diff options
| -rw-r--r-- | lib/avatar.php | 6 | ||||
| -rw-r--r-- | settings/ajax/newavatar.php | 38 | ||||
| -rw-r--r-- | settings/js/personal.js | 17 |
3 files changed, 37 insertions, 24 deletions
diff --git a/lib/avatar.php b/lib/avatar.php index 1ee1e5e742f..49c82709154 100644 --- a/lib/avatar.php +++ b/lib/avatar.php @@ -65,11 +65,13 @@ class OC_Avatar { $type = substr($img->mimeType(), -3); if ($type === 'peg') { $type = 'jpg'; } if ($type !== 'jpg' && $type !== 'png') { - throw new Exception("Unknown filetype for avatar"); + $l = \OC_L10N::get('lib'); + throw new \Exception($l->t("Unknown filetype for avatar")); } if (!( $img->valid() && ($img->height() === $img->width()) )) { - throw new Exception("Invalid image, or the provided image is not square"); + $l = \OC_L10N::get('lib'); + throw new \Exception($l->t("Invalid image, or the provided image is not square")); } $view->unlink('avatar.jpg'); diff --git a/settings/ajax/newavatar.php b/settings/ajax/newavatar.php index bede15e499d..126f3283fb3 100644 --- a/settings/ajax/newavatar.php +++ b/settings/ajax/newavatar.php @@ -4,28 +4,30 @@ OC_JSON::checkLoggedIn(); OC_JSON::callCheck(); $user = OC_User::getUser(); -if(isset($_POST['path'])) { - if ($_POST['path'] === "false") { // delete avatar - \OC_Avatar::setLocalAvatar($user, false); - } else { // select an image from own files - try { - $path = OC::$SERVERROOT.'/data/'.$user.'/files'.$_POST['path']; - \OC_Avatar::setLocalAvatar($user, $path); - OC_JSON::success(); - } catch (Exception $e) { - OC_JSON::error(array("msg" => $e->getMessage())); - } - } -} elseif (!empty($_FILES)) { // upload a new image +// Delete avatar +if (isset($_POST['path']) && $_POST['path'] === "false") { + $avatar = false; +} +// Select an image from own files +elseif (isset($_POST['path'])) { + //SECURITY TODO FIXME possible directory traversal here + $path = $_POST['path']; + $avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path; +} +// Upload a new image +elseif (!empty($_FILES)) { $files = $_FILES['files']; if ($files['error'][0] === 0) { - $data = file_get_contents($files['tmp_name'][0]); - \OC_Avatar::setLocalAvatar($user, $data); + $avatar = file_get_contents($files['tmp_name'][0]); unlink($files['tmp_name'][0]); - OC_JSON::success(); - } else { - OC_JSON::error(); } } else { OC_JSON::error(); } + +try { + \OC_Avatar::setLocalAvatar($user, $avatar); + OC_JSON::success(); +} catch (\Exception $e) { + OC_JSON::error(array("data" => array ("message" => $e->getMessage()) )); +} diff --git a/settings/js/personal.js b/settings/js/personal.js index 5d4422e48d7..ae939aaa9e6 100644 --- a/settings/js/personal.js +++ b/settings/js/personal.js @@ -45,8 +45,13 @@ function changeDisplayName(){ } function selectAvatar (path) { - $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}); - updateAvatar(); + $.post(OC.filePath('settings', 'ajax', 'newavatar.php'), {path: path}, function(data) { + if (data.status === "success") { + updateAvatar(); + } else { + OC.dialogs.alert(data.data.message, t('core', "Error")); + } + }); } function updateAvatar () { @@ -143,8 +148,12 @@ $(document).ready(function(){ }); var uploadparms = { - done: function(e) { - updateAvatar(); + done: function(e, data) { + if (data.result.status === "success") { + updateAvatar(); + } else { + OC.dialogs.alert(data.result.data.message, t('core', "Error")); + } } }; |