1<?php 2class ControllerToolUpload extends Controller { 3 private $error = array(); 4 5 public function index() { 6 $this->load->language('tool/upload'); 7 8 $this->document->setTitle($this->language->get('heading_title')); 9 10 $this->load->model('tool/upload'); 11 12 $this->getList(); 13 } 14 15 public function delete() { 16 $this->load->language('tool/upload'); 17 18 $this->document->setTitle($this->language->get('heading_title')); 19 20 $this->load->model('tool/upload'); 21 22 if (isset($this->request->post['selected']) && $this->validateDelete()) { 23 foreach ($this->request->post['selected'] as $upload_id) { 24 // Remove file before deleting DB record. 25 $upload_info = $this->model_tool_upload->getUpload($upload_id); 26 27 if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) { 28 unlink(DIR_UPLOAD . $upload_info['filename']); 29 } 30 31 $this->model_tool_upload->deleteUpload($upload_id); 32 } 33 34 $this->session->data['success'] = $this->language->get('text_success'); 35 36 $url = ''; 37 38 if (isset($this->request->get['filter_name'])) { 39 $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); 40 } 41 42 if (isset($this->request->get['filter_date_added'])) { 43 $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; 44 } 45 46 if (isset($this->request->get['sort'])) { 47 $url .= '&sort=' . $this->request->get['sort']; 48 } 49 50 if (isset($this->request->get['order'])) { 51 $url .= '&order=' . $this->request->get['order']; 52 } 53 54 if (isset($this->request->get['page'])) { 55 $url .= '&page=' . $this->request->get['page']; 56 } 57 58 $this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)); 59 } 60 61 $this->getList(); 62 } 63 64 protected function getList() { 65 if (isset($this->request->get['filter_name'])) { 66 $filter_name = $this->request->get['filter_name']; 67 } else { 68 $filter_name = ''; 69 } 70 71 if (isset($this->request->get['filter_date_added'])) { 72 $filter_date_added = $this->request->get['filter_date_added']; 73 } else { 74 $filter_date_added = ''; 75 } 76 77 if (isset($this->request->get['sort'])) { 78 $sort = $this->request->get['sort']; 79 } else { 80 $sort = 'date_added'; 81 } 82 83 if (isset($this->request->get['order'])) { 84 $order = $this->request->get['order']; 85 } else { 86 $order = 'DESC'; 87 } 88 89 if (isset($this->request->get['page'])) { 90 $page = (int)$this->request->get['page']; 91 } else { 92 $page = 1; 93 } 94 95 $url = ''; 96 97 if (isset($this->request->get['filter_name'])) { 98 $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); 99 } 100 101 if (isset($this->request->get['filter_date_added'])) { 102 $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; 103 } 104 105 if (isset($this->request->get['sort'])) { 106 $url .= '&sort=' . $this->request->get['sort']; 107 } 108 109 if (isset($this->request->get['order'])) { 110 $url .= '&order=' . $this->request->get['order']; 111 } 112 113 if (isset($this->request->get['page'])) { 114 $url .= '&page=' . $this->request->get['page']; 115 } 116 117 $data['breadcrumbs'] = array(); 118 119 $data['breadcrumbs'][] = array( 120 'text' => $this->language->get('text_home'), 121 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) 122 ); 123 124 $data['breadcrumbs'][] = array( 125 'text' => $this->language->get('heading_title'), 126 'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true) 127 ); 128 129 $data['delete'] = $this->url->link('tool/upload/delete', 'user_token=' . $this->session->data['user_token'] . $url, true); 130 131 $data['uploads'] = array(); 132 133 $filter_data = array( 134 'filter_name' => $filter_name, 135 'filter_date_added' => $filter_date_added, 136 'sort' => $sort, 137 'order' => $order, 138 'start' => ($page - 1) * $this->config->get('config_limit_admin'), 139 'limit' => $this->config->get('config_limit_admin') 140 ); 141 142 $upload_total = $this->model_tool_upload->getTotalUploads($filter_data); 143 144 $results = $this->model_tool_upload->getUploads($filter_data); 145 146 foreach ($results as $result) { 147 $data['uploads'][] = array( 148 'upload_id' => $result['upload_id'], 149 'name' => $result['name'], 150 'filename' => $result['filename'], 151 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])), 152 'download' => $this->url->link('tool/upload/download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url, true) 153 ); 154 } 155 156 $data['user_token'] = $this->session->data['user_token']; 157 158 if (isset($this->error['warning'])) { 159 $data['error_warning'] = $this->error['warning']; 160 } elseif (isset($this->session->data['error'])) { 161 $data['error_warning'] = $this->session->data['error']; 162 163 unset($this->session->data['error']); 164 } else { 165 $data['error_warning'] = ''; 166 } 167 168 if (isset($this->session->data['success'])) { 169 $data['success'] = $this->session->data['success']; 170 171 unset($this->session->data['success']); 172 } else { 173 $data['success'] = ''; 174 } 175 176 if (isset($this->request->post['selected'])) { 177 $data['selected'] = (array)$this->request->post['selected']; 178 } else { 179 $data['selected'] = array(); 180 } 181 182 $url = ''; 183 184 if (isset($this->request->get['filter_name'])) { 185 $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); 186 } 187 188 if (isset($this->request->get['filter_date_added'])) { 189 $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; 190 } 191 192 if ($order == 'ASC') { 193 $url .= '&order=DESC'; 194 } else { 195 $url .= '&order=ASC'; 196 } 197 198 if (isset($this->request->get['page'])) { 199 $url .= '&page=' . $this->request->get['page']; 200 } 201 202 $data['sort_name'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url, true); 203 $data['sort_filename'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=filename' . $url, true); 204 $data['sort_date_added'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true); 205 206 $url = ''; 207 208 if (isset($this->request->get['filter_name'])) { 209 $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); 210 } 211 212 if (isset($this->request->get['filter_date_added'])) { 213 $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; 214 } 215 216 if (isset($this->request->get['sort'])) { 217 $url .