Verify the path is a file on avatar update

Fixes #21533 Before we just assumed that the passed path was a file. This does not have to be the case. Thus check if it actually is a file before doing any more tests.
author: Roeland Jago Douma <rullzer@owncloud.com> 2016-01-08 10:03:49 +0100
committer: Roeland Jago Douma <rullzer@owncloud.com> 2016-01-08 10:03:49 +0100
commit: 186e35d9548779f71a7523f923474e7a20b52197 (patch)
tree: a596b7b5053ed2b66563829fabe9099ccba05242 /core
parent: a1a8a06042e1f420fbdc6ff8cc1abead1d60c2ad (diff)
download: nextcloud-server-186e35d9548779f71a7523f923474e7a20b52197.tar.gz
nextcloud-server-186e35d9548779f71a7523f923474e7a20b52197.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/core/avatar/avatarcontroller.php b/core/avatar/avatarcontroller.php
index e8139aa50ae..e67f4ae8ba0 100644
--- a/core/avatar/avatarcontroller.php
+++ b/core/avatar/avatarcontroller.php
@@ -160,6 +160,9 @@ class AvatarController extends Controller {
 		if (isset($path)) {
 			$path = stripslashes($path);
 			$node = $this->userFolder->get($path);
+			if (!($node instanceof \OCP\Files\File)) {
+				return new DataResponse(['data' => ['message' => $this->l->t('Please select a file.')]], Http::STATUS_OK, $headers);
+			}
 			if ($node->getSize() > 20*1024*1024) {
 				return new DataResponse(
 					['data' => ['message' => $this->l->t('File is too big')]],
author	Roeland Jago Douma <rullzer@owncloud.com>	2016-01-08 10:03:49 +0100
committer	Roeland Jago Douma <rullzer@owncloud.com>	2016-01-08 10:03:49 +0100
commit	186e35d9548779f71a7523f923474e7a20b52197 (patch)
tree	a596b7b5053ed2b66563829fabe9099ccba05242 /core
parent	a1a8a06042e1f420fbdc6ff8cc1abead1d60c2ad (diff)
download	nextcloud-server-186e35d9548779f71a7523f923474e7a20b52197.tar.gz nextcloud-server-186e35d9548779f71a7523f923474e7a20b52197.zip