From 0602d7f109f18a7a7ba7f34bd42abf5dd9e94319 Mon Sep 17 00:00:00 2001 From: flashwave Date: Wed, 7 Dec 2016 15:17:19 +0100 Subject: [PATCH] fix profile image moderation --- app/Controllers/FileController.php | 48 +++++------------------ resources/views/yuuno/profile/images.twig | 2 +- resources/views/yuuno/user/profile.twig | 4 +- 3 files changed, 13 insertions(+), 41 deletions(-) diff --git a/app/Controllers/FileController.php b/app/Controllers/FileController.php index 2e56540..d8179ab 100644 --- a/app/Controllers/FileController.php +++ b/app/Controllers/FileController.php @@ -55,7 +55,6 @@ class FileController extends Controller */ private function upload(string $mode, array $file, User $user): void { - // Handle errors switch ($file['error']) { case UPLOAD_ERR_OK: break; @@ -76,24 +75,13 @@ class FileController extends Controller throw new FileException("Something prevented the file upload!"); } - // Get the temp filename $tmpName = $file['tmp_name']; - - // Get the image meta data $meta = getimagesize($tmpName); - // Check if image - if (!$meta - || ( - $meta[2] !== IMAGETYPE_GIF - && $meta[2] !== IMAGETYPE_JPEG - && $meta[2] !== IMAGETYPE_PNG - ) - ) { + if (!$meta || !in_array($meta[2], [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG], true)) { throw new FileException("Please upload a valid image!"); } - // Check dimensions $maxWidth = config("file.{$mode}.max_width"); $maxHeight = config("file.{$mode}.max_height"); @@ -112,20 +100,12 @@ class FileController extends Controller throw new FileException("Your image is not allowed to be larger than {$maxSizeFmt}!"); } - $userId = $user->id; $ext = image_type_to_extension($meta[2]); - - $filename = "{$mode}_{$userId}{$ext}"; - - // Create the file + $filename = "{$mode}_{$user->id}{$ext}"; $file = File::create(file_get_contents($tmpName), $filename, $user); - - // Delete the old file $this->delete($mode, $user); - $column = "user_{$mode}"; - // Save new avatar DB::table('users') ->where('user_id', $user->id) ->update([ @@ -164,11 +144,9 @@ class FileController extends Controller if (session_check()) { $perm_var = "change" . ucfirst(strtolower($method)); - if (!CurrentSession::$user->perms->manageProfileImages - && ($user->id !== CurrentSession::$user->id - || !$user->perms->{$perm_var} - || !$user->activated - || $user->restricted) + if (($user->id !== CurrentSession::$user->id || !$user->activated + || $user->restricted || !$user->perms->{$perm_var}) + && !CurrentSession::$user->perms->manageProfileImages ) { throw new HttpMethodNotAllowedException; } @@ -189,20 +167,14 @@ class FileController extends Controller } } - $noFile = path('public/' . str_replace( - '%tplname%', - Template::$name, - config("user.{$method}_none") - )); + $no_file = path('public/' . str_replace('%tplname%', Template::$name, config("user.{$method}_none"))); $none = [ - 'name' => basename($noFile), - 'data' => file_get_contents($noFile), - 'mime' => getimagesize($noFile)['mime'], + 'name' => basename($no_file), + 'data' => file_get_contents($no_file), + 'mime' => getimagesize($no_file)['mime'], ]; - if (!$user->activated - || $user->restricted - || !$user->{$method}) { + if (!$user->activated || $user->restricted || !$user->{$method}) { return $this->serve($none['data'], $none['mime'], $none['name']); } diff --git a/resources/views/yuuno/profile/images.twig b/resources/views/yuuno/profile/images.twig index dd00547..f487ce6 100644 --- a/resources/views/yuuno/profile/images.twig +++ b/resources/views/yuuno/profile/images.twig @@ -1,5 +1,5 @@

Background

-
+ diff --git a/resources/views/yuuno/user/profile.twig b/resources/views/yuuno/user/profile.twig index 558864f..bab8a87 100644 --- a/resources/views/yuuno/user/profile.twig +++ b/resources/views/yuuno/user/profile.twig @@ -188,12 +188,12 @@