mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor newavatar.php and show (for now) an alert on problems when setting new avatars

This commit is contained in:
kondou 2013-08-12 14:58:35 +02:00
parent 33827d690e
commit 9500109349
3 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/avatar.php
View File

@ -65,11 +65,13 @@ class OC_Avatar {
$type = substr($img->mimeType(), -3); $type = substr($img->mimeType(), -3);
if ($type === 'peg') { $type = 'jpg'; } if ($type === 'peg') { $type = 'jpg'; }
if ($type !== 'jpg' && $type !== 'png') { if ($type !== 'jpg' && $type !== 'png') {
throw new Exception("Unknown filetype for avatar"); $l = \OC_L10N::get('lib');
throw new \Exception($l->t("Unknown filetype for avatar"));
} }
if (!( $img->valid() && ($img->height() === $img->width()) )) { if (!( $img->valid() && ($img->height() === $img->width()) )) {
throw new Exception("Invalid image, or the provided image is not square"); $l = \OC_L10N::get('lib');
throw new \Exception($l->t("Invalid image, or the provided image is not square"));
} }
$view->unlink('avatar.jpg'); $view->unlink('avatar.jpg');

38
settings/ajax/newavatar.php
View File

@ -4,28 +4,30 @@ OC_JSON::checkLoggedIn();
OC_JSON::callCheck(); OC_JSON::callCheck();
$user = OC_User::getUser(); $user = OC_User::getUser();
if(isset($_POST['path'])) { // Delete avatar
if ($_POST['path'] === "false") { // delete avatar if (isset($_POST['path']) && $_POST['path'] === "false") {
\OC_Avatar::setLocalAvatar($user, false); $avatar = false;
} else { // select an image from own files }
try { // Select an image from own files
$path = OC::$SERVERROOT.'/data/'.$user.'/files'.$_POST['path']; elseif (isset($_POST['path'])) {
\OC_Avatar::setLocalAvatar($user, $path); //SECURITY TODO FIXME possible directory traversal here
OC_JSON::success(); $path = $_POST['path'];
} catch (Exception $e) { $avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;
OC_JSON::error(array("msg" => $e->getMessage())); }
} // Upload a new image
} elseif (!empty($_FILES)) {
} elseif (!empty($_FILES)) { // upload a new image
$files = $_FILES['files']; $files = $_FILES['files'];
if ($files['error'][0] === 0) { if ($files['error'][0] === 0) {
$data = file_get_contents($files['tmp_name'][0]); $avatar = file_get_contents($files['tmp_name'][0]);
\OC_Avatar::setLocalAvatar($user, $data);
unlink($files['tmp_name'][0]); unlink($files['tmp_name'][0]);
OC_JSON::success();
} else {
OC_JSON::error();
} }
} else { } else {
OC_JSON::error(); OC_JSON::error();
} }
try {
\OC_Avatar::setLocalAvatar($user, $avatar);
OC_JSON::success();
} catch (\Exception $e) {
OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
}

17
settings/js/personal.js
View File

@ -45,8 +45,13 @@ function changeDisplayName(){
} }
function selectAvatar (path) { function selectAvatar (path) {
$.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}); $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}, function(data) {
updateAvatar(); if (data.status === "success") {
updateAvatar();
} else {
OC.dialogs.alert(data.data.message, t('core', "Error"));
}
});
} }
function updateAvatar () { function updateAvatar () {
@ -143,8 +148,12 @@ $(document).ready(function(){
}); });
var uploadparms = { var uploadparms = {
done: function(e) { done: function(e, data) {
updateAvatar(); if (data.result.status === "success") {
updateAvatar();
} else {
OC.dialogs.alert(data.result.data.message, t('core', "Error"));
}
} }
}; };