/** * Upload a file to the wiki via AJAX * * @return string */ public function ajaxUploadTask() { // Check for request forgeries Request::checkToken(['get', 'post']); // Ensure we have an ID to work with $id = Request::getInt('id', 0); if (!$id) { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_NO_ID'))); return; } // Build the path $type = strtolower(Request::getWord('type', '')); $path = $this->_path($type, $id); if (!$path) { echo json_encode(array('error' => $this->getError())); return; } // allowed extensions for uplaod $allowedExtensions = array('png', 'jpeg', 'jpg', 'gif'); // max upload size $sizeLimit = $this->config->get('maxAllowed', 40000000); // get the file if (isset($_GET['qqfile'])) { $stream = true; $file = $_GET['qqfile']; $size = (int) $_SERVER["CONTENT_LENGTH"]; } elseif (isset($_FILES['qqfile'])) { $stream = false; $file = $_FILES['qqfile']['name']; $size = (int) $_FILES['qqfile']['size']; } else { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_NO_FILE_FOUND'))); return; } if (!is_dir($path)) { if (!Filesystem::makeDirectory($path)) { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH'))); return; } } if (!is_writable($path)) { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_UPLOAD_DIRECTORY_IS_NOT_WRITABLE'))); return; } //check to make sure we have a file and its not too big if ($size == 0) { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_EMPTY_FILE'))); return; } if ($size > $sizeLimit) { $max = preg_replace('/<abbr \\w+=\\"\\w+\\">(\\w{1,3})<\\/abbr>/', '$1', \Hubzero\Utility\Number::formatBytes($sizeLimit)); echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_FILE_TOO_LARGE', $max))); return; } // don't overwrite previous files that were uploaded $pathinfo = pathinfo($file); $filename = $pathinfo['filename']; // Make the filename safe $filename = urldecode($filename); $filename = Filesystem::clean($filename); $filename = str_replace(' ', '_', $filename); $ext = $pathinfo['extension']; if (!in_array(strtolower($ext), $allowedExtensions)) { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_UNKNOWN_FILE_TYPE'))); return; } $file = $path . DS . $filename . '.' . $ext; if ($stream) { //read the php input stream to upload file $input = fopen("php://input", "r"); $temp = tmpfile(); $realSize = stream_copy_to_stream($input, $temp); fclose($input); //move from temp location to target location which is user folder $target = fopen($file, "w"); fseek($temp, 0, SEEK_SET); stream_copy_to_stream($temp, $target); fclose($target); } else { move_uploaded_file($_FILES['qqfile']['tmp_name'], $file); } if (!Filesystem::isSafe($file)) { Filesystem::delete($file); echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_FILE_UNSAFE'))); return; } // Do we have an old file we're replacing? if ($curfile = Request::getVar('currentfile', '')) { // Remove old image if (file_exists($path . DS . $curfile)) { if (!Filesystem::delete($path . DS . $curfile)) { echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_UNABLE_TO_DELETE_FILE'))); return; } } } switch ($type) { case 'product': // Instantiate a model, change some info and save $product = new Product($id); $product->setImage($filename . '.' . $ext); break; default: echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_INVALID_TYPE'))); return; break; } if (!$product->save()) { echo json_encode(array('error' => 'Error updating product')); return; } $imgId = $product->getImage()->imgId; $this_size = filesize($file); list($width, $height, $type, $attr) = getimagesize($file); //echo result echo json_encode(array('success' => true, 'file' => $filename . '.' . $ext, 'directory' => str_replace(PATH_ROOT, '', $path), 'id' => $id, 'imgId' => $imgId, 'size' => \Hubzero\Utility\Number::formatBytes($this_size), 'width' => $width, 'height' => $height)); }