aboutsummaryrefslogtreecommitdiff
path: root/actions/avatar
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2013-05-29 13:13:16 -0400
committerSteve Clay <steve@mrclay.org>2013-05-29 13:13:16 -0400
commitdd9df95001f5293e7a3a93a365c64842fe3650e4 (patch)
tree8f31359b90940a73349f668dd33efd9d5059f0fa /actions/avatar
parent28c43f6c615fba77d81f59e73ef29ba9d58049ea (diff)
downloadelgg-dd9df95001f5293e7a3a93a365c64842fe3650e4.tar.gz
elgg-dd9df95001f5293e7a3a93a365c64842fe3650e4.tar.bz2
Fix avatar edit permissions (by Jerôme Bakker)
Diffstat (limited to 'actions/avatar')
-rw-r--r--actions/avatar/remove.php52
1 files changed, 27 insertions, 25 deletions
diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php
index cd38e456a..9cb40a760 100644
--- a/actions/avatar/remove.php
+++ b/actions/avatar/remove.php
@@ -3,32 +3,34 @@
* Avatar remove action
*/
-$guid = get_input('guid');
-$user = get_entity($guid);
-if ($user) {
- // Delete all icons from diskspace
- $icon_sizes = elgg_get_config('icon_sizes');
- foreach ($icon_sizes as $name => $size_info) {
- $file = new ElggFile();
- $file->owner_guid = $guid;
- $file->setFilename("profile/{$guid}{$name}.jpg");
- $filepath = $file->getFilenameOnFilestore();
- if (!$file->delete()) {
- elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
- }
- }
-
- // Remove crop coords
- unset($user->x1);
- unset($user->x2);
- unset($user->y1);
- unset($user->y2);
-
- // Remove icon
- unset($user->icontime);
- system_message(elgg_echo('avatar:remove:success'));
-} else {
+$user_guid = get_input('guid');
+$user = get_user($user_guid);
+
+if (!$user || !$user->canEdit()) {
register_error(elgg_echo('avatar:remove:fail'));
+ forward(REFERER);
}
+// Delete all icons from diskspace
+$icon_sizes = elgg_get_config('icon_sizes');
+foreach ($icon_sizes as $name => $size_info) {
+ $file = new ElggFile();
+ $file->owner_guid = $user_guid;
+ $file->setFilename("profile/{$user_guid}{$name}.jpg");
+ $filepath = $file->getFilenameOnFilestore();
+ if (!$file->delete()) {
+ elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
+ }
+}
+
+// Remove crop coords
+unset($user->x1);
+unset($user->x2);
+unset($user->y1);
+unset($user->y2);
+
+// Remove icon
+unset($user->icontime);
+
+system_message(elgg_echo('avatar:remove:success'));
forward(REFERER);