diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2016-10-18 20:26:53 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-18 20:26:53 +0200 |
| commit | 3c698c8c7cd3630f7338338fd25db7279434a777 (patch) | |
| tree | 828c4ca85532834636101276661299146ca31cae /core | |
| parent | 0c8bd9fa4937201dc6b8b70ea0f4af26721e1cc6 (diff) | |
| parent | 9c3e855812454b3d0367f251e9940a53f687a4e0 (diff) | |
| download | nextcloud-server-3c698c8c7cd3630f7338338fd25db7279434a777.tar.gz nextcloud-server-3c698c8c7cd3630f7338338fd25db7279434a777.zip | |
Merge pull request #1164 from nextcloud/avatar-files-accesscontrol-fixes
Avatar/file-picker fixes for access-control app
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/AvatarController.php | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/core/Controller/AvatarController.php b/core/Controller/AvatarController.php index b27d1182225..c6f320dd0fe 100644 --- a/core/Controller/AvatarController.php +++ b/core/Controller/AvatarController.php @@ -189,7 +189,22 @@ class AvatarController extends Controller { Http::STATUS_BAD_REQUEST ); } - $content = $node->getContent(); + + if ($node->getMimeType() !== 'image/jpeg' && $node->getMimeType() !== 'image/png') { + return new JSONResponse( + ['data' => ['message' => $this->l->t('The selected file is not an image.')]], + Http::STATUS_BAD_REQUEST + ); + } + + try { + $content = $node->getContent(); + } catch (\OCP\Files\NotPermittedException $e) { + return new JSONResponse( + ['data' => ['message' => $this->l->t('The selected file cannot be read.')]], + Http::STATUS_BAD_REQUEST + ); + } } elseif (!is_null($files)) { if ( $files['error'][0] === 0 && |