/**
* Uploads a file to a given directory and returns an attachment string
* that is appended to report/comment bodies
*
* @param string $listdir Directory to upload files to
* @return string A string that gets appended to messages
*/
public function uploadTask($listdir, $comment_id = 0)
{
if (!$listdir) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_MISSING_UPLOAD_DIRECTORY'));
return '';
}
// Construct our file path
$path = PATH_APP . DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $listdir;
$row = new Tables\Attachment($this->database);
// Rename temp directories
if ($tmp = Request::getInt('tmp_dir')) {
$tmpPath = PATH_APP . DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $tmp;
if (is_dir($tmpPath)) {
if (!\Filesystem::move($tmpPath, $path)) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_MOVE_UPLOAD_PATH'));
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_MOVE_UPLOAD_PATH'), 500);
return '';
}
$row->updateTicketId($tmp, $listdir);
}
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!isset($file['name']) || !$file['name']) {
//$this->setError(Lang::txt('SUPPORT_NO_FILE'));
return '';
}
// Incoming
$description = Request::getVar('description', '');
// Build the path if it doesn't exist
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH'));
return '';
}
}
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
$ext = strtolower(Filesystem::extension($file['name']));
//make sure that file is acceptable type
if (!in_array($ext, explode(',', $this->config->get('file_ext')))) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_INCORRECT_FILE_TYPE'));
return Lang::txt('COM_SUPPORT_ERROR_INCORRECT_FILE_TYPE');
}
$filename = Filesystem::name($file['name']);
while (file_exists($path . DS . $filename . '.' . $ext)) {
$filename .= rand(10, 99);
}
$finalfile = $path . DS . $filename . '.' . $ext;
// Perform the upload
if (!Filesystem::upload($file['tmp_name'], $finalfile)) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_UPLOADING'));
return '';
} else {
// Scan for viruses
if (!\Filesystem::isSafe($finalfile)) {
if (\Filesystem::delete($finalfile)) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_FAILED_VIRUS_SCAN'));
return Lang::txt('COM_SUPPORT_ERROR_FAILED_VIRUS_SCAN');
}
}
// File was uploaded
// Create database entry
$description = htmlspecialchars($description);
$row->bind(array('id' => 0, 'ticket' => $listdir, 'comment_id' => $comment_id, 'filename' => $filename . '.' . $ext, 'description' => $description));
if (!$row->check()) {
$this->setError($row->getError());
}
if (!$row->store()) {
$this->setError($row->getError());
}
if (!$row->id) {
$row->getID();
}
return '{attachment#' . $row->id . '}';
}
}
