diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-07-06 11:03:28 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-07-06 11:03:28 +0000 |
| commit | 3850904d467fe0ca6cb8800a75f1b9e233bf8d90 (patch) | |
| tree | 11468d216df86f5ef042e15c14cf6f5da038c41a /mod/profile/actions/iconupload.php | |
| parent | 288e06424b4c375c285d8fff34f9eb7f1b251a1e (diff) | |
| download | elgg-3850904d467fe0ca6cb8800a75f1b9e233bf8d90.tar.gz elgg-3850904d467fe0ca6cb8800a75f1b9e233bf8d90.tar.bz2 | |
* Closes #1104: Edit profile and edit icon links on pulldown menu for editable users.
* Closes #545: Admins are now able to edit profiles and icons of other users.
* CSRF protection added to icon upload and edit code.
* Version bump.
git-svn-id: https://code.elgg.org/elgg/trunk@3387 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/profile/actions/iconupload.php')
| -rw-r--r-- | mod/profile/actions/iconupload.php | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/mod/profile/actions/iconupload.php b/mod/profile/actions/iconupload.php index aec433bbd..3bfbe5ceb 100644 --- a/mod/profile/actions/iconupload.php +++ b/mod/profile/actions/iconupload.php @@ -9,11 +9,21 @@ * @copyright Curverider Ltd 2008-2009
* @link http://elgg.com/
*/
-
+ + gatekeeper(); + action_gatekeeper(); + + $user = page_owner_entity(); + if (!$user) + $user = $_SESSION['user']; +
// If we were given a correct icon
if (
- isloggedin()
+ (isloggedin()) && + ($user) && + ($user->canEdit())
) {
+ $topbar = get_resized_image_from_uploaded_file('profileicon',16,16, true);
$tiny = get_resized_image_from_uploaded_file('profileicon',25,25, true);
@@ -28,40 +38,40 @@ && $tiny !== false) {
$filehandler = new ElggFile();
- $filehandler->owner_guid = $_SESSION['user']->getGUID();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "large.jpg");
+ $filehandler->owner_guid = $user->getGUID();
+ $filehandler->setFilename("profile/" . $user->username . "large.jpg");
$filehandler->open("write");
$filehandler->write($large);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "medium.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "medium.jpg");
$filehandler->open("write");
$filehandler->write($medium);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "small.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "small.jpg");
$filehandler->open("write");
$filehandler->write($small);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "tiny.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "tiny.jpg");
$filehandler->open("write");
$filehandler->write($tiny);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "topbar.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "topbar.jpg");
$filehandler->open("write");
$filehandler->write($topbar);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "master.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "master.jpg");
$filehandler->open("write");
$filehandler->write($master);
$filehandler->close();
- $_SESSION['user']->icontime = time();
+ $user->icontime = time();
system_message(elgg_echo("profile:icon:uploaded"));
- trigger_elgg_event('profileiconupdate',$_SESSION['user']->type,$_SESSION['user']);
+ trigger_elgg_event('profileiconupdate',$user->type,$user);
//add to river
- add_to_river('river/user/default/profileiconupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid);
+ add_to_river('river/user/default/profileiconupdate','update',$user->guid,$user->guid);
} else {
system_message(elgg_echo("profile:icon:notfound"));
@@ -75,7 +85,7 @@ //forward the user back to the upload page to crop
- $url = "mod/profile/editicon.php";
+ $url = "pg/profile/{$user->username}/editicon/";
if (isloggedin()) forward($url);
|