fix profile image moderation
This commit is contained in:
parent
66f6b9a40d
commit
0602d7f109
3 changed files with 13 additions and 41 deletions
|
|
@ -55,7 +55,6 @@ class FileController extends Controller
|
|||
*/
|
||||
private function upload(string $mode, array $file, User $user): void
|
||||
{
|
||||
// Handle errors
|
||||
switch ($file['error']) {
|
||||
case UPLOAD_ERR_OK:
|
||||
break;
|
||||
|
|
@ -76,24 +75,13 @@ class FileController extends Controller
|
|||
throw new FileException("Something prevented the file upload!");
|
||||
}
|
||||
|
||||
// Get the temp filename
|
||||
$tmpName = $file['tmp_name'];
|
||||
|
||||
// Get the image meta data
|
||||
$meta = getimagesize($tmpName);
|
||||
|
||||
// Check if image
|
||||
if (!$meta
|
||||
|| (
|
||||
$meta[2] !== IMAGETYPE_GIF
|
||||
&& $meta[2] !== IMAGETYPE_JPEG
|
||||
&& $meta[2] !== IMAGETYPE_PNG
|
||||
)
|
||||
) {
|
||||
if (!$meta || !in_array($meta[2], [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG], true)) {
|
||||
throw new FileException("Please upload a valid image!");
|
||||
}
|
||||
|
||||
// Check dimensions
|
||||
$maxWidth = config("file.{$mode}.max_width");
|
||||
$maxHeight = config("file.{$mode}.max_height");
|
||||
|
||||
|
|
@ -112,20 +100,12 @@ class FileController extends Controller
|
|||
throw new FileException("Your image is not allowed to be larger than {$maxSizeFmt}!");
|
||||
}
|
||||
|
||||
$userId = $user->id;
|
||||
$ext = image_type_to_extension($meta[2]);
|
||||
|
||||
$filename = "{$mode}_{$userId}{$ext}";
|
||||
|
||||
// Create the file
|
||||
$filename = "{$mode}_{$user->id}{$ext}";
|
||||
$file = File::create(file_get_contents($tmpName), $filename, $user);
|
||||
|
||||
// Delete the old file
|
||||
$this->delete($mode, $user);
|
||||
|
||||
$column = "user_{$mode}";
|
||||
|
||||
// Save new avatar
|
||||
DB::table('users')
|
||||
->where('user_id', $user->id)
|
||||
->update([
|
||||
|
|
@ -164,11 +144,9 @@ class FileController extends Controller
|
|||
if (session_check()) {
|
||||
$perm_var = "change" . ucfirst(strtolower($method));
|
||||
|
||||
if (!CurrentSession::$user->perms->manageProfileImages
|
||||
&& ($user->id !== CurrentSession::$user->id
|
||||
|| !$user->perms->{$perm_var}
|
||||
|| !$user->activated
|
||||
|| $user->restricted)
|
||||
if (($user->id !== CurrentSession::$user->id || !$user->activated
|
||||
|| $user->restricted || !$user->perms->{$perm_var})
|
||||
&& !CurrentSession::$user->perms->manageProfileImages
|
||||
) {
|
||||
throw new HttpMethodNotAllowedException;
|
||||
}
|
||||
|
|
@ -189,20 +167,14 @@ class FileController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
$noFile = path('public/' . str_replace(
|
||||
'%tplname%',
|
||||
Template::$name,
|
||||
config("user.{$method}_none")
|
||||
));
|
||||
$no_file = path('public/' . str_replace('%tplname%', Template::$name, config("user.{$method}_none")));
|
||||
$none = [
|
||||
'name' => basename($noFile),
|
||||
'data' => file_get_contents($noFile),
|
||||
'mime' => getimagesize($noFile)['mime'],
|
||||
'name' => basename($no_file),
|
||||
'data' => file_get_contents($no_file),
|
||||
'mime' => getimagesize($no_file)['mime'],
|
||||
];
|
||||
|
||||
if (!$user->activated
|
||||
|| $user->restricted
|
||||
|| !$user->{$method}) {
|
||||
if (!$user->activated || $user->restricted || !$user->{$method}) {
|
||||
return $this->serve($none['data'], $none['mime'], $none['name']);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<h1>Background</h1>
|
||||
<form enctype="multipart/form-data" method="post" action="{{ route('user.background', user.id) }}" style="margin: 1em">
|
||||
<form enctype="multipart/form-data" method="post" action="{{ route('user.background', profile.id) }}" style="margin: 1em">
|
||||
<input type="hidden" name="MAX_FILE_SIZE" value="{{ config('file.background.max_file_size') }}">
|
||||
<input type="hidden" name="session" value="{{ session_id() }}">
|
||||
<input type="file" name="file">
|
||||
|
|
|
|||
|
|
@ -188,12 +188,12 @@
|
|||
<div class="profile__container">
|
||||
<div class="profile__header" style="background-image: url({{ route('user.header', profile.id) }});">
|
||||
<label class="uploader__label">
|
||||
<input type="file" data-target="{{ route('user.header', user.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
||||
<input type="file" data-target="{{ route('user.header', profile.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
||||
</label>
|
||||
<div class="profile__info">
|
||||
<div class="avatar avatar--border profile__avatar" style="background-image: url({{ route('user.avatar', profile.id) }}); box-shadow: 0 0 5px #{% if profile.isOnline %}484{% else %}844{% endif %};">
|
||||
<label class="uploader__label">
|
||||
<input type="file" data-target="{{ route('user.avatar', user.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
||||
<input type="file" data-target="{{ route('user.avatar', profile.id) }}" class="uploader" onchange="handleImageChange(this, this.parentElement.parentElement)">
|
||||
</label>
|
||||
</div>
|
||||
<div class="profile__username">
|
||||
|
|
|
|||
Reference in a new issue