diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-08 13:35:46 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-08 13:35:46 +0100 |
| commit | 5380215dca98b4afb49fa919c61fee047c804f33 (patch) | |
| tree | 488c2ba3e0cbdd34ec93e8d3b8684be2a9258e18 | |
| parent | 074a7fd47593ea375c6417366552856c053ea895 (diff) | |
| parent | 99cf90c8a49f10deb030d636071ad064028d2e1d (diff) | |
| download | nextcloud-server-5380215dca98b4afb49fa919c61fee047c804f33.tar.gz nextcloud-server-5380215dca98b4afb49fa919c61fee047c804f33.zip | |
Merge pull request #21536 from owncloud/avatar_verify_posted_path
Verify the path is a file on avatar update
| -rw-r--r-- | core/avatar/avatarcontroller.php | 3 | ||||
| -rw-r--r-- | settings/css/settings.css | 2 | ||||
| -rw-r--r-- | tests/core/avatar/avatarcontrollertest.php | 17 |
3 files changed, 21 insertions, 1 deletions
diff --git a/core/avatar/avatarcontroller.php b/core/avatar/avatarcontroller.php index e8139aa50ae..e67f4ae8ba0 100644 --- a/core/avatar/avatarcontroller.php +++ b/core/avatar/avatarcontroller.php @@ -160,6 +160,9 @@ class AvatarController extends Controller { if (isset($path)) { $path = stripslashes($path); $node = $this->userFolder->get($path); + if (!($node instanceof \OCP\Files\File)) { + return new DataResponse(['data' => ['message' => $this->l->t('Please select a file.')]], Http::STATUS_OK, $headers); + } if ($node->getSize() > 20*1024*1024) { return new DataResponse( ['data' => ['message' => $this->l->t('File is too big')]], diff --git a/settings/css/settings.css b/settings/css/settings.css index 8805919c96a..0c6c9820ea9 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -17,7 +17,7 @@ input#openid, input#webdav { width:20em; } margin-bottom: 10px; } #avatar .warning { - width: 350px; + width: 100%; } #uploadavatarbutton, #selectavatar, diff --git a/tests/core/avatar/avatarcontrollertest.php b/tests/core/avatar/avatarcontrollertest.php index 7f69ba0aadb..9e46e1782af 100644 --- a/tests/core/avatar/avatarcontrollertest.php +++ b/tests/core/avatar/avatarcontrollertest.php @@ -324,6 +324,23 @@ class AvatarControllerTest extends \Test\TestCase { } /** + * Test posting avatar from existing folder + */ + public function testPostAvatarFromNoFile() { + $file = $this->getMock('OCP\Files\Node'); + $this->container['UserFolder'] + ->method('get') + ->with('folder') + ->willReturn($file); + + //Create request return + $response = $this->avatarController->postAvatar('folder'); + + //On correct upload always respond with the notsquare message + $this->assertEquals(['data' => ['message' => 'Please select a file.']], $response->getData()); + } + + /** * Test what happens if the upload of the avatar fails */ public function testPostAvatarException() { |