public function executePostActionsHook($strAction, \DataContainer $dc) { if ($strAction !== static::$uploadAction) { return false; } // Check whether the field is allowed for regular users if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !\BackendUser::getInstance()->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) { \System::log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR); $objResponse = new ResponseError(); $objResponse->setMessage('Bad Request'); $objResponse->output(); } $this->name = \Input::post('field'); $this->id = \Input::post('field'); $this->field = \Input::post('field'); if ($dc->activeRecord === null) { $dc->activeRecord = General::getModelInstance($dc->table, $dc->id); } // add dca attributes $this->addAttributes(\Widget::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->name], $this->name)); $objResponse = $this->upload(); /** @var Response */ if ($objResponse instanceof Response) { $objResponse->output(); } }
public function upload() { // check for the request token if (!\Input::post('requestToken') || !RequestToken::validate(\Input::post('requestToken'))) { $objResponse = new ResponseError(); $objResponse->setMessage('Invalid Request Token!'); $objResponse->output(); } $objTmpFolder = new \Folder(MultiFileUpload::UPLOAD_TMP); $arrUuids = null; $varReturn = null; // Dropzone Upload if (!empty($_FILES)) { if (!isset($_FILES[$this->name])) { return; } $strField = $this->name; $varFile = $_FILES[$strField]; // Multi-files upload at once if (is_array($varFile['name'])) { for ($i = 0; $i < count($varFile['name']); $i++) { $arrFiles = array(); foreach (array_keys($varFile) as $strKey) { $arrFiles[$strKey] = $varFile[$strKey][$i]; } $arrFile = $this->uploadFile($arrFiles, $objTmpFolder->path, $strField); $varReturn[] = $arrFile; $arrUuids[] = $arrFile['uuid']; } } else { $varReturn = $this->uploadFile($varFile, $objTmpFolder->path, $strField); $arrUuids[] = $varReturn['uuid']; } if ($varReturn !== null) { $this->varValue = $arrUuids; $objResponse = new ResponseSuccess(); $objResult = new ResponseData(); $objResult->setData($varReturn); $objResponse->setResult($objResult); return $objResponse; } } }