fix profile image moderation
This commit is contained in:
parent
66f6b9a40d
commit
0602d7f109
3 changed files with 13 additions and 41 deletions
|
|
@ -55,7 +55,6 @@ class FileController extends Controller
|
||||||
*/
|
*/
|
||||||
private function upload(string $mode, array $file, User $user): void
|
private function upload(string $mode, array $file, User $user): void
|
||||||
{
|
{
|
||||||
// Handle errors
|
|
||||||
switch ($file['error']) {
|
switch ($file['error']) {
|
||||||
case UPLOAD_ERR_OK:
|
case UPLOAD_ERR_OK:
|
||||||
break;
|
break;
|
||||||
|
|
@ -76,24 +75,13 @@ class FileController extends Controller
|
||||||
throw new FileException("Something prevented the file upload!");
|
throw new FileException("Something prevented the file upload!");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the temp filename
|
|
||||||
$tmpName = $file['tmp_name'];
|
$tmpName = $file['tmp_name'];
|
||||||
|
|
||||||
// Get the image meta data
|
|
||||||
$meta = getimagesize($tmpName);
|
$meta = getimagesize($tmpName);
|
||||||
|
|
||||||
// Check if image
|
if (!$meta || !in_array($meta[2], [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG], true)) {
|
||||||
if (!$meta
|
|
||||||
|| (
|
|
||||||
$meta[2] !== IMAGETYPE_GIF
|
|
||||||
&& $meta[2] !== IMAGETYPE_JPEG
|
|
||||||
&& $meta[2] !== IMAGETYPE_PNG
|
|
||||||
)
|
|
||||||
) {
|
|
||||||
throw new FileException("Please upload a valid image!");
|
throw new FileException("Please upload a valid image!");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check dimensions
|
|
||||||
$maxWidth = config("file.{$mode}.max_width");
|
$maxWidth = config("file.{$mode}.max_width");
|
||||||
$maxHeight = config("file.{$mode}.max_height");
|
$maxHeight = config("file.{$mode}.max_height");
|
||||||
|
|
||||||
|
|
@ -112,20 +100,12 @@ class FileController extends Controller
|
||||||
throw new FileException("Your image is not allowed to be larger than {$maxSizeFmt}!");
|
throw new FileException("Your image is not allowed to be larger than {$maxSizeFmt}!");
|
||||||
}
|
}
|
||||||
|
|
||||||
$userId = $user->id;
|
|
||||||
$ext = image_type_to_extension($meta[2]);
|
$ext = image_type_to_extension($meta[2]);
|
||||||
|
$filename = "{$mode}_{$user->id}{$ext}";
|
||||||
$filename = "{$mode}_{$userId}{$ext}";
|
|
||||||
|
|
||||||
// Create the file
|
|
||||||
$file = File::create(file_get_contents($tmpName), $filename, $user);
|
$file = File::create(file_get_contents($tmpName), $filename, $user);
|
||||||
|
|
||||||
// Delete the old file
|
|
||||||
$this->delete($mode, $user);
|
$this->delete($mode, $user);
|
||||||
|
|
||||||
$column = "user_{$mode}";
|
$column = "user_{$mode}";
|
||||||
|
|
||||||
// Save new avatar
|
|
||||||
DB::table('users')
|
DB::table('users')
|
||||||
->where('user_id', $user->id)
|
->where('user_id', $user->id)
|
||||||
->update([
|
->update([
|
||||||
|
|
@ -164,11 +144,9 @@ class FileController extends Controller
|
||||||
if (session_check()) {
|
if (session_check()) {
|
||||||
$perm_var = "change" . ucfirst(strtolower($method));
|
$perm_var = "change" . ucfirst(strtolower($method));
|
||||||
|
|
||||||
if (!CurrentSession::$user->perms->manageProfileImages
|
if (($user->id !== CurrentSession::$user->id || !$user->activated
|
||||||
&& ($user->id !== CurrentSession::$user->id
|
|| $user->restricted || !$user->perms->{$perm_var})
|
||||||
|| !$user->perms->{$perm_var}
|
&& !CurrentSession::$user->perms->manageProfileImages
|
||||||
|| !$user->activated
|
|
