mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12997 Commits
416 Branches
Tree: 9a8908b643
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9a8908b643'
${ noResults }
nextcloud/avatar.php

avatar.php 2.1KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. <?php

  2. 

  3. require_once 'lib/base.php';

  4. 

  5. if (!\OC_User::isLoggedIn()) {

  6. 	header("HTTP/1.0 403 Forbidden");

  7. 	\OC_Template::printErrorPage("Permission denied");

  8. }

  9. 

  10. if ($_SERVER['REQUEST_METHOD'] === "GET") {

  11. 	if (isset($_GET['user'])) {

  12. 		//SECURITY TODO does this fully eliminate directory traversals?

  13. 		$user = stripslashes($_GET['user']);

  14. 	} else {

  15. 		exit();

  16. 	}

  17. 

  18. 	if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) {

  19. 		$size = (int)$_GET['size'];

  20. 		if ($size > 2048) {

  21. 			$size = 2048;

  22. 		}

  23. 	} else {

  24. 		$size = 64;

  25. 	}

  26. 

  27. 	$image = \OC_Avatar::get($user, $size);

  28. 

  29. 	if ($image instanceof \OC_Image) {

  30. 		$image->show();

  31. 	} elseif ($image === false) {

  32. 		OC_JSON::success(array('user' => $user, 'size' => $size));

  33. 	}

  34. } elseif ($_SERVER['REQUEST_METHOD'] === "POST") {

  35. 	$user = OC_User::getUser();

  36. 

  37. 	// Select an image from own files

  38. 	if (isset($_POST['path'])) {

  39. 		$path = stripslashes($_POST['path']);

  40. 		$avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;

  41. 	}

  42. 

  43. 	if (isset($_POST['crop'])) {

  44. 		$crop = json_decode($_POST['crop'], true);

  45. 		if (!isset($path)) {

  46. 			// TODO get path to temporarily saved uploaded-avatar

  47. 		}

  48. 		$image = new \OC_Image($avatar);

  49. 		$image->crop($x, $y, $w, $h);

  50. 		$avatar = $image->data();

  51. 	}

  52. 

  53. 	// Upload a new image

  54. 	if (!empty($_FILES)) {

  55. 		$files = $_FILES['files'];

  56. 		if ($files['error'][0] === 0) {

  57. 			$avatar = file_get_contents($files['tmp_name'][0]);

  58. 			unlink($files['tmp_name'][0]);

  59. 			// TODO make the tmp_name reusable, if the uploaded avatar is not square

  60. 		}

  61. 	}

  62. 

  63. 	try {

  64. 		\OC_Avatar::set($user, $avatar);

  65. 		OC_JSON::success();

  66. 	} catch (\OC\NotSquareException $e) {

  67. 		$tmpname = \OC_Util::generate_random_bytes(10);

  68. 		// TODO Save the image temporarily here

  69. 		// TODO add a cronjob that cleans up stale tmpimages

  70. 		OC_JSON::error(array("data" => array("message" => "notsquare", "tmpname" => $tmpname) ));

  71. 	} catch (\Exception $e) {

  72. 		OC_JSON::error(array("data" => array("message" => $e->getMessage()) ));

  73. 	}

  74. } elseif ($_SERVER['REQUEST_METHOD'] === "DELETE") {

  75. 	$user = OC_User::getUser();

  76. 

  77. 	try {

  78. 		\OC_Avatar::remove($user);

  79. 		OC_JSON::success();

  80. 	} catch (\Exception $e) {

  81. 		OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));

  82. 	}

  83. }