Integrate newavatar.php into avatar.php by using GET, POST & DELETE

remotes/origin/stable6
kondou 12 years ago
parent 4a9c89fb33
commit 0a4febf1eb
  1. 78
      avatar.php
  2. 33
      settings/ajax/newavatar.php
  3. 11
      settings/js/personal.js
  4. 2
      settings/routes.php
  5. 2
      settings/templates/personal.php

@ -12,30 +12,66 @@ if ($mode === "none") {
exit();
}
if (isset($_GET['user'])) {
//SECURITY TODO does this fully eliminate directory traversals?
$user = stripslashes($_GET['user']);
} else {
$user = false;
}
if ($_SERVER['REQUEST_METHOD'] === "GET") {
if (isset($_GET['user'])) {
//SECURITY TODO does this fully eliminate directory traversals?
$user = stripslashes($_GET['user']);
} else {
$user = false;
}
if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) {
$size = (int)$_GET['size'];
if ($size > 2048) {
$size = 2048;
if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) {
$size = (int)$_GET['size'];
if ($size > 2048) {
$size = 2048;
}
} else {
$size = 64;
}
} else {
$size = 64;
}
$image = \OC_Avatar::get($user, $size);
if ($image instanceof \OC_Image) {
$image->show();
} elseif (is_string($image)) { // Gravatar alike services
header("Location: ".$image);
} else {
$image = \OC_Avatar::getDefaultAvatar($user, $size);
$image->show();
}
} elseif ($_SERVER['REQUEST_METHOD'] === "POST") {
$user = OC_User::getUser();
// Select an image from own files
if (isset($_POST['path'])) {
//SECURITY TODO FIXME possible directory traversal here
$path = $_POST['path'];
$avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;
}
// Upload a new image
elseif (!empty($_FILES)) {
$files = $_FILES['files'];
if ($files['error'][0] === 0) {
$avatar = file_get_contents($files['tmp_name'][0]);
unlink($files['tmp_name'][0]);
}
} else {
OC_JSON::error();
}
$image = \OC_Avatar::get($user, $size);
try {
\OC_Avatar::setLocalAvatar($user, $avatar);
OC_JSON::success();
} catch (\Exception $e) {
OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
}
} elseif ($_SERVER['REQUEST_METHOD'] === "DELETE") {
$user = OC_User::getUser();
if ($image instanceof \OC_Image) {
$image->show();
} elseif (is_string($image)) { // Gravatar alike services
header("Location: ".$image);
} else {
$image = \OC_Avatar::getDefaultAvatar($user, $size);
$image->show();
try {
\OC_Avatar::setLocalAvatar($user, false);
OC_JSON::success();
} catch (\Exception $e) {
OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
}
}

@ -1,33 +0,0 @@
<?php
OC_JSON::checkLoggedIn();
OC_JSON::callCheck();
$user = OC_User::getUser();
// Delete avatar
if (isset($_POST['path']) && $_POST['path'] === "false") {
$avatar = false;
}
// Select an image from own files
elseif (isset($_POST['path'])) {
//SECURITY TODO FIXME possible directory traversal here
$path = $_POST['path'];
$avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;
}
// Upload a new image
elseif (!empty($_FILES)) {
$files = $_FILES['files'];
if ($files['error'][0] === 0) {
$avatar = file_get_contents($files['tmp_name'][0]);
unlink($files['tmp_name'][0]);
}
} else {
OC_JSON::error();
}
try {
\OC_Avatar::setLocalAvatar($user, $avatar);
OC_JSON::success();
} catch (\Exception $e) {
OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
}

@ -45,7 +45,7 @@ function changeDisplayName(){
}
function selectAvatar (path) {
$.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}, function(data) {
$.post(OC.filePath('', '', 'avatar.php'), {path: path}, function(data) {
if (data.status === "success") {
updateAvatar();
} else {
@ -168,8 +168,13 @@ $(document).ready(function(){
});
$('#removeavatar').click(function(){
$.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: false});
updateAvatar();
$.ajax({
type: 'DELETE',
url: OC.filePath('', '', 'avatar.php'),
success: function(msg) {
updateAvatar();
}
});
});
} );

@ -72,5 +72,3 @@ $this->create('isadmin', '/settings/js/isadmin.js')
->actionInclude('settings/js/isadmin.php');
$this->create('settings_ajax_setavatarmode', '/settings/ajax/setavatarmode.php')
->actionInclude('settings/ajax/setavatarmode.php');
$this->create('settings_ajax_newavatar', '/settings/ajax/newavatar.php')
->actionInclude('settings/ajax/newavatar.php');

@ -84,7 +84,7 @@ if($_['passwordChangeSupported']) {
?>
<?php if ($_['avatar'] !== "none"): ?>
<form id="avatar" method="post" action="<?php p(\OC_Helper::linkToRoute('settings_ajax_newavatar')); ?>">
<form id="avatar" method="post" action="<?php p(\OC_Helper::linkTo('', 'avatar.php')); ?>">
<fieldset class="personalblock">
<legend><strong><?php p($l->t('Profile Image')); ?></strong></legend>
<img src="<?php print_unescaped(link_to('', 'avatar.php').'?user='.OC_User::getUser().'&size=128'); ?>"><br>

Loading…
Cancel
Save