diff options
author | kondou <kondou@ts.unde.re> | 2013-09-01 19:12:54 +0200 |
---|---|---|
committer | kondou <kondou@ts.unde.re> | 2013-09-01 19:12:54 +0200 |
commit | c95d4cafa90ab1775cae1fd5d70f098005f8b134 (patch) | |
tree | cf9d3728298f01b1c9327981a638e9c3d2acb1b4 /core/avatar/controller.php | |
parent | 76b1b5b6a31f8241a369f45da4de99a6dd71e2eb (diff) | |
download | nextcloud-server-c95d4cafa90ab1775cae1fd5d70f098005f8b134.tar.gz nextcloud-server-c95d4cafa90ab1775cae1fd5d70f098005f8b134.zip |
Fix @tanghus's complains in avatars and clean up cropper after closing with "x"
Diffstat (limited to 'core/avatar/controller.php')
-rw-r--r-- | core/avatar/controller.php | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/core/avatar/controller.php b/core/avatar/controller.php index 8f1d6a57069..249c4cb6e2b 100644 --- a/core/avatar/controller.php +++ b/core/avatar/controller.php @@ -46,7 +46,11 @@ class OC_Core_Avatar_Controller { if (!empty($_FILES)) { $files = $_FILES['files']; - if ($files['error'][0] === 0) { + if ( + $files['error'][0] === 0 && + is_uploaded_file($files['tmp_name'][0]) && + !\OC\Files\Filesystem::isFileBlacklisted($files['tmp_name'][0]) + ) { $newAvatar = file_get_contents($files['tmp_name'][0]); unlink($files['tmp_name'][0]); } @@ -59,8 +63,21 @@ class OC_Core_Avatar_Controller { } catch (\OC\NotSquareException $e) { $image = new \OC_Image($newAvatar); - \OC_Cache::set('tmpavatar', $image->data(), 7200); - \OC_JSON::error(array("data" => array("message" => "notsquare") )); + if ($image->valid()) { + \OC_Cache::set('tmpavatar', $image->data(), 7200); + \OC_JSON::error(array("data" => array("message" => "notsquare") )); + } else { + $l = new \OC_L10n('core'); + $type = substr($image->mimeType(), -3); + if ($type === 'peg') { $type = 'jpg'; } + if ($type !== 'jpg' && $type !== 'png') { + \OC_JSON::error(array("data" => array("message" => $l->t("Unknown filetype")) )); + } + + if (!$img->valid()) { + \OC_JSON::error(array("data" => array("message" => $l->t("Invalid image")) )); + } + } } catch (\Exception $e) { \OC_JSON::error(array("data" => array("message" => $e->getMessage()) )); } @@ -74,7 +91,7 @@ class OC_Core_Avatar_Controller { $avatar->remove($user); \OC_JSON::success(); } catch (\Exception $e) { - \OC_JSON::error(array("data" => array ("message" => $e->getMessage()) )); + \OC_JSON::error(array("data" => array("message" => $e->getMessage()) )); } } @@ -93,11 +110,18 @@ class OC_Core_Avatar_Controller { public static function postCroppedAvatar($args) { $user = OC_User::getUser(); - $crop = $_POST['crop']; + if (isset($_POST['crop'])) { + $crop = $_POST['crop']; + } else { + $l = new \OC_L10n('core'); + \OC_JSON::error(array("data" => array("message" => $l->t("No crop data provided")) )); + return; + } $tmpavatar = \OC_Cache::get('tmpavatar'); if ($tmpavatar === false) { - \OC_JSON::error(); + $l = new \OC_L10n('core'); + \OC_JSON::error(array("data" => array("message" => $l->t("No temporary avatar available, try again")) )); return; } |