Namespaces

Classes

1: <?php
2: namespace Opencart\Admin\Controller\Common;
3: /**
4: * Class File Manager
5: *
6: * @package Opencart\Admin\Controller\Common
7: */
8: class FileManager extends \Opencart\System\Engine\Controller {
9: /**
10: * Index
11: *
12: * @return void
13: */
14: public function index(): void {
15: $this->load->language('common/filemanager');
16:
17: $data['error_upload_size'] = sprintf($this->language->get('error_upload_size'), $this->config->get('config_file_max_size'));
18:
19: $data['config_file_max_size'] = ((int)$this->config->get('config_file_max_size') * 1024 * 1024);
20:
21: // Return the target ID for the file manager to set the value
22: if (isset($this->request->get['target'])) {
23: $data['target'] = $this->request->get['target'];
24: } else {
25: $data['target'] = '';
26: }
27:
28: // Return the thumbnail for the file manager to show a thumbnail
29: if (isset($this->request->get['thumb'])) {
30: $data['thumb'] = $this->request->get['thumb'];
31: } else {
32: $data['thumb'] = '';
33: }
34:
35: if (isset($this->request->get['ckeditor'])) {
36: $data['ckeditor'] = $this->request->get['ckeditor'];
37: } else {
38: $data['ckeditor'] = '';
39: }
40:
41: $data['user_token'] = $this->session->data['user_token'];
42:
43: $this->response->setOutput($this->load->view('common/filemanager', $data));
44: }
45:
46: /**
47: * List
48: *
49: * @return void
50: */
51: public function list(): void {
52: $this->load->language('common/filemanager');
53:
54: $base = DIR_IMAGE . 'catalog/';
55:
56: // Make sure we have the correct directory
57: if (isset($this->request->get['directory'])) {
58: $directory = $base . html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8') . '/';
59: } else {
60: $directory = $base;
61: }
62:
63: if (isset($this->request->get['filter_name'])) {
64: $filter_name = basename(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
65: } else {
66: $filter_name = '';
67: }
68:
69: if (isset($this->request->get['page'])) {
70: $page = (int)$this->request->get['page'];
71: } else {
72: $page = 1;
73: }
74:
75: $allowed = [
76: '.ico',
77: '.jpg',
78: '.jpeg',
79: '.png',
80: '.gif',
81: '.webp',
82: '.JPG',
83: '.JPEG',
84: '.PNG',
85: '.GIF'
86: ];
87:
88: $data['directories'] = [];
89: $data['images'] = [];
90:
91: $this->load->model('tool/image');
92:
93: // Get directories and files
94: $paths = array_merge(
95: glob($directory . $filter_name . '*', GLOB_ONLYDIR),
96: glob($directory . $filter_name . '*{' . implode(',', $allowed) . '}', GLOB_BRACE)
97: );
98:
99: $total = count($paths);
100: $limit = 16;
101: $start = ($page - 1) * $limit;
102:
103: if ($paths) {
104: $url = '';
105:
106: if (isset($this->request->get['target'])) {
107: $url .= '&target=' . $this->request->get['target'];
108: }
109:
110: if (isset($this->request->get['thumb'])) {
111: $url .= '&thumb=' . $this->request->get['thumb'];
112: }
113:
114: if (isset($this->request->get['ckeditor'])) {
115: $url .= '&ckeditor=' . $this->request->get['ckeditor'];
116: }
117:
118: // Split the array based on current page number and max number of items per page of 10
119: foreach (array_slice($paths, $start, $limit) as $path) {
120: $path = str_replace('\\', '/', realpath($path));
121:
122: if (substr($path, 0, strlen($base)) == $base) {
123: $name = basename($path);
124:
125: if (is_dir($path)) {
126: $data['directories'][] = [
127: 'name' => $name,
128: 'path' => oc_substr($path, oc_strlen($base)) . '/',
129: 'href' => $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . '&directory=' . urlencode(oc_substr($path, oc_strlen($base))) . $url)
130: ];
131: }
132:
133: if (is_file($path) && in_array(substr($path, strrpos($path, '.')), $allowed)) {
134: $data['images'][] = [
135: 'name' => $name,
136: 'path' => oc_substr($path, oc_strlen($base)),
137: 'href' => HTTP_CATALOG . 'image/catalog/' . oc_substr($path, oc_strlen($base)),
138: 'thumb' => $this->model_tool_image->resize(oc_substr($path, oc_strlen(DIR_IMAGE)), $this->config->get('config_image_default_width'), $this->config->get('config_image_default_height'))
139: ];
140: }
141: }
142: }
143: }
144:
145: if (isset($this->request->get['directory'])) {
146: $data['directory'] = urldecode($this->request->get['directory']);
147: } else {
148: $data['directory'] = '';
149: }
150:
151: if (isset($this->request->get['filter_name'])) {
152: $data['filter_name'] = $this->request->get['filter_name'];
153: } else {
154: $data['filter_name'] = '';
155: }
156:
157: // Parent
158: $url = '';
159:
160: if (isset($this->request->get['directory'])) {
161: $pos = strrpos($this->request->get['directory'], '/');
162:
163: if ($pos) {
164: $url .= '&directory=' . urlencode(substr($this->request->get['directory'], 0, $pos));
165: }
166: }
167:
168: if (isset($this->request->get['target'])) {
