language->get('error_exists');
|
| 395: | }
|
| 396: | }
|
| 397: |
|
| 398: | if (!$json) {
|
| 399: | mkdir($directory . $folder, 0777);
|
| 400: |
|
| 401: | chmod($directory . $folder, 0777);
|
| 402: |
|
| 403: | @touch($directory . $folder . '/' . 'index.html');
|
| 404: |
|
| 405: | $json['success'] = $this->language->get('text_directory');
|
| 406: | }
|
| 407: |
|
| 408: | $this->response->addHeader('Content-Type: application/json');
|
| 409: | $this->response->setOutput(json_encode($json));
|
| 410: | }
|
| 411: |
|
| 412: | |
| 413: | |
| 414: | |
| 415: | |
| 416: |
|
| 417: | public function delete(): void {
|
| 418: | $this->load->language('common/filemanager');
|
| 419: |
|
| 420: | $json = [];
|
| 421: |
|
| 422: | $base = DIR_IMAGE . 'catalog/';
|
| 423: |
|
| 424: |
|
| 425: | if (!$this->user->hasPermission('modify', 'common/filemanager')) {
|
| 426: | $json['error'] = $this->language->get('error_permission');
|
| 427: | }
|
| 428: |
|
| 429: | if (isset($this->request->post['path'])) {
|
| 430: | $paths = $this->request->post['path'];
|
| 431: | } else {
|
| 432: | $paths = [];
|
| 433: | }
|
| 434: |
|
| 435: |
|
| 436: | foreach ($paths as $path) {
|
| 437: |
|
| 438: | $path = html_entity_decode($path, ENT_QUOTES, 'UTF-8');
|
| 439: |
|
| 440: |
|
| 441: | if (($path == $base) || (substr(str_replace('\\', '/', realpath($base . $path)) . '/', 0, strlen($base)) != $base)) {
|
| 442: | $json['error'] = $this->language->get('error_delete');
|
| 443: |
|
| 444: | break;
|
| 445: | }
|
| 446: | }
|
| 447: |
|
| 448: | if (!$json) {
|
| 449: |
|
| 450: | foreach ($paths as $path) {
|
| 451: | $path = rtrim($base . html_entity_decode($path, ENT_QUOTES, 'UTF-8'), '/');
|
| 452: |
|
| 453: | $files = [];
|
| 454: |
|
| 455: |
|
| 456: | $directory = [$path];
|
| 457: |
|
| 458: |
|
| 459: | while (count($directory) != 0) {
|
| 460: | $next = array_shift($directory);
|
| 461: |
|
| 462: | if (is_dir($next)) {
|
| 463: | foreach (glob(trim($next, '/') . '/{*,.[!.]*,..?*}', GLOB_BRACE) as $file) {
|
| 464: |
|
| 465: | $directory[] = $file;
|
| 466: | }
|
| 467: | }
|
| 468: |
|
| 469: |
|
| 470: | $files[] = $next;
|
| 471: | }
|
| 472: |
|
| 473: |
|
| 474: | rsort($files);
|
| 475: |
|
| 476: | foreach ($files as $file) {
|
| 477: |
|
| 478: | if (is_file($file)) {
|
| 479: | unlink($file);
|
| 480: | }
|
| 481: |
|
| 482: |
|
| 483: | if (is_dir($file)) {
|
| 484: | rmdir($file);
|
| 485: | }
|
| 486: | }
|
| 487: | }
|
| 488: |
|
| 489: | $json['success'] = $this->language->get('text_delete');
|
| 490: | }
|
| 491: |
|
| 492: | $this->response->addHeader('Content-Type: application/json');
|
| 493: | $this->response->setOutput(json_encode($json));
|
| 494: | }
|
| 495: | }
|
| 496: | |