aboutsummaryrefslogtreecommitdiff
path: root/mod/profile
diff options
context:
space:
mode:
Diffstat (limited to 'mod/profile')
-rw-r--r--mod/profile/actions/cropicon.php18
-rw-r--r--mod/profile/actions/iconupload.php4
-rw-r--r--mod/profile/icon.php7
-rw-r--r--mod/profile/icondirect.php20
-rw-r--r--mod/profile/start.php4
5 files changed, 19 insertions, 34 deletions
diff --git a/mod/profile/actions/cropicon.php b/mod/profile/actions/cropicon.php
index 5bba84a8c..b0dc0fa61 100644
--- a/mod/profile/actions/cropicon.php
+++ b/mod/profile/actions/cropicon.php
@@ -1,7 +1,7 @@
<?php
/**
* Elgg profile plugin upload new user icon action
- *
+ *
* @package ElggProfile
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd <info@elgg.com>
@@ -28,28 +28,28 @@ $filehandler = new ElggFile();
$filehandler->owner_guid = $profile_owner->getGUID();
$filehandler->setFilename("profile/" . $profile_owner->username . "master" . ".jpg");
$filename = $filehandler->getFilenameOnFilestore();
-
+
$topbar = get_resized_image_from_existing_file($filename, 16, 16, true, $x1, $y1, $x2, $y2, TRUE);
$tiny = get_resized_image_from_existing_file($filename, 25, 25, true, $x1, $y1, $x2, $y2, TRUE);
$small = get_resized_image_from_existing_file($filename, 40, 40, true, $x1, $y1, $x2, $y2, TRUE);
$medium = get_resized_image_from_existing_file($filename, 100, 100, true, $x1, $y1, $x2, $y2, TRUE);
-
+
if ($small !== FALSE && $medium !== FALSE && $tiny !== FALSE) {
$filehandler = new ElggFile();
$filehandler->owner_guid = $profile_owner->getGUID();
- $filehandler->setFilename("profile/" . $profile_owner->username . "medium.jpg");
+ $filehandler->setFilename("profile/" . $profile_owner->guid . "medium.jpg");
$filehandler->open("write");
$filehandler->write($medium);
$filehandler->close();
- $filehandler->setFilename("profile/" . $profile_owner->username . "small.jpg");
+ $filehandler->setFilename("profile/" . $profile_owner->guid . "small.jpg");
$filehandler->open("write");
$filehandler->write($small);
$filehandler->close();
- $filehandler->setFilename("profile/" . $profile_owner->username . "tiny.jpg");
+ $filehandler->setFilename("profile/" . $profile_owner->guid . "tiny.jpg");
$filehandler->open("write");
$filehandler->write($tiny);
$filehandler->close();
- $filehandler->setFilename("profile/" . $profile_owner->username . "topbar.jpg");
+ $filehandler->setFilename("profile/" . $profile_owner->guid . "topbar.jpg");
$filehandler->open("write");
$filehandler->write($topbar);
$filehandler->close();
@@ -58,14 +58,14 @@ if ($small !== FALSE && $medium !== FALSE && $tiny !== FALSE) {
$profile_owner->x2 = $x2;
$profile_owner->y1 = $y1;
$profile_owner->y2 = $y2;
-
+
$profile_owner->icontime = time();
system_message(elgg_echo("profile:icon:uploaded"));
} else {
register_error(elgg_echo("profile:icon:notfound"));
}
-
+
//forward the user back to the upload page to crop
$url = "{$vars['url']}pg/profile/{$profile_owner->username}/edit/icon";
diff --git a/mod/profile/actions/iconupload.php b/mod/profile/actions/iconupload.php
index a0cb24c3d..23d1967a6 100644
--- a/mod/profile/actions/iconupload.php
+++ b/mod/profile/actions/iconupload.php
@@ -1,7 +1,7 @@
<?php
/**
* Elgg profile plugin upload new user icon action
- *
+ *
* @package ElggProfile
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd <info@elgg.com>
@@ -41,7 +41,7 @@ foreach ($icon_sizes as $name => $size_info) {
//@todo Make these actual entities. See exts #348.
$file = new ElggFile();
$file->owner_guid = $profile_owner_guid;
- $file->setFilename("profile/{$profile_username}{$name}.jpg");
+ $file->setFilename("profile/{$profile_owner_guid}{$name}.jpg");
$file->open('write');
$file->write($resized);
$file->close();
diff --git a/mod/profile/icon.php b/mod/profile/icon.php
index da7667c8b..d7d7247c5 100644
--- a/mod/profile/icon.php
+++ b/mod/profile/icon.php
@@ -1,7 +1,7 @@
<?php
/**
* Elgg profile icon
-*
+*
* @package ElggProfile
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd <info@elgg.com>
@@ -13,7 +13,6 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
// Get the owning user
$user = page_owner_entity();
-$username = $user->username;
// Get the size
$size = strtolower(get_input('size'));
@@ -30,13 +29,13 @@ if (!$user) {
// Try and get the icon
$filehandler = new ElggFile();
$filehandler->owner_guid = $user->getGUID();
-$filehandler->setFilename("profile/" . $username . $size . ".jpg");
+$filehandler->setFilename("profile/" . $user->getGUID() . $size . ".jpg");
$success = false;
if ($filehandler->open("read")) {
if ($contents = $filehandler->read($filehandler->size())) {
$success = true;
- }
+ }
}
if (!$success) {
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index 8a46786ab..c84955fa5 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -16,8 +16,6 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
global $CONFIG;
-
-$username = $_GET['username'];
$joindate = (int)$_GET['joindate'];
$guid = (int)$_GET['guid'];
@@ -26,20 +24,6 @@ if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) {
$size = "medium";
}
-// security check on username string
-if ( (strpos($username, '/')!==false) ||
- (strpos($username, '\\')!==false) ||
- (strpos($username, '"')!==false) ||
- (strpos($username, '\'')!==false) ||
- (strpos($username, '*')!==false) ||
- (strpos($username, '&')!==false) ||
- (strpos($username, ' ')!==false) ) {
- // these characters are not allowed in usernames
- exit;
-}
-
-
-
$mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true);
if ($mysql_dblink) {
if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
@@ -65,7 +49,7 @@ if ($mysql_dblink) {
// first try to read icon directly
$user_path = date('Y/m/d/', $joindate) . $guid;
- $filename = $dataroot . $user_path . "/profile/" . $username . $size . ".jpg";
+ $filename = "$dataroot$user_path/profile/{$guid}{$size}.jpg";
$contents = @file_get_contents($filename);
if (!empty($contents)) {
header("Content-type: image/jpeg");
@@ -86,4 +70,6 @@ if ($mysql_dblink) {
// simplecache is not turned on or something went wrong so load engine and try that way
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+$user = get_entity($guid);
+set_input('username', $user->username);
require_once(dirname(__FILE__).'/icon.php');
diff --git a/mod/profile/start.php b/mod/profile/start.php
index 17a55e1f9..adac92aef 100644
--- a/mod/profile/start.php
+++ b/mod/profile/start.php
@@ -253,11 +253,11 @@ function profile_usericon_hook($hook, $entity_type, $returnvalue, $params){
$filehandler = new ElggFile();
$filehandler->owner_guid = $entity->getGUID();
- $filehandler->setFilename("profile/" . $username . $size . ".jpg");
+ $filehandler->setFilename("profile/" . $entity->guid . $size . ".jpg");
if ($filehandler->exists()) {
//$url = $CONFIG->url . "pg/icon/$username/$size/$icontime.jpg";
- return $CONFIG->wwwroot . 