169: $url .= '&target=' . $this->request->get['target'];
170: }
171:
172: if (isset($this->request->get['thumb'])) {
173: $url .= '&thumb=' . $this->request->get['thumb'];
174: }
175:
176: if (isset($this->request->get['ckeditor'])) {
177: $url .= '&ckeditor=' . $this->request->get['ckeditor'];
178: }
179:
180: $data['parent'] = $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . $url);
181:
182: // Refresh
183: $url = '';
184:
185: if (isset($this->request->get['directory'])) {
186: $url .= '&directory=' . urlencode(html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8'));
187: }
188:
189: if (isset($this->request->get['filter_name'])) {
190: $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
191: }
192:
193: if (isset($this->request->get['target'])) {
194: $url .= '&target=' . $this->request->get['target'];
195: }
196:
197: if (isset($this->request->get['thumb'])) {
198: $url .= '&thumb=' . $this->request->get['thumb'];
199: }
200:
201: if (isset($this->request->get['ckeditor'])) {
202: $url .= '&ckeditor=' . $this->request->get['ckeditor'];
203: }
204:
205: if (isset($this->request->get['page'])) {
206: $url .= '&page=' . $this->request->get['page'];
207: }
208:
209: $data['refresh'] = $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . $url);
210:
211: $url = '';
212:
213: if (isset($this->request->get['directory'])) {
214: $url .= '&directory=' . urlencode(html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8'));
215: }
216:
217: if (isset($this->request->get['filter_name'])) {
218: $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
219: }
220:
221: if (isset($this->request->get['target'])) {
222: $url .= '&target=' . $this->request->get['target'];
223: }
224:
225: if (isset($this->request->get['thumb'])) {
226: $url .= '&thumb=' . $this->request->get['thumb'];
227: }
228:
229: if (isset($this->request->get['ckeditor'])) {
230: $url .= '&ckeditor=' . $this->request->get['ckeditor'];
231: }
232:
233: // Get total number of files and directories
234: $data['pagination'] = $this->load->controller('common/pagination', [
235: 'total' => $total,
236: 'page' => $page,
237: 'limit' => $limit,
238: 'url' => $this->url->link('common/filemanager.list', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}')
239: ]);
240:
241: $this->response->setOutput($this->load->view('common/filemanager_list', $data));
242: }
243:
244: /**
245: * Upload
246: *
247: * @return void
248: */
249: public function upload(): void {
250: $this->load->language('common/filemanager');
251:
252: $json = [];
253:
254: $base = DIR_IMAGE . 'catalog/';
255:
256: // Check user has permission
257: if (!$this->user->hasPermission('modify', 'common/filemanager')) {
258: $json['error'] = $this->language->get('error_permission');
259: }
260:
261: // Make sure we have the correct directory
262: if (isset($this->request->get['directory'])) {
263: $directory = $base . html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8') . '/';
264: } else {
265: $directory = $base;
266: }
267:
268: // Check it's a directory
269: if (!is_dir($directory) || substr(str_replace('\\', '/', realpath($directory)) . '/', 0, strlen($base)) != $base) {
270: $json['error'] = $this->language->get('error_directory');
271: }
272:
273: if (!$json) {
274: // Check if multiple files are uploaded or just one
275: $files = [];
276:
277: if (!empty($this->request->files['file']['name']) && is_array($this->request->files['file']['name'])) {
278: foreach (array_keys($this->request->files['file']['name']) as $key) {
279: $files[] = [
280: 'name' => $this->request->files['file']['name'][$key],
281: 'type' => $this->request->files['file']['type'][$key],
282: 'tmp_name' => $this->request->files['file']['tmp_name'][$key],
283: 'error' => $this->request->files['file']['error'][$key],
284: 'size' => $this->request->files['file']['size'][$key]
285: ];
286: }
287: }
288:
289: foreach ($files as $file) {
290: if (is_file($file['tmp_name'])) {
291: // Sanitize the filename
292: $filename = preg_replace('/[\/\\\?%*:|"<>]/', '', basename(html_entity_decode($file['name'], ENT_QUOTES, 'UTF-8')));
293:
294: // Validate the filename length
295: if ((oc_strlen($filename) < 4) || (oc_strlen($filename) > 255)) {
296: $json['error'] = $this->language->get('error_filename');
297: }
298:
299: // Allowed file extension types
300: $allowed = [
301: 'ico',
302: 'jpg',
303: 'jpeg',
304: 'png',
305: 'gif',
306: 'webp',
307: 'JPG',
308: 'JPEG',
309: 'PNG',
310: 'GIF'
311: ];
312:
313: if (!in_array(substr($filename, strrpos($filename, '.') + 1), $allowed)) {
314: $json['error'] = $this->language->get('error_file_type');
315: }
316:
317: // Allowed file mime types
318: $allowed = [
319: 'image/x-icon',
320: 'image/jpeg',
321: 'image/pjpeg',
322: 'image/png',
323: 'image/x-png',
324: 'image/gif',
