influxweb
4/29/2015 - 5:37 PM

Miva - File Upload as Text Attribute

Miva - File Upload as Text Attribute

<?php

// NOTE: Please use the `upload.php` file.
//       This `upload_simple_insecure.php` script is just here as a simple example.

$ds = DIRECTORY_SEPARATOR;
$result = array(
	'status' => 'null',
	'path' => ''
);
$storeFolder = '../uploads';

if( $_POST['Basket_ID'] ){
	$storeFolder .= $ds.$_POST['Basket_ID'];
	if( !is_dir($storeFolder) ){
		mkdir($storeFolder);
	}
}

if (!empty($_FILES)) {
	$tempFile = $_FILES['file']['tmp_name'];
	$targetPath = dirname( __FILE__ ).$ds.$storeFolder.$ds;
	$targetFile =  $targetPath.$_FILES['file']['name'];
	$result['path'] = $storeFolder.$ds.$_FILES['file']['name'];

	if( move_uploaded_file($tempFile, $targetFile) ){
		$result['status'] = 'success';
	}
	else {
		$result['status'] = 'error';
	}
}

echo json_encode($result);
<?php

header('Content-Type: text/plain; charset=utf-8');

try {

	// Undefined | Multiple Files | $_FILES Corruption Attack
	// If this request falls under any of them, treat it invalid.
	if (
		!isset($_FILES['file']['error']) ||
		is_array($_FILES['file']['error'])
	) {
		var_dump($_FILES['file']['error']);
		throw new RuntimeException('Error: Invalid parameters.');
	}

	if( !is_numeric($_POST['Customer_ID']) ){
		throw new RuntimeException('Error: Invalid customer id.');
	}

	// Check $_FILES['file']['error'] value.
	switch ($_FILES['file']['error']) {
		case UPLOAD_ERR_OK:
			break;
		case UPLOAD_ERR_NO_FILE:
			throw new RuntimeException('Error: No file sent.');
		case UPLOAD_ERR_INI_SIZE:
		case UPLOAD_ERR_FORM_SIZE:
			throw new RuntimeException('Error: Exceeded filesize limit.');
		default:
			throw new RuntimeException('Error: Unknown errors.');
	}

	// You should also check filesize here.
	if ($_FILES['file']['size'] > 1000000) {
		throw new RuntimeException('Error: Exceeded filesize limit.');
	}

	// DO NOT TRUST $_FILES['file']['mime'] VALUE !!
	// Check MIME Type by yourself.
	$finfo = new finfo(FILEINFO_MIME_TYPE);
	if (false === $ext = array_search(
		$finfo->file($_FILES['file']['tmp_name']),
		array(
			'jpg' => 'image/jpeg',
			'jpeg' => 'image/jpeg',
			'png' => 'image/png',
			'gif' => 'image/gif',
		),
		true
	)) {
		throw new RuntimeException('Error: Invalid file format.');
	}

	// You should name it uniquely.
	// DO NOT USE $_FILES['file']['name'] WITHOUT ANY VALIDATION !!
	// On this example, obtain safe unique name from its binary data.
	$path = sprintf('../uploads/%s/%s.%s', $_POST['Customer_ID'], sha1_file($_FILES['file']['tmp_name']), $ext);
	if (move_uploaded_file($_FILES['file']['tmp_name'], $path) ) {
		echo $path;
	} else {
		throw new RuntimeException('Error: Failed to move uploaded file.');
	}
} catch (RuntimeException $e) {
	echo $e->getMessage();
}
<?php

header('Content-Type: text/plain; charset=utf-8');

try {

	// Undefined | Multiple Files | $_FILES Corruption Attack
	// If this request falls under any of them, treat it invalid.
	if (
		!isset($_FILES['file']['error']) ||
		is_array($_FILES['file']['error'])
	) {
		var_dump($_FILES['file']['error']);
		throw new RuntimeException('Error: Invalid parameters.');
	}

	if( !is_numeric($_POST['Customer_ID']) ){
		throw new RuntimeException('Error: Invalid customer id.');
	}

