public function actionUpload()
{
$json = array();
if (isset($_POST['directory'])) {
if (isset($_FILES['image']) && $_FILES['image']['tmp_name']) {
$filename = basename(html_entity_decode($_FILES['image']['name'], ENT_QUOTES, 'UTF-8'));
if (strlen($filename) < 3 || strlen($filename) > 255) {
$json['error'] = Yii::t('filemanager', 'Warning: Filename must be a between 3 and 255!');
}
$directory = rtrim(Yii::app()->params['imagePath'] . 'data/' . str_replace('../', '', $_POST['directory']), '/');
if (!is_dir($directory)) {
$json['error'] = Yii::t('filemanager', 'Warning: Please select a directory!');
}
if ($_FILES['image']['size'] > 300000) {
$json['error'] = Yii::t('filemanager', 'Warning: File too big please keep below 300kb and no more than 1000px height or width!');
}
$allowed = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png', 'image/gif', 'application/x-shockwave-flash');
if (!in_array($_FILES['image']['type'], $allowed)) {
$json['error'] = Yii::t('filemanager', 'Warning: Incorrect file type!');
}
$allowed = array('.jpg', '.jpeg', '.gif', '.png', '.flv');
if (!in_array(strtolower(strrchr($filename, '.')), $allowed)) {
$json['error'] = Yii::t('filemanager', 'Warning: Incorrect file type!');
}
if ($_FILES['image']['error'] != UPLOAD_ERR_OK) {
$json['error'] = 'error_upload_' . $_FILES['image']['error'];
}
} else {
$json['error'] = Yii::t('filemanager', 'Warning: Please select a file!');
}
} else {
$json['error'] = Yii::t('filemanager', 'Warning: Please select a directory!');
}
// TODO: add permission verification
/*if (!$this->user->hasPermission('modify', 'common/filemanager')) {
$json['error'] = Yii::t('filemanager', 'Warning: Permission Denied!');
}
*/
if (!isset($json['error'])) {
if (@move_uploaded_file($_FILES['image']['tmp_name'], $directory . '/' . $filename)) {
$json['success'] = Yii::t('filemanager', 'Success: Your file has been uploaded!');
} else {
$json['error'] = Yii::t('filemanager', 'Warning: File could not be uploaded for an unknown reason!');
}
}
echo CJSON::encode($json);
}