1 files changed, 57 insertions, 21 deletions

diff --git a/avatar.php b/avatar.php
index dee162eca7f..a6d6666c623 100644
--- a/avatar.php
+++ b/avatar.php
@@ -12,30 +12,66 @@ if ($mode === "none") {
 	exit();
 }
 
-if (isset($_GET['user'])) {
-	//SECURITY TODO does this fully eliminate directory traversals?
-	$user = stripslashes($_GET['user']);
-} else {
-	$user = false;
-}
+if ($_SERVER['REQUEST_METHOD'] === "GET") {
+	if (isset($_GET['user'])) {
+		//SECURITY TODO does this fully eliminate directory traversals?
+		$user = stripslashes($_GET['user']);
+	} else {
+		$user = false;
+	}
 
-if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) {
-	$size = (int)$_GET['size'];
-	if ($size > 2048) {
-		$size = 2048;
+	if (isset($_GET['size']) && ((int)$_GET['size'] > 0)) {
+		$size = (int)$_GET['size'];
+		if ($size > 2048) {
+			$size = 2048;
+		}
+	} else {
+		$size = 64;
 	}
-} else {
-	$size = 64;
-}
 
+	$image = \OC_Avatar::get($user, $size);
+
+	if ($image instanceof \OC_Image) {
+		$image->show();
+	} elseif (is_string($image)) { // Gravatar alike services
+		header("Location: ".$image);
+	} else {
+		$image = \OC_Avatar::getDefaultAvatar($user, $size);
+		$image->show();
+	}
+} elseif ($_SERVER['REQUEST_METHOD'] === "POST") {
+	$user = OC_User::getUser();
+
+	// Select an image from own files
+	if (isset($_POST['path'])) {
+		//SECURITY TODO FIXME possible directory traversal here
+		$path = $_POST['path'];
+		$avatar = OC::$SERVERROOT.'/data/'.$user.'/files'.$path;
+	}
+	// Upload a new image
+	elseif (!empty($_FILES)) {
+		$files = $_FILES['files'];
+		if ($files['error'][0] === 0) {
+			$avatar = file_get_contents($files['tmp_name'][0]);
+			unlink($files['tmp_name'][0]);
+		}
+	} else {
+	        OC_JSON::error();
+	}
 
-$image = \OC_Avatar::get($user, $size);
+	try {
+		\OC_Avatar::setLocalAvatar($user, $avatar);
+		OC_JSON::success();
+	} catch (\Exception $e) {
+		OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
+	}
+} elseif ($_SERVER['REQUEST_METHOD'] === "DELETE") {
+	$user = OC_User::getUser();
 
-if ($image instanceof \OC_Image) {
-	$image->show();
-} elseif (is_string($image)) { // Gravatar alike services
-	header("Location: ".$image);
-} else {
-	$image = \OC_Avatar::getDefaultAvatar($user, $size);
-	$image->show();
+	try {
+		\OC_Avatar::setLocalAvatar($user, false);
+		OC_JSON::success();
+	} catch (\Exception $e) {
+		OC_JSON::error(array("data" => array ("message" => $e->getMessage()) ));
+	}
 }