public function upload()
{
$this->load->language('common/filemanager');
$json = array();
// Check user has permission
if (!$this->user->hasPermission('modify', 'common/filemanager')) {
$json['error'] = $this->language->get('error_permission');
}
// Make sure we have the correct directory
if (isset($this->request->get['directory'])) {
$directory = rtrim(DIR_IMAGE . 'catalog/' . $this->request->get['directory'], '/');
} else {
$directory = DIR_IMAGE . 'catalog';
}
// Check its a directory
if (!is_dir($directory) || substr(str_replace('\\', '/', realpath($directory)), 0, strlen(DIR_IMAGE . 'catalog')) != DIR_IMAGE . 'catalog') {
$json['error'] = $this->language->get('error_directory');
}
if (!$json) {
// Check if multiple files are uploaded or just one
$files = array();
if (!empty($this->request->files['file']['name']) && is_array($this->request->files['file']['name'])) {
foreach (array_keys($this->request->files['file']['name']) as $key) {
$files[] = array('name' => $this->request->files['file']['name'][$key], 'type' => $this->request->files['file']['type'][$key], 'tmp_name' => $this->request->files['file']['tmp_name'][$key], 'error' => $this->request->files['file']['error'][$key], 'size' => $this->request->files['file']['size'][$key]);
}
}
foreach ($files as $file) {
if (is_file($file['tmp_name'])) {
// Sanitize the filename
$filename = basename(html_entity_decode($file['name'], ENT_QUOTES, 'UTF-8'));
// Validate the filename length
if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 255) {
$json['error'] = $this->language->get('error_filename');
}
// Allowed file extension types
$allowed = array('jpg', 'jpeg', 'gif', 'png');
if (!in_array(utf8_strtolower(utf8_substr(strrchr($filename, '.'), 1)), $allowed)) {
$json['error'] = $this->language->get('error_filetype');
}
// Allowed file mime types
$allowed = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png', 'image/gif');
if (!in_array($file['type'], $allowed)) {
$json['error'] = $this->language->get('error_filetype');
}
// Return any upload error
if ($file['error'] != UPLOAD_ERR_OK) {
$json['error'] = $this->language->get('error_upload_' . $file['error']);
}
} else {
$json['error'] = $this->language->get('error_upload');
}
if (!$json) {
move_uploaded_file($file['tmp_name'], $directory . '/' . $filename);
}
}
}
if (!$json) {
$json['success'] = $this->language->get('text_uploaded');
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}