Refactor newavatar.php and show (for now) an alert on problems when setting new avatars

12 years ago · 9500109349
parent 33827d690e
commit 9500109349
3 changed files with 37 additions and 24 deletions
--- a/lib/avatar.php
+++ b/lib/avatar.php
@ -65,11 +65,13 @@ class OC_Avatar {
 			$type = substr($img->mimeType(), -3);
 			if ($type === 'peg') { $type = 'jpg'; }
 			if ($type !== 'jpg' && $type !== 'png') {
-				throw new Exception("Unknown filetype for avatar");
+				$l = \OC_L10N::get('lib');
+				throw new \Exception($l->t("Unknown filetype for avatar"));
 			}

 			if (!( $img->valid() && ($img->height() === $img->width()) )) {
-				throw new Exception("Invalid image, or the provided image is not square");
+				$l = \OC_L10N::get('lib');
+				throw new \Exception($l->t("Invalid image, or the provided image is not square"));
 			}

 			$view->unlink('avatar.jpg');
--- a/settings/ajax/newavatar.php
+++ b/settings/ajax/newavatar.php
@ -4,28 +4,30 @@ OC_JSON::checkLoggedIn();
 OC_JSON::callCheck();
 $user = OC_User::getUser();

-if(isset($_POST['path'])) {
-	if ($_POST['path'] === "false") { // delete avatar
-		\OC_Avatar::setLocalAvatar($user, false);
-	} else { // select an image from own files
-		try {
-			$path = OC::$SERVERROOT.'/data/'.$user.'/files'.$_POST['path'];
-			\OC_Avatar::setLocalAvatar($user, $path);
-			OC_JSON::success();
-		} catch (Exception $e) {
-			OC_JSON::error(array("msg" => $e->getMessage()));
-		}
-	}
-} elseif (!empty($_FILES)) { // upload a new image
+// Delete avatar
+if (isset($_POST['path']) && $_POST['path'] === "false") {
+	$avatar = false;
+}
+// Select an image from own files
+elseif (isset($_POST['path'])) {
+	//SECURITY TODO FIXME possible directory traversal here
+	$path = $_POST['path'];
+	$avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;
+}
+// Upload a new image
+elseif (!empty($_FILES)) {
 	$files = $_FILES['files'];
 	if ($files['error'][0] === 0) {
-		$data = file_get_contents($files['tmp_name'][0]);
-		\OC_Avatar::setLocalAvatar($user, $data);
+		$avatar = file_get_contents($files['tmp_name'][0]);
 		unlink($files['tmp_name'][0]);
-		OC_JSON::success();
-	} else {
-		OC_JSON::error();
 	}
 } else {
 	OC_JSON::error();
 }
+
+try {
+	\OC_Avatar::setLocalAvatar($user, $avatar);
+	OC_JSON::success();
+} catch (\Exception $e) {
+	OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
+}
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@ -45,8 +45,13 @@ function changeDisplayName(){
 }

 function selectAvatar (path) {
-	$.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path});
-	updateAvatar();
+	$.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}, function(data) {
+		if (data.status === "success") {
+			updateAvatar();
+		} else {
+			OC.dialogs.alert(data.data.message, t('core', "Error"));
+		}
+	});
 }

 function updateAvatar () {
@ -143,8 +148,12 @@ $(document).ready(function(){
 	});

 	var uploadparms = {
-		done: function(e) {
-			updateAvatar();
+		done: function(e, data) {
+			if (data.result.status === "success") {
+				updateAvatar();
+			} else {
+				OC.dialogs.alert(data.result.data.message, t('core', "Error"));
+			}
 		}
 	};