Ekdant-Online-Store/catalog/controller/tool/upload.php

<?php
namespace Opencart\Catalog\Controller\Tool;
/**
 * Class Upload
 *
 * @package Opencart\Catalog\Controller\Tool
 */
class Upload extends \Opencart\System\Engine\Controller {
	/**
	 * @return void
	 */
	public function index(): void {
		$this->load->language('tool/upload');

		$json = [];

		if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
			// Sanitize the filename
			$filename = basename(preg_replace('/[^a-zA-Z0-9\.\-\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')));

			// Validate the filename length
			if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 64)) {
				$json['error'] = $this->language->get('error_filename');
			}

			// Allowed file extension types
			$allowed = [];

			$extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));

			$filetypes = explode("\n", $extension_allowed);

			foreach ($filetypes as $filetype) {
				$allowed[] = trim($filetype);
			}

			if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
				$json['error'] = $this->language->get('error_file_type');
			}

			// Allowed file mime types
			$allowed = [];

			$mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));

			$filetypes = explode("\n", $mime_allowed);

			foreach ($filetypes as $filetype) {
				$allowed[] = trim($filetype);
			}

			if (!in_array($this->request->files['file']['type'], $allowed)) {
				$json['error'] = $this->language->get('error_file_type');
			}

			// Return any upload error
			if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
				$json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
			}
		} else {
			$json['error'] = $this->language->get('error_upload');
		}

		if (!$json) {
			$file = $filename . '.' . oc_token(32);

			move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);

			// Hide the uploaded file name so people cannot link to it directly.
			$this->load->model('tool/upload');

			$json['code'] = $this->model_tool_upload->addUpload($filename, $file);

			$json['success'] = $this->language->get('text_upload');
		}

		$this->response->addHeader('Content-Type: application/json');
		$this->response->setOutput(json_encode($json));
	}
}
first commit 2024-08-06 12:21:00 +00:00			`<?php`
			`namespace Opencart\Catalog\Controller\Tool;`
			`/**`
			`* Class Upload`
			`*`
			`* @package Opencart\Catalog\Controller\Tool`
			`*/`
			`class Upload extends \Opencart\System\Engine\Controller {`
			`/**`
			`* @return void`
			`*/`
			`public function index(): void {`
			`$this->load->language('tool/upload');`

			`$json = [];`

			`if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {`
			`// Sanitize the filename`
			`$filename = basename(preg_replace('/[^a-zA-Z0-9\.\-\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')));`

			`// Validate the filename length`
			`if ((oc_strlen($filename) < 3) \|\| (oc_strlen($filename) > 64)) {`
			`$json['error'] = $this->language->get('error_filename');`
			`}`

			`// Allowed file extension types`
			`$allowed = [];`

			`$extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));`

			`$filetypes = explode("\n", $extension_allowed);`

			`foreach ($filetypes as $filetype) {`
			`$allowed[] = trim($filetype);`
			`}`

			`if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {`
			`$json['error'] = $this->language->get('error_file_type');`
			`}`

			`// Allowed file mime types`
			`$allowed = [];`

			`$mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));`

			`$filetypes = explode("\n", $mime_allowed);`

			`foreach ($filetypes as $filetype) {`
			`$allowed[] = trim($filetype);`
			`}`

			`if (!in_array($this->request->files['file']['type'], $allowed)) {`
			`$json['error'] = $this->language->get('error_file_type');`
			`}`

			`// Return any upload error`
			`if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {`
			`$json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);`
			`}`
			`} else {`
			`$json['error'] = $this->language->get('error_upload');`
			`}`

			`if (!$json) {`
			`$file = $filename . '.' . oc_token(32);`

			`move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);`

			`// Hide the uploaded file name so people cannot link to it directly.`
			`$this->load->model('tool/upload');`

			`$json['code'] = $this->model_tool_upload->addUpload($filename, $file);`

			`$json['success'] = $this->language->get('text_upload');`
			`}`

			`$this->response->addHeader('Content-Type: application/json');`
			`$this->response->setOutput(json_encode($json));`
			`}`
			`}`