Question

我正在为我的客户开发一个模块，用于在Opencart中上传和浏览文件。当我从后端服务器上传文件时，我得到的输出为file.zip.xyzasdf。我只想删除此.xyzasdf 任何人都可以建议我如何从以下代码中删除sanitize ...

public function upload() {
    $this->load->language('catalog/download');

    $json = array();

    // Check user has permission
    if (!$this->user->hasPermission('modify', 'catalog/download')) {
        $json['error'] = $this->language->get('error_permission');
    }

    if (!$json) {
        if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
            // Sanitize the filename
            $filename = basename(html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'));

            // Validate the filename length
            if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) {
                $json['error'] = $this->language->get('error_filename');
            }

            // Allowed file extension types
            $allowed = array();

            $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));

            $filetypes = explode("\n", $extension_allowed);

            foreach ($filetypes as $filetype) {
                $allowed[] = trim($filetype);
            }

            if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
                $json['error'] = $this->language->get('error_filetype');
            }

            // Allowed file mime types
            $allowed = array();

            $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));

            $filetypes = explode("\n", $mime_allowed);

            foreach ($filetypes as $filetype) {
                $allowed[] = trim($filetype);
            }

            if (!in_array($this->request->files['file']['type'], $allowed)) {
                $json['error'] = $this->language->get('error_filetype');
            }

            // Check to see if any PHP files are trying to be uploaded
            $content = file_get_contents($this->request->files['file']['tmp_name']);

            if (preg_match('/\<\?php/i', $content)) {
                $json['error'] = $this->language->get('error_filetype');
            }

            // Return any upload error
            if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
                $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
            }
        } else {
            $json['error'] = $this->language->get('error_upload');
        }
    }

    if (!$json) {
        $file = $filename . '.' . token(32);

        move_uploaded_file($this->request->files['file']['tmp_name'], DIR_FOLDER . $file);

        $json['filename'] = $file;
        $json['mask'] = $filename;

        $json['success'] = $this->language->get('text_upload');
    }

    $this->response->addHeader('Content-Type: application/json');
    $this->response->setOutput(json_encode($json));
}

任何帮助将不胜感激...... 感谢

Answer 1

删除添加到文件名的随机字符串很简单。只需改变

move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);

为：

move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $filename);

但请记住，这会带来问题。 OpenCart在文件上传时将随机字符串保存在数据库中，因此稍后将使用它来识别文件。如果删除此功能，管理面板中的上传文件将不可用。

如何从Opencart下载中删除清理

1 个答案: