context->hasActiveBan($assetUser) || ( $this->context->isLoggedIn() && parse_url($request->getHeaderFirstLine('Referer'), PHP_URL_PATH) === url('user-profile') && perms_check_user(MSZ_PERMS_USER, $this->context->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_USERS) ); } private function serveUserAsset($response, $request, UserImageAssetInterface $assetInfo): void { $contentType = $assetInfo->getMimeType(); $publicPath = $assetInfo->getPublicPath(); $fileName = $assetInfo->getFileName(); if($assetInfo instanceof UserAssetScalableInterface) { $dimensions = (int)($request->getParam('res', FILTER_SANITIZE_NUMBER_INT) ?? $request->getParam('r', FILTER_SANITIZE_NUMBER_INT)); if($dimensions > 0) { $assetInfo->ensureScaledExists($dimensions); $contentType = $assetInfo->getScaledMimeType($dimensions); $publicPath = $assetInfo->getPublicScaledPath($dimensions); $fileName = $assetInfo->getScaledFileName($dimensions); } } $response->accelRedirect($publicPath); $response->setContentType($contentType); $response->setFileName($fileName, false); } public function serveAvatar($response, $request, string $fileName) { $userId = pathinfo($fileName, PATHINFO_FILENAME); $type = pathinfo($fileName, PATHINFO_EXTENSION); if($type !== '' && $type !== 'png') return 404; $assetInfo = new StaticUserImageAsset(MSZ_PUBLIC . '/images/no-avatar.png', MSZ_PUBLIC); try { $userInfo = $this->context->getUsers()->getUser($userId, 'id'); if(!$this->canViewAsset($request, $userInfo)) { $assetInfo = new StaticUserImageAsset(MSZ_PUBLIC . '/images/banned-avatar.png', MSZ_PUBLIC); } else { $userAssetInfo = new UserAvatarAsset($userInfo); if($userAssetInfo->isPresent()) $assetInfo = $userAssetInfo; } } catch(RuntimeException $ex) {} $this->serveUserAsset($response, $request, $assetInfo); } public function serveProfileBackground($response, $request, string $fileName) { $userId = pathinfo($fileName, PATHINFO_FILENAME); $type = pathinfo($fileName, PATHINFO_EXTENSION); if($type !== '' && $type !== 'png') return 404; try { $userInfo = $this->context->getUsers()->getUser($userId, 'id'); } catch(RuntimeException $ex) {} if(!empty($userInfo)) { $userAssetInfo = new UserBackgroundAsset($userInfo); if($userAssetInfo->isPresent() && $this->canViewAsset($request, $userInfo)) $assetInfo = $userAssetInfo; } if(!isset($assetInfo)) { $response->setContent(''); return 404; } $this->serveUserAsset($response, $request, $assetInfo); } public function serveLegacy($response, $request) { $assetUserId = $request->getParam('u', FILTER_SANITIZE_NUMBER_INT); switch($request->getParam('m')) { case 'avatar': $this->serveAvatar($response, $request, $assetUserId); return; case 'background': $this->serveProfileBackground($response, $request, $assetUserId); return; } $response->setContent(''); return 404; } }