325: 'image/webp'
326: ];
327:
328: if (!in_array($file['type'], $allowed)) {
329: $json['error'] = $this->language->get('error_file_type');
330: }
331:
332: // Return any upload error
333: if ($file['error'] != UPLOAD_ERR_OK) {
334: $json['error'] = $this->language->get('error_upload_' . $file['error']);
335: }
336: } else {
337: $json['error'] = $this->language->get('error_upload');
338: }
339:
340: if (!$json) {
341: move_uploaded_file($file['tmp_name'], $directory . $filename);
342: }
343: }
344: }
345:
346: if (!$json) {
347: $json['success'] = $this->language->get('text_uploaded');
348: }
349:
350: $this->response->addHeader('Content-Type: application/json');
351: $this->response->setOutput(json_encode($json));
352: }
353:
354: /**
355: * Folder
356: *
357: * @return void
358: */
359: public function folder(): void {
360: $this->load->language('common/filemanager');
361:
362: $json = [];
363:
364: $base = DIR_IMAGE . 'catalog/';
365:
366: // Check user has permission
367: if (!$this->user->hasPermission('modify', 'common/filemanager')) {
368: $json['error'] = $this->language->get('error_permission');
369: }
370:
371: // Make sure we have the correct directory
372: if (isset($this->request->get['directory'])) {
373: $directory = $base . html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8') . '/';
374: } else {
375: $directory = $base;
376: }
377:
378: // Check its a directory
379: if (!is_dir($directory) || substr(str_replace('\\', '/', realpath($directory)) . '/', 0, strlen($base)) != $base) {
380: $json['error'] = $this->language->get('error_directory');
381: }
382:
383: if ($this->request->server['REQUEST_METHOD'] == 'POST') {
384: // Sanitize the folder name
385: $folder = preg_replace('/[\/\\\?%*&:|"<>]/', '', basename(html_entity_decode($this->request->post['folder'], ENT_QUOTES, 'UTF-8')));
386:
387: // Validate the filename length
388: if ((oc_strlen($folder) < 3) || (oc_strlen($folder) > 128)) {
389: $json['error'] = $this->language->get('error_folder');
390: }
391:
392: // Check if directory already exists or not
393: if (is_dir($directory . $folder)) {
394: $json['error'] = $this->language->get('error_exists');
395: }
396: }
397:
398: if (!$json) {
399: mkdir($directory . $folder, 0777);
400:
401: chmod($directory . $folder, 0777);
402:
403: @touch($directory . $folder . '/' . 'index.html');
404:
405: $json['success'] = $this->language->get('text_directory');
406: }
407:
408: $this->response->addHeader('Content-Type: application/json');
409: $this->response->setOutput(json_encode($json));
410: }
411:
412: /**
413: * Delete
414: *
415: * @return void
416: */
417: public function delete(): void {
418: $this->load->language('common/filemanager');
419:
420: $json = [];
421:
422: $base = DIR_IMAGE . 'catalog/';
423:
424: // Check user has permission
425: if (!$this->user->hasPermission('modify', 'common/filemanager')) {
426: $json['error'] = $this->language->get('error_permission');
427: }
428:
429: if (isset($this->request->post['path'])) {
430: $paths = $this->request->post['path'];
431: } else {
432: $paths = [];
433: }
434:
435: // Loop through each path to run validations
436: foreach ($paths as $path) {
437: // Convert any html encoded characters.
438: $path = html_entity_decode($path, ENT_QUOTES, 'UTF-8');
439:
440: // Check path exists
441: if (($path == $base) || (substr(str_replace('\\', '/', realpath($base . $path)) . '/', 0, strlen($base)) != $base)) {
442: $json['error'] = $this->language->get('error_delete');
443:
444: break;
445: }
446: }
447:
448: if (!$json) {
449: // Loop through each path
450: foreach ($paths as $path) {
451: $path = rtrim($base . html_entity_decode($path, ENT_QUOTES, 'UTF-8'), '/');
452:
453: $files = [];
454:
455: // Make path into an array
456: $directory = [$path];
457:
458: // While the path array is still populated keep looping through
459: while (count($directory) != 0) {
460: $next = array_shift($directory);
461:
462: if (is_dir($next)) {
463: foreach (glob(trim($next, '/') . '/{*,.[!.]*,..?*}', GLOB_BRACE) as $file) {
464: // If directory add to path array
465: $directory[] = $file;
466: }
467: }
468:
469: // Add the file to the files to be deleted array
470: $files[] = $next;
471: }
472:
473: // Reverse sort the file array
474: rsort($files);
475:
476: foreach ($files as $file) {
477: // If file just delete
478: if (is_file($file)) {
479: unlink($file);
480: }
481:
482: // If directory use the remove directory function
483: if (is_dir($file)) {
484: rmdir($file);
485: }
486: }
487: }
488:
489: $json['success'] = $this->language->get('text_delete');
490: }
491:
492: $this->response->addHeader('Content-Type: application/json');
493: $this->response->setOutput(json_encode($json));
494: }
495: }
496:
OpenCart API API documentation generated by ApiGen dev-master