diff options
author | kondou <kondou@ts.unde.re> | 2013-08-12 14:58:35 +0200 |
---|---|---|
committer | kondou <kondou@ts.unde.re> | 2013-08-25 21:05:40 +0200 |
commit | 9500109349f94546e4b43f6af755b20064ee9a64 (patch) | |
tree | 91eee719482f23de10b586474d660fc696b01093 /settings | |
parent | 33827d690e8fd94eed3d4cedeac9bb37260e6c1a (diff) | |
download | nextcloud-server-9500109349f94546e4b43f6af755b20064ee9a64.tar.gz nextcloud-server-9500109349f94546e4b43f6af755b20064ee9a64.zip |
Refactor newavatar.php and show (for now) an alert on problems when setting new avatars
Diffstat (limited to 'settings')
-rw-r--r-- | settings/ajax/newavatar.php | 38 | ||||
-rw-r--r-- | settings/js/personal.js | 17 |
2 files changed, 33 insertions, 22 deletions
diff --git a/settings/ajax/newavatar.php b/settings/ajax/newavatar.php index bede15e499d..126f3283fb3 100644 --- a/settings/ajax/newavatar.php +++ b/settings/ajax/newavatar.php @@ -4,28 +4,30 @@ OC_JSON::checkLoggedIn(); OC_JSON::callCheck(); $user = OC_User::getUser(); -if(isset($_POST['path'])) { - if ($_POST['path'] === "false") { // delete avatar - \OC_Avatar::setLocalAvatar($user, false); - } else { // select an image from own files - try { - $path = OC::$SERVERROOT.'/data/'.$user.'/files'.$_POST['path']; - \OC_Avatar::setLocalAvatar($user, $path); - OC_JSON::success(); - } catch (Exception $e) { - OC_JSON::error(array("msg" => $e->getMessage())); - } - } -} elseif (!empty($_FILES)) { // upload a new image +// Delete avatar +if (isset($_POST['path']) && $_POST['path'] === "false") { + $avatar = false; +} +// Select an image from own files +elseif (isset($_POST['path'])) { + //SECURITY TODO FIXME possible directory traversal here + $path = $_POST['path']; + $avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path; +} +// Upload a new image +elseif (!empty($_FILES)) { $files = $_FILES['files']; if ($files['error'][0] === 0) { - $data = file_get_contents($files['tmp_name'][0]); - \OC_Avatar::setLocalAvatar($user, $data); + $avatar = file_get_contents($files['tmp_name'][0]); unlink($files['tmp_name'][0]); - OC_JSON::success(); - } else { - OC_JSON::error(); } } else { OC_JSON::error(); } + +try { + \OC_Avatar::setLocalAvatar($user, $avatar); + OC_JSON::success(); +} catch (\Exception $e) { + OC_JSON::error(array("data" => array ("message" => $e->getMessage()) )); +} diff --git a/settings/js/personal.js b/settings/js/personal.js index 5d4422e48d7..ae939aaa9e6 100644 --- a/settings/js/personal.js +++ b/settings/js/personal.js @@ -45,8 +45,13 @@ function changeDisplayName(){ } function selectAvatar (path) { - $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}); - updateAvatar(); + $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}, function(data) { + if (data.status === "success") { + updateAvatar(); + } else { + OC.dialogs.alert(data.data.message, t('core', "Error")); + } + }); } function updateAvatar () { @@ -143,8 +148,12 @@ $(document).ready(function(){ }); var uploadparms = { - done: function(e) { - updateAvatar(); + done: function(e, data) { + if (data.result.status === "success") { + updateAvatar(); + } else { + OC.dialogs.alert(data.result.data.message, t('core', "Error")); + } } }; |