||||||
|| $user->restricted)
|
|
||||||
) {
|
) {
|
||||||
throw new HttpMethodNotAllowedException;
|
throw new HttpMethodNotAllowedException;
|
||||||
}
|
}
|
||||||
|
|
@ -189,20 +167,14 @@ class FileController extends Controller
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$noFile = path('public/' . str_replace(
|
$no_file = path('public/' . str_replace('%tplname%', Template::$name, config("user.{$method}_none")));
|
||||||
'%tplname%',
|
|
||||||
Template::$name,
|
|
||||||
config("user.{$method}_none")
|
|
||||||
));
|
|
||||||
$none = [
|
$none = [
|
||||||
'name' => basename($noFile),
|
'name' => basename($no_file),
|
||||||
'data' => file_get_contents($noFile),
|
'data' => file_get_contents($no_file),
|
||||||
'mime' => getimagesize($noFile)['mime'],
|
'mime' => getimagesize($no_file)['mime'],
|
||||||
];
|
];
|
||||||
|
|
||||||
if (!$user->activated
|
if (!$user->activated || $user->restricted || !$user->{$method}) {
|
||||||
|| $user->restricted
|
|
||||||
|| !$user->{$method}) {
|
|
||||||
return $this->serve($none['data'], $none['mime'], $none['name']);
|
return $this->serve($none['data'], $none['mime'], $none['name']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
<h1>Background</h1>
|
<h1>Background</h1>
|
||||||
<form enctype="multipart/form-data" method="post" action="{{ route('user.background', user.id) }}" style="margin: 1em">
|
<form enctype="multipart/form-data" method="post" action="{{ route('user.background', profile.id) }}" style="margin: 1em">
|
||||||
<input type="hidden" name="MAX_FILE_SIZE" value="{{ config('file.background.max_file_size') }}">
|
<input type="hidden" name="MAX_FILE_SIZE" value="{{ config('file.background.max_file_size') }}">
|
||||||
<input type="hidden" name="session" value="{{ session_id() }}">
|
<input type="hidden" name="session" value="{{ session_id() }}">
|
||||||
<input type="file" name="file">
|
<input type="file" name="file">
|
||||||
|
|
|
||||||
|
|
@ -188,12 +188,12 @@
|
||||||
<div class="profile__container">
|
<div class="profile__container">
|
||||||
<div class="profile__header" style="background-image: url({{ route('user.header', profile.id) }});">
|
<div class="profile__header" style="background-image: url({{ route('user.header', profile.id) }});">
|
||||||
<label class="uploader__label">
|
<label class="uploader__label">
|
||||||
<input type="file" data-target="{{ route('user.header', user.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
<input type="file" data-target="{{ route('user.header', profile.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
||||||
</label>
|
</label>
|
||||||
<div class="profile__info">
|
<div class="profile__info">
|
||||||
<div class="avatar avatar--border profile__avatar" style="background-image: url({{ route('user.avatar', profile.id) }}); box-shadow: 0 0 5px #{% if profile.isOnline %}484{% else %}844{% endif %};">
|
<div class="avatar avatar--border profile__avatar" style="background-image: url({{ route('user.avatar', profile.id) }}); box-shadow: 0 0 5px #{% if profile.isOnline %}484{% else %}844{% endif %};">
|
||||||
<label class="uploader__label">
|
<label class="uploader__label">
|
||||||
<input type="file" data-target="{{ route('user.avatar', user.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
<input type="file" data-target="{{ route('user.avatar', profile.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="profile__username">
|
<div class="profile__username">
|
||||||
|
|
|
||||||
Reference in a new issue