diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-22 21:53:48 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-22 21:53:48 +0000 |
commit | be37104ac63cd25f2eac831ca03d6d2b19976e1c (patch) | |
tree | 5b168134f2b07933831daedd8cf2641ffb6c5c7d /mod/profile/icondirect.php | |
parent | d45a24be28b2eb2d0c2731708b589788a5b87215 (diff) | |
download | elgg-be37104ac63cd25f2eac831ca03d6d2b19976e1c.tar.gz elgg-be37104ac63cd25f2eac831ca03d6d2b19976e1c.tar.bz2 |
Merged r6684:6694 from 1.7 branch to trunk (pages plugin was manually merged due to standardization of code in trunk but not branch)
git-svn-id: http://code.elgg.org/elgg/trunk@6848 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/profile/icondirect.php')
-rw-r--r-- | mod/profile/icondirect.php | 20 |
1 files changed, 3 insertions, 17 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index 8a46786ab..c84955fa5 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -16,8 +16,6 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); global $CONFIG; - -$username = $_GET['username']; $joindate = (int)$_GET['joindate']; $guid = (int)$_GET['guid']; @@ -26,20 +24,6 @@ if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) { $size = "medium"; } -// security check on username string -if ( (strpos($username, '/')!==false) || - (strpos($username, '\\')!==false) || - (strpos($username, '"')!==false) || - (strpos($username, '\'')!==false) || - (strpos($username, '*')!==false) || - (strpos($username, '&')!==false) || - (strpos($username, ' ')!==false) ) { - // these characters are not allowed in usernames - exit; -} - - - $mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true); if ($mysql_dblink) { if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) { @@ -65,7 +49,7 @@ if ($mysql_dblink) { // first try to read icon directly $user_path = date('Y/m/d/', $joindate) . $guid; - $filename = $dataroot . $user_path . "/profile/" . $username . $size . ".jpg"; + $filename = "$dataroot$user_path/profile/{$guid}{$size}.jpg"; $contents = @file_get_contents($filename); if (!empty($contents)) { header("Content-type: image/jpeg"); @@ -86,4 +70,6 @@ if ($mysql_dblink) { // simplecache is not turned on or something went wrong so load engine and try that way require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); +$user = get_entity($guid); +set_input('username', $user->username); require_once(dirname(__FILE__).'/icon.php'); |