App\Controllers\Ajax\ImageUpload

Complexity

Total Complexity

6

Size/Duplication

Total Lines	52
Duplicated Lines	0 %

Importance

Changes

0

1 Method

Rating	Name	Duplication	Size	Complexity
B	tinymceUpload()	0	46	6

<?php
namespace App\Controllers\Ajax;

use Core\AjaxController;

class ImageUpload extends AjaxController{
    /**
     * @var string the image upload folder, must be writable
     */
    private $imageFolder = "uploaded_images/";

The private property $imageFolder is not used, and could be removed.

    public function tinymceUpload(){

        //image uploader for tinymce
//grabbed from https://www.codexworld.com/tinymce-upload-image-to-server-using-php/

// Allowed origins to upload images
        $accepted_origins = array("http://localhost");

// Images upload path
        $imageFolder = "uploaded_images/";

        $temp = $this->container->getRequest()->getUploadeFiles();

The method getUploadeFiles() does not exist on Core\Dependency\Request. Did you maybe mean getUploadedFiles()?

        //need to clean up
        if(is_uploaded_file($temp['tmp_name'])){
            if(isset($_SERVER['HTTP_ORIGIN'])){
                // Same-origin requests won't set an origin. If the origin is set, it must be valid.
                if(in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)){
                    header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
                }else{
                    header("HTTP/1.1 403 Origin Denied");
                    return;
                }
            }

            // Sanitize input
            if(preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])){
                header("HTTP/1.1 400 Invalid file name.");
                return;
            }

            // Verify extension
            if(!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))){
                header("HTTP/1.1 400 Invalid extension.");
                return;
            }

            // Accept upload if there was no origin, or if it is an accepted origin
            $filetowrite = $imageFolder . $temp['name'];
            move_uploaded_file($temp['tmp_name'], $filetowrite);

            // Respond to the successful upload with JSON.
            echo json_encode(array('location' => $filetowrite));
        } else {
            // Notify editor that the upload failed
            header("HTTP/1.1 500 Server Error");
        }


    }




}