dtudj42064 2017-12-24 17:49
浏览 28
已采纳

如何从Opencart下载中删除清理

I am developing a module for my client to upload and browse file in Opencart. when I am uploading file from my back-end server I am getting the output as file.zip.xyzasdf. Where I just want to remove this .xyzasdf Can any one suggest me how to remove sanitize from the following code...

public function upload() {
    $this->load->language('catalog/download');

    $json = array();

    // Check user has permission
    if (!$this->user->hasPermission('modify', 'catalog/download')) {
        $json['error'] = $this->language->get('error_permission');
    }

    if (!$json) {
        if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
            // Sanitize the filename
            $filename = basename(html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'));

            // Validate the filename length
            if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) {
                $json['error'] = $this->language->get('error_filename');
            }

            // Allowed file extension types
            $allowed = array();

            $extension_allowed = preg_replace('~?
~', "
", $this->config->get('config_file_ext_allowed'));

            $filetypes = explode("
", $extension_allowed);

            foreach ($filetypes as $filetype) {
                $allowed[] = trim($filetype);
            }

            if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
                $json['error'] = $this->language->get('error_filetype');
            }

            // Allowed file mime types
            $allowed = array();

            $mime_allowed = preg_replace('~?
~', "
", $this->config->get('config_file_mime_allowed'));

            $filetypes = explode("
", $mime_allowed);

            foreach ($filetypes as $filetype) {
                $allowed[] = trim($filetype);
            }

            if (!in_array($this->request->files['file']['type'], $allowed)) {
                $json['error'] = $this->language->get('error_filetype');
            }

            // Check to see if any PHP files are trying to be uploaded
            $content = file_get_contents($this->request->files['file']['tmp_name']);

            if (preg_match('/\<\?php/i', $content)) {
                $json['error'] = $this->language->get('error_filetype');
            }

            // Return any upload error
            if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
                $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
            }
        } else {
            $json['error'] = $this->language->get('error_upload');
        }
    }

    if (!$json) {
        $file = $filename . '.' . token(32);

        move_uploaded_file($this->request->files['file']['tmp_name'], DIR_FOLDER . $file);

        $json['filename'] = $file;
        $json['mask'] = $filename;

        $json['success'] = $this->language->get('text_upload');
    }

    $this->response->addHeader('Content-Type: application/json');
    $this->response->setOutput(json_encode($json));
}

Any help would be greatly appreciated... Thanks

  • 写回答

1条回答 默认 最新

  • dqq9695 2017-12-24 18:35
    关注

    Removing the random string that is added to the filename is simple. Just change 

    move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);

    to:

    move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $filename);

    But keep in mind that this will bring problems. OpenCart saves the random string in the database at the time of file upload, so it will later use it to identify the file. If you delete this feature, the uploaded files in the admin panel will not be available.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog