diff options
| author | kondou <kondou@ts.unde.re> | 2013-08-18 22:10:23 +0200 |
|---|---|---|
| committer | kondou <kondou@ts.unde.re> | 2013-08-25 21:06:01 +0200 |
| commit | 0a4febf1eba98366d70331512b02aa9e515a782d (patch) | |
| tree | 08ae4295774e4097576bee687f340ca95960f3e6 /avatar.php | |
| parent | 4a9c89fb3323e26fb88559e658136af4bbc7a3c8 (diff) | |
| download | nextcloud-server-0a4febf1eba98366d70331512b02aa9e515a782d.tar.gz nextcloud-server-0a4febf1eba98366d70331512b02aa9e515a782d.zip | |
Integrate newavatar.php into avatar.php by using GET, POST & DELETE
Diffstat (limited to 'avatar.php')
| -rw-r--r-- | avatar.php | 78 |
1 files changed, 57 insertions, 21 deletions
diff --git a/avatar.php b/avatar.php index dee162eca7f..a6d6666c623 100644 --- a/avatar.php +++ b/avatar.php @@ -12,30 +12,66 @@ if ($mode === "none") { exit(); } -if (isset($_GET['user'])) { - //SECURITY TODO does this fully eliminate directory traversals? - $user = stripslashes($_GET['user']); -} else { - $user = false; -} +if ($_SERVER['REQUEST_METHOD'] === "GET") { + if (isset($_GET['user'])) { + //SECURITY TODO does this fully eliminate directory traversals? + $user = stripslashes($_GET['user']); + } else { + $user = false; + } -if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) { - $size = (int)$_GET['size']; - if ($size > 2048) { - $size = 2048; + if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) { + $size = (int)$_GET['size']; + if ($size > 2048) { + $size = 2048; + } + } else { + $size = 64; } -} else { - $size = 64; -} + $image = \OC_Avatar::get($user, $size); + + if ($image instanceof \OC_Image) { + $image->show(); + } elseif (is_string($image)) { // Gravatar alike services + header("Location: ".$image); + } else { + $image = \OC_Avatar::getDefaultAvatar($user, $size); + $image->show(); + } +} elseif ($_SERVER['REQUEST_METHOD'] === "POST") { + $user = OC_User::getUser(); + + // Select an image from own files + if (isset($_POST['path'])) { + //SECURITY TODO FIXME possible directory traversal here + $path = $_POST['path']; + $avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path; + } + // Upload a new image + elseif (!empty($_FILES)) { + $files = $_FILES['files']; + if ($files['error'][0] === 0) { + $avatar = file_get_contents($files['tmp_name'][0]); + unlink($files['tmp_name'][0]); + } + } else { + OC_JSON::error(); + } -$image = \OC_Avatar::get($user, $size); + try { + \OC_Avatar::setLocalAvatar($user, $avatar); + OC_JSON::success(); + } catch (\Exception $e) { + OC_JSON::error(array("data" => array ("message" => $e->getMessage()) )); + } +} elseif ($_SERVER['REQUEST_METHOD'] === "DELETE") { + $user = OC_User::getUser(); -if ($image instanceof \OC_Image) { - $image->show(); -} elseif (is_string($image)) { // Gravatar alike services - header("Location: ".$image); -} else { - $image = \OC_Avatar::getDefaultAvatar($user, $size); - $image->show(); + try { + \OC_Avatar::setLocalAvatar($user, false); + OC_JSON::success(); + } catch (\Exception $e) { + OC_JSON::error(array("data" => array ("message" => $e->getMessage()) )); + } } |