	// Check $_FILES['file']['error'] value.
	switch ($_FILES['file']['error']) {
		case UPLOAD_ERR_OK:
			break;
		case UPLOAD_ERR_NO_FILE:
			throw new RuntimeException('Error: No file sent.');
		case UPLOAD_ERR_INI_SIZE:
		case UPLOAD_ERR_FORM_SIZE:
			throw new RuntimeException('Error: Exceeded filesize limit.');
		default:
			throw new RuntimeException('Error: Unknown errors.');
	}

	// You should also check filesize here.
	if ($_FILES['file']['size'] > 1000000) {
		throw new RuntimeException('Error: Exceeded filesize limit.');
	}

	// DO NOT TRUST $_FILES['file']['mime'] VALUE !!
	// Check MIME Type by yourself.
	$finfo = new finfo(FILEINFO_MIME_TYPE);
	if (false === $ext = array_search(
		$finfo->file($_FILES['file']['tmp_name']),
		array(
			'jpg' => 'image/jpeg',
			'jpeg' => 'image/jpeg',
			'png' => 'image/png',
			'gif' => 'image/gif',
		),
		true
	)) {
		throw new RuntimeException('Error: Invalid file format.');
	}

	// You should name it uniquely.
	// DO NOT USE $_FILES['file']['name'] WITHOUT ANY VALIDATION !!
	// On this example, obtain safe unique name from its binary data.
	$path = sprintf('../uploads/%s/%s.%s', $_POST['Customer_ID'], sha1_file($_FILES['file']['tmp_name']), $ext);
	if (move_uploaded_file($_FILES['file']['tmp_name'], $path) ) {
		echo $path;
	} else {
		throw new RuntimeException('Error: Failed to move uploaded file.');
	}
} catch (RuntimeException $e) {
	echo $e->getMessage();
}
(function mvdropzone(){
	if( !$('.dropzone').length ){
		return;
	}

	$.getScript('//cdnjs.cloudflare.com/ajax/libs/dropzone/4.0.1/min/dropzone.min.js', function(){
		$('head').append('<link href="//cdnjs.cloudflare.com/ajax/libs/dropzone/4.0.1/min/dropzone.min.css" rel="stylesheet">');
		Dropzone.autoDiscover = false;

		// $('.dropzone').css('display', 'block');
		$('.dropzone').each(function(){
			var $dropzone = $(this),
				$attributeInput = $dropzone.next(),
				dropZoneId = '#' + $dropzone.attr('id');

			$attributeInput.hide();
			$dropzone.parent().prev('.prompt').hide();

			this.myDropZone = new Dropzone(
				dropZoneId, {
					url: '/php/upload.php'
				}
			);

			this.myDropZone.on('sending', function(file, xhr, formData) {
				formData.append('Basket_ID', $dropzone.data('basket-id') );
			});

			this.myDropZone.on('complete', function(file, a, b) {
				var response = $.parseJSON(file.xhr.response);
				if( response.status === 'success' ){
					var filePaths = ($attributeInput.val().length) ? $attributeInput.val().split(',') : [],
						path = window.location.origin + response.path.replace(/\.\./, '');

					filePaths.push(path);
					$attributeInput.val( filePaths.join(',') );
				} else {
					alert('Error uploading file.');
				}
			});
		});
	});
})();
...
<td class="field">
	<mvt:if expr="l.settings:attribute:type EQ 'text'">
		<mvt:if expr="'upload_' IN l.settings:attribute:code EQ 1">
			<div class="dropzone" id="dropzone-&mvt:product:id;-&mvt:attribute:id;" data-basket-id="&mvt:global:basket:basket_id;"></div>
		</mvt:if>
		<input type="text" name="Product_Attributes[&mvt:attribute:index;]:value" value="&mvte:attribute:value;" class="textfield" />
	<mvt:elseif expr="l.settings:attribute:type EQ 'memo'">
    ...