summaryrefslogtreecommitdiffstats
path: root/settings
diff options
context:
space:
mode:
authorkondou <kondou@ts.unde.re>2013-08-12 14:58:35 +0200
committerkondou <kondou@ts.unde.re>2013-08-25 21:05:40 +0200
commit9500109349f94546e4b43f6af755b20064ee9a64 (patch)
tree91eee719482f23de10b586474d660fc696b01093 /settings
parent33827d690e8fd94eed3d4cedeac9bb37260e6c1a (diff)
downloadnextcloud-server-9500109349f94546e4b43f6af755b20064ee9a64.tar.gz
nextcloud-server-9500109349f94546e4b43f6af755b20064ee9a64.zip
Refactor newavatar.php and show (for now) an alert on problems when setting new avatars
Diffstat (limited to 'settings')
-rw-r--r--settings/ajax/newavatar.php38
-rw-r--r--settings/js/personal.js17
2 files changed, 33 insertions, 22 deletions
diff --git a/settings/ajax/newavatar.php b/settings/ajax/newavatar.php
index bede15e499d..126f3283fb3 100644
--- a/settings/ajax/newavatar.php
+++ b/settings/ajax/newavatar.php
@@ -4,28 +4,30 @@ OC_JSON::checkLoggedIn();
OC_JSON::callCheck();
$user = OC_User::getUser();
-if(isset($_POST['path'])) {
- if ($_POST['path'] === "false") { // delete avatar
- \OC_Avatar::setLocalAvatar($user, false);
- } else { // select an image from own files
- try {
- $path = OC::$SERVERROOT.'/data/'.$user.'/files'.$_POST['path'];
- \OC_Avatar::setLocalAvatar($user, $path);
- OC_JSON::success();
- } catch (Exception $e) {
- OC_JSON::error(array("msg" => $e->getMessage()));
- }
- }
-} elseif (!empty($_FILES)) { // upload a new image
+// Delete avatar
+if (isset($_POST['path']) && $_POST['path'] === "false") {
+ $avatar = false;
+}
+// Select an image from own files
+elseif (isset($_POST['path'])) {
+ //SECURITY TODO FIXME possible directory traversal here
+ $path = $_POST['path'];
+ $avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;
+}
+// Upload a new image
+elseif (!empty($_FILES)) {
$files = $_FILES['files'];
if ($files['error'][0] === 0) {
- $data = file_get_contents($files['tmp_name'][0]);
- \OC_Avatar::setLocalAvatar($user, $data);
+ $avatar = file_get_contents($files['tmp_name'][0]);
unlink($files['tmp_name'][0]);
- OC_JSON::success();
- } else {
- OC_JSON::error();
}
} else {
OC_JSON::error();
}
+
+try {
+ \OC_Avatar::setLocalAvatar($user, $avatar);
+ OC_JSON::success();
+} catch (\Exception $e) {
+ OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
+}
diff --git a/settings/js/personal.js b/settings/js/personal.js
index 5d4422e48d7..ae939aaa9e6 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -45,8 +45,13 @@ function changeDisplayName(){
}
function selectAvatar (path) {
- $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path});
- updateAvatar();
+ $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}, function(data) {
+ if (data.status === "success") {
+ updateAvatar();
+ } else {
+ OC.dialogs.alert(data.data.message, t('core', "Error"));
+ }
+ });
}
function updateAvatar () {
@@ -143,8 +148,12 @@ $(document).ready(function(){
});
var uploadparms = {
- done: function(e) {
- updateAvatar();
+ done: function(e, data) {
+ if (data.result.status === "success") {
+ updateAvatar();
+ } else {
+ OC.dialogs.alert(data.result.data.message, t('core', "Error"));
+ }
}
};