| 1: | <?php
|
| 2: | namespace Opencart\Catalog\Controller\Tool;
|
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: |
|
| 8: | class Upload extends \Opencart\System\Engine\Controller {
|
| 9: | |
| 10: | |
| 11: |
|
| 12: | public function index(): void {
|
| 13: | $this->load->language('tool/upload');
|
| 14: |
|
| 15: | $json = [];
|
| 16: |
|
| 17: |
|
| 18: | if (!isset($this->request->get['upload_token']) || !isset($this->session->data['upload_token']) || ($this->session->data['upload_token'] != $this->request->get['upload_token'])) {
|
| 19: | $json['error'] = $this->language->get('error_token');
|
| 20: | }
|
| 21: |
|
| 22: | if (!$json) {
|
| 23: | if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
|
| 24: |
|
| 25: | $filename = basename(preg_replace('/[^a-zA-Z0-9\.\-\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')));
|
| 26: |
|
| 27: |
|
| 28: | if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 64)) {
|
| 29: | $json['error'] = $this->language->get('error_filename');
|
| 30: | }
|
| 31: |
|
| 32: |
|
| 33: | $allowed = [];
|
| 34: |
|
| 35: | $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));
|
| 36: |
|
| 37: | $filetypes = explode("\n", $extension_allowed);
|
| 38: |
|
| 39: | foreach ($filetypes as $filetype) {
|
| 40: | $allowed[] = trim($filetype);
|
| 41: | }
|
| 42: |
|
| 43: | if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
|
| 44: | $json['error'] = $this->language->get('error_file_type');
|
| 45: | }
|
| 46: |
|
| 47: |
|
| 48: | $allowed = [];
|
| 49: |
|
| 50: | $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));
|
| 51: |
|
| 52: | $filetypes = explode("\n", $mime_allowed);
|
| 53: |
|
| 54: | foreach ($filetypes as $filetype) {
|
| 55: | $allowed[] = trim($filetype);
|
| 56: | }
|
| 57: |
|
| 58: | if (!in_array($this->request->files['file']['type'], $allowed)) {
|
| 59: | $json['error'] = $this->language->get('error_file_type');
|
| 60: | }
|
| 61: |
|
| 62: |
|
| 63: | if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
|
| 64: | $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
|
| 65: | }
|
| 66: | } else {
|
| 67: | $json['error'] = $this->language->get('error_upload');
|
| 68: | }
|
| 69: | }
|
| 70: |
|
| 71: | if (!$json) {
|
| 72: | $file = $filename . '.' . oc_token(32);
|
| 73: |
|
| 74: | move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);
|
| 75: |
|
| 76: |
|
| 77: | $this->load->model('tool/upload');
|
| 78: |
|
| 79: | $json['code'] = $this->model_tool_upload->addUpload($filename, $file);
|
| 80: |
|
| 81: | $json['success'] = $this->language->get('text_upload');
|
| 82: | }
|
| 83: |
|
| 84: | $this->response->addHeader('Content-Type: application/json');
|
| 85: | $this->response->setOutput(json_encode($json));
|
| 86: | }
|
| 87: | }
|
| 88: | |