data/kundenkarte
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kundenkarte/ajax/icon_upload.php
data 1b8bf9e8df Stabile 1.1 Version
2026-01-31 08:18:54 +01:00

145 lines
3.7 KiB
PHP
Raw Blame History

<?php
/* Copyright (C) 2026 Alles Watt lauft
*
* AJAX handler for custom icon upload
*/
// Load Dolibarr environment
$res = 0;
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
if (!$res && file_exists("../../../../main.inc.php")) $res = @include "../../../../main.inc.php";
if (!$res) {
http_response_code(500);
die(json_encode(array('error' => 'Include of main fails')));
}
header('Content-Type: application/json');
// Security check
if (!$user->admin && !$user->hasRight('kundenkarte', 'admin')) {
http_response_code(403);
die(json_encode(array('error' => 'Access denied')));
}
$action = GETPOST('action', 'aZ09');
// Directory for custom icons
$iconDir = DOL_DATA_ROOT.'/kundenkarte/icons';
$iconUrl = DOL_URL_ROOT.'/document.php?modulepart=kundenkarte&file=icons/';
// Create directory if not exists
if (!is_dir($iconDir)) {
dol_mkdir($iconDir);
}
/**
* List all custom icons
*/
if ($action == 'list') {
$icons = array();
if (is_dir($iconDir)) {
$files = scandir($iconDir);
foreach ($files as $file) {
if ($file == '.' || $file == '..') continue;
$ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
if (in_array($ext, array('png', 'jpg', 'jpeg', 'gif', 'svg', 'webp'))) {
$icons[] = array(
'filename' => $file,
'url' => $iconUrl.urlencode($file),
'name' => pathinfo($file, PATHINFO_FILENAME)
);
}
}
}
echo json_encode(array('success' => true, 'icons' => $icons));
exit;
}
/**
* Upload a new icon
*/
if ($action == 'upload') {
if (empty($_FILES['icon']) || $_FILES['icon']['error'] != 0) {
http_response_code(400);
die(json_encode(array('error' => 'No file uploaded or upload error')));
}
$file = $_FILES['icon'];
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
// Check extension
$allowedExt = array('png', 'jpg', 'jpeg', 'gif', 'svg', 'webp');
if (!in_array($ext, $allowedExt)) {
http_response_code(400);
die(json_encode(array('error' => 'Invalid file type. Allowed: '.implode(', ', $allowedExt))));
}
// Check size (max 500KB)
if ($file['size'] > 512000) {
http_response_code(400);
die(json_encode(array('error' => 'File too large. Max 500KB')));
}
// Sanitize filename
$filename = dol_sanitizeFileName($file['name']);
$filename = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $filename);
// Check if file exists, add number if so
$baseName = pathinfo($filename, PATHINFO_FILENAME);
$counter = 1;
while (file_exists($iconDir.'/'.$filename)) {
$filename = $baseName.'_'.$counter.'.'.$ext;
$counter++;
}
// Move file
if (move_uploaded_file($file['tmp_name'], $iconDir.'/'.$filename)) {
echo json_encode(array(
'success' => true,
'icon' => array(
'filename' => $filename,
'url' => $iconUrl.urlencode($filename),
'name' => pathinfo($filename, PATHINFO_FILENAME)
)
));
} else {
http_response_code(500);
die(json_encode(array('error' => 'Failed to save file')));
}
exit;
}
/**
* Delete an icon
*/
if ($action == 'delete') {
$filename = GETPOST('filename', 'alphanohtml');
if (empty($filename)) {
http_response_code(400);
die(json_encode(array('error' => 'No filename provided')));
}
// Sanitize to prevent directory traversal
$filename = basename($filename);
$filepath = $iconDir.'/'.$filename;
if (file_exists($filepath)) {
if (unlink($filepath)) {
echo json_encode(array('success' => true));
} else {
http_response_code(500);
die(json_encode(array('error' => 'Failed to delete file')));
}
} else {
http_response_code(404);
die(json_encode(array('error' => 'File not found')));
}
exit;
}
http_response_code(400);
die(json_encode(array('error' => 'Invalid action')));
Reference in a new issue View git blame Copy permalink