aboutsummaryrefslogtreecommitdiff
path: root/mod/profile/icondirect.php
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-08-22 21:53:48 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-08-22 21:53:48 +0000
commitbe37104ac63cd25f2eac831ca03d6d2b19976e1c (patch)
tree5b168134f2b07933831daedd8cf2641ffb6c5c7d /mod/profile/icondirect.php
parentd45a24be28b2eb2d0c2731708b589788a5b87215 (diff)
downloadelgg-be37104ac63cd25f2eac831ca03d6d2b19976e1c.tar.gz
elgg-be37104ac63cd25f2eac831ca03d6d2b19976e1c.tar.bz2
Merged r6684:6694 from 1.7 branch to trunk (pages plugin was manually merged due to standardization of code in trunk but not branch)
git-svn-id: http://code.elgg.org/elgg/trunk@6848 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/profile/icondirect.php')
-rw-r--r--mod/profile/icondirect.php20
1 files changed, 3 insertions, 17 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index 8a46786ab..c84955fa5 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -16,8 +16,6 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
global $CONFIG;
-
-$username = $_GET['username'];
$joindate = (int)$_GET['joindate'];
$guid = (int)$_GET['guid'];
@@ -26,20 +24,6 @@ if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) {
$size = "medium";
}
-// security check on username string
-if ( (strpos($username, '/')!==false) ||
- (strpos($username, '\\')!==false) ||
- (strpos($username, '"')!==false) ||
- (strpos($username, '\'')!==false) ||
- (strpos($username, '*')!==false) ||
- (strpos($username, '&')!==false) ||
- (strpos($username, ' ')!==false) ) {
- // these characters are not allowed in usernames
- exit;
-}
-
-
-
$mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true);
if ($mysql_dblink) {
if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
@@ -65,7 +49,7 @@ if ($mysql_dblink) {
// first try to read icon directly
$user_path = date('Y/m/d/', $joindate) . $guid;
- $filename = $dataroot . $user_path . "/profile/" . $username . $size . ".jpg";
+ $filename = "$dataroot$user_path/profile/{$guid}{$size}.jpg";
$contents = @file_get_contents($filename);
if (!empty($contents)) {
header("Content-type: image/jpeg");
@@ -86,4 +70,6 @@ if ($mysql_dblink) {
// simplecache is not turned on or something went wrong so load engine and try that way
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+$user = get_entity($guid);
+set_input('username', $user->username);
require_once(dirname(__FILE__).'/icon.php');