Sanitize displayname, respect data @ $element, fix routename, clean after cropping, updateAvatar with displayname

core/avatar/controller.php

@@ -25,8 +25,8 @@ class OC_Core_Avatar_Controller {
 			$size = 64;
 		}
 
-		$ava = new \OC_Avatar();
-		$image = $ava->get($user, $size);
+		$avatar = new \OC_Avatar();
+		$image = $avatar->get($user, $size);
 
 		if ($image instanceof \OC_Image) {
 			$image->show();

core/js/jquery.avatar.js

@@ -10,6 +10,8 @@
 		if (typeof(size) === 'undefined') {
 			if (this.height() > 0) {
 				size = this.height();
+			} else if (this.data('size') > 0) {
+				size = this.data('size');
 			} else {
 				size = 64;
 			}
@@ -19,9 +21,16 @@
 		this.width(size);
 
 		if (typeof(user) === 'undefined') {
+			if (typeof(this.data('user')) !== 'undefined') {
+				user = this.data('user');
+			} else {
 				this.placeholder('x');
 				return;
 			}
+		}
+
+		// sanitize
+		user = user.replace(/\//g,'');
 
 		var $div = this;
 

core/routes.php

@@ -59,8 +59,10 @@ $this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{
 	->action('OC_Core_LostPassword_Controller', 'resetPassword');
 
 // Avatar routes
+$this->create('core_avatar_get_tmp', '/avatar/tmp')
+        ->get()
+        ->action('OC_Core_Avatar_Controller', 'getTmpAvatar');
 $this->create('core_avatar_get', '/avatar/{user}/{size}')
-	->defaults(array('user' => '', 'size' => 64))
 	->get()
 	->action('OC_Core_Avatar_Controller', 'getAvatar');
 $this->create('core_avatar_post', '/avatar/')
@@ -69,9 +71,6 @@ $this->create('core_avatar_post', '/avatar/')
 $this->create('core_avatar_delete', '/avatar/')
 	->delete()
 	->action('OC_Core_Avatar_Controller', 'deleteAvatar');
-$this->create('core_avatar_get_tmp', '/avatartmp/') //TODO better naming, so it doesn't conflict with core_avatar_get
-	->get()
-	->action('OC_Core_Avatar_Controller', 'getTmpAvatar');
 $this->create('core_avatar_post_cropped', '/avatar/cropped')
 	->post()
 	->action('OC_Core_Avatar_Controller', 'postCroppedAvatar');

settings/css/settings.css

@@ -37,9 +37,6 @@ td.name, td.password { padding-left:.8em; }
 td.password>img,td.displayName>img, td.remove>a, td.quota>img { visibility:hidden; }
 td.password, td.quota, td.displayName { width:12em; cursor:pointer; }
 td.password>span, td.quota>span, rd.displayName>span { margin-right: 1.2em; color: #C7C7C7; }
-td.avatar img {
-	margin-top: 6px;
-}
 
 td.remove { width:1em; padding-right:1em; }
 tr:hover>td.password>span, tr:hover>td.displayName>span { margin:0; cursor:pointer; }

settings/js/personal.js

@@ -34,6 +34,7 @@ function changeDisplayName(){
                 $('#oldDisplayName').text($('#displayName').val());
                 // update displayName on the top right expand button
                 $('#expandDisplayName').text($('#displayName').val());
+		updateAvatar();
             }
             else{
                 $('#newdisplayname').val(data.data.displayName);
@@ -82,7 +83,6 @@ function showAvatarCropper() {
 }
 
 function sendCropData() {
-	$('#cropperbox').ocdialog('close');
 	var cropperdata = $('#cropper').data();
 	var data = {
 		x: cropperdata.x,
@@ -90,6 +90,7 @@ function sendCropData() {
 		w: cropperdata.w,
 		h: cropperdata.h
 	};
+	$('#cropperbox').remove();
 	$.post(OC.Router.generate('core_avatar_post_cropped'), {crop: data}, avatarResponseHandler);
 }