= '&sort=' . $this->request->get['sort']; 218 } 219 220 if (isset($this->request->get['order'])) { 221 $url .= '&order=' . $this->request->get['order']; 222 } 223 224 $pagination = new Pagination(); 225 $pagination->total = $upload_total; 226 $pagination->page = $page; 227 $pagination->limit = $this->config->get('config_limit_admin'); 228 $pagination->url = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true); 229 230 $data['pagination'] = $pagination->render(); 231 232 $data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($upload_total - $this->config->get('config_limit_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $upload_total, ceil($upload_total / $this->config->get('config_limit_admin'))); 233 234 $data['filter_name'] = $filter_name; 235 $data['filter_date_added'] = $filter_date_added; 236 237 $data['sort'] = $sort; 238 $data['order'] = $order; 239 240 $data['header'] = $this->load->controller('common/header'); 241 $data['column_left'] = $this->load->controller('common/column_left'); 242 $data['footer'] = $this->load->controller('common/footer'); 243 244 $this->response->setOutput($this->load->view('tool/upload', $data)); 245 } 246 247 protected function validateDelete() { 248 if (!$this->user->hasPermission('modify', 'tool/upload')) { 249 $this->error['warning'] = $this->language->get('error_permission'); 250 } 251 252 return !$this->error; 253 } 254 255 public function download() { 256 $this->load->model('tool/upload'); 257 258 $this->load->language('tool/upload'); 259 260 if (isset($this->request->get['code'])) { 261 $code = $this->request->get['code']; 262 } else { 263 $code = 0; 264 } 265 266 $url = ''; 267 268 if (isset($this->request->get['filter_name'])) { 269 $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); 270 } 271 272 if (isset($this->request->get['filter_date_added'])) { 273 $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; 274 } 275 276 if (isset($this->request->get['sort'])) { 277 $url .= '&sort=' . $this->request->get['sort']; 278 } 279 280 if (isset($this->request->get['order'])) { 281 $url .= '&order=' . $this->request->get['order']; 282 } 283 284 if (isset($this->request->get['page'])) { 285 $url .= '&page=' . $this->request->get['page']; 286 } 287 288 $upload_info = $this->model_tool_upload->getUploadByCode($code); 289 290 if ($upload_info) { 291 $file = DIR_UPLOAD . $upload_info['filename']; 292 $mask = basename($upload_info['name']); 293 294 if (file_exists($file) && filesize($file) > 0) { 295 $this->response->addheader('Pragma: public'); 296 $this->response->addheader('Expires: 0'); 297 $this->response->addheader('Content-Description: File Transfer'); 298 $this->response->addheader('Content-Type: application/octet-stream'); 299 $this->response->addheader('Content-Disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"'); 300 $this->response->addheader('Content-Transfer-Encoding: binary'); 301 302 $this->response->setOutput(file_get_contents($file, FILE_USE_INCLUDE_PATH, null)); 303 } else { 304 $this->session->data['error'] = $this->language->get('error_file'); 305 306 $this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)); 307 } 308 } else { 309 $this->session->data['error'] = $this->language->get('error_upload'); 310 311 $this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)); 312 } 313 } 314 315 public function upload() { 316 $this->load->language('sale/order'); 317 318 $json = array(); 319 320 // Check user has permission 321 if (!$this->user->hasPermission('modify', 'tool/upload')) { 322 $json['error'] = $this->language->get('error_permission'); 323 } 324 325 if (!$json) { 326 if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) { 327 // Sanitize the filename 328 $filename = html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'); 329 330 if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) { 331 $json['error'] = $this->language->get('error_filename'); 332 } 333 334 // Allowed file extension types 335 $allowed = array(); 336 337 $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed')); 338 339 $filetypes = explode("\n", $extension_allowed); 340 341 foreach ($filetypes as $filetype) { 342 $allowed[] = trim($filetype); 343 } 344 345 if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) { 346 $json['error'] = $this->language->get('error_filetype'); 347 } 348 349 // Allowed file mime types 350 $allowed = array(); 351 352 $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed')); 353 354 $filetypes = explode("\n", $mime_allowed); 355 356 foreach ($filetypes as $filetype) { 357 $allowed[] = trim($filetype); 358 } 359 360 if (!in_array($this->request->files['file']['type'], $allowed)) { 361 $json['error'] = $this->language->get('error_filetype'); 362 } 363 364 // Check to see if any PHP files are trying to be uploaded 365 $content = file_get_contents($this->request->files['file']['tmp_name']); 366 367 if (preg_match('/\<\?php/i', $content)) { 368 $json['error'] = $this->language->get('error_filetype'); 369 } 370 371 // Return any upload error 372 if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { 373 $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); 374 } 375 } else { 376 $json['error'] = $this->language->get('error_upload'); 377 } 378 } 379 380 if (!$json) { 381 $file = $filename . '.' . token(32); 382 383 move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file); 384 385 // Hide the uploaded file name so people can not link to it directly. 386 $this->load->model('tool/upload'); 387 388 $json['code'] = $this->model_tool_upload->addUpload($filename, $file); 389 390 $json['success'] = $this->language->get('text_upload'); 391 } 392 393 $this->response->addHeader('Content-Type: application/json'); 394 $this->response->setOutput(json_encode($json)); 395 } 396}