From 3cf56e396a39d94fecf9a0ea58fa617cdb01f130 Mon Sep 17 00:00:00 2001
From: Defected <53878055+dftd@users.noreply.github.com>
Date: Fri, 19 Nov 2021 15:03:07 +0100
Subject: [PATCH 1/3] Throw exception if uploader gives an error

---
 oc-includes/osclass/classes/controller/CWebAjax.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/oc-includes/osclass/classes/controller/CWebAjax.php b/oc-includes/osclass/classes/controller/CWebAjax.php
index 9a72adadd..4823fe99d 100755
--- a/oc-includes/osclass/classes/controller/CWebAjax.php
+++ b/oc-includes/osclass/classes/controller/CWebAjax.php
@@ -361,6 +361,10 @@ public function doModel()
                 try {
                     $result =
                         $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename);
+                    
+                    if(isset($result['error'])) {
+                        throw new Exception($result['error']);
+                    }
                 } catch (Exception $e) {
                     trigger_error($e->getMessage(), E_USER_WARNING);
                     echo json_encode(array('success' => false));

From 3d0e64fa9cc1e8a5ca393ed6861e142490c075a3 Mon Sep 17 00:00:00 2001
From: codefactor-io <support@codefactor.io>
Date: Fri, 19 Nov 2021 14:04:22 +0000
Subject: [PATCH 2/3] [CodeFactor] Apply fixes to commit 3cf56e3

[ci skip] [skip ci]
---
 oc-includes/osclass/classes/controller/CWebAjax.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oc-includes/osclass/classes/controller/CWebAjax.php b/oc-includes/osclass/classes/controller/CWebAjax.php
index 4823fe99d..9f8e96128 100755
--- a/oc-includes/osclass/classes/controller/CWebAjax.php
+++ b/oc-includes/osclass/classes/controller/CWebAjax.php
@@ -362,7 +362,7 @@ public function doModel()
                     $result =
                         $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename);
                     
-                    if(isset($result['error'])) {
+                    if (isset($result['error'])) {
                         throw new Exception($result['error']);
                     }
                 } catch (Exception $e) {

From 8551bf9ff36624737320309beac2bf008e91b890 Mon Sep 17 00:00:00 2001
From: Defected <53878055+dftd@users.noreply.github.com>
Date: Fri, 19 Nov 2021 21:20:47 +0100
Subject: [PATCH 3/3] Throw in AjaxUploader

---
 oc-includes/AjaxUploader.php                  | 32 ++++++++-----------
 .../osclass/classes/controller/CWebAjax.php   |  4 ---
 2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/oc-includes/AjaxUploader.php b/oc-includes/AjaxUploader.php
index f8e56b713..1bd8a992a 100644
--- a/oc-includes/AjaxUploader.php
+++ b/oc-includes/AjaxUploader.php
@@ -55,17 +55,17 @@ public function getOriginalName()
     public function handleUpload($uploadFilename, $replace = false)
     {
         if (!is_writable(dirname($uploadFilename))) {
-            return array('error' => __("Server error. Upload directory isn't writable."));
+            throw new Exception(__("Server error. Upload directory isn't writable."));
         }
         if (!$this->file) {
-            return array('error' => __('No files were uploaded.'));
+            throw new Exception(__('No files were uploaded.'));
         }
         $size = $this->file->getSize();
         if ($size == 0) {
-            return array('error' => __('File is empty'));
+            throw new Exception(__('File is empty'));
         }
         if ($size > $this->sizeLimit) {
-            return array('error' => __('File is too large'));
+            throw new Exception(__('File is too large'));
         }
 
         $pathinfo = pathinfo($this->file->getOriginalName());
@@ -75,16 +75,14 @@ public function handleUpload($uploadFilename, $replace = false)
         if ($this->allowedExtensions && stripos($this->allowedExtensions, strtolower($ext)) === false) {
             @unlink($uploadFilename); // Wrong extension, remove it for security reasons
 
-            return array(
-                'error' => sprintf(
-                    __('File has an invalid extension, it should be one of %s.'),
-                    $this->allowedExtensions
-                )
-            );
+            throw new Exception(sprintf(
+                __('File has an invalid extension, it should be one of %s.'),
+                $this->allowedExtensions
+            ));
         }
 
         if (!$replace && file_exists($uploadFilename)) {
-            return array('error' => 'Could not save uploaded file. File already exists');
+            throw new Exception(__('Could not save uploaded file. File already exists'));
         }
 
         if ($this->file->save($uploadFilename)) {
@@ -92,12 +90,10 @@ public function handleUpload($uploadFilename, $replace = false)
             if (!$result) {
                 @unlink($uploadFilename); // Wrong extension, remove it for security reasons
 
-                return array(
-                    'error' => sprintf(
-                        __('File has an invalid extension, it should be one of %s.'),
-                        $this->allowedExtensions
-                    )
-                );
+                throw new Exception(sprintf(
+                    __('File has an invalid extension, it should be one of %s.'),
+                    $this->allowedExtensions
+                ));
             }
             $files = Session::newInstance()->_get('ajax_files');
             if (!is_array($files)) {
@@ -109,7 +105,7 @@ public function handleUpload($uploadFilename, $replace = false)
             return array('success' => true);
         }
 
-        return array('error' => 'Could not save uploaded file. The upload was cancelled, or server error encountered');
+        throw new Exception('Could not save uploaded file. The upload was cancelled, or server error encountered');
     }
 
     /**
diff --git a/oc-includes/osclass/classes/controller/CWebAjax.php b/oc-includes/osclass/classes/controller/CWebAjax.php
index 9f8e96128..9a72adadd 100755
--- a/oc-includes/osclass/classes/controller/CWebAjax.php
+++ b/oc-includes/osclass/classes/controller/CWebAjax.php
@@ -361,10 +361,6 @@ public function doModel()
                 try {
                     $result =
                         $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename);
-                    
-                    if (isset($result['error'])) {
-                        throw new Exception($result['error']);
-                    }
                 } catch (Exception $e) {
                     trigger_error($e->getMessage(), E_USER_WARNING);
                     echo json_encode(array('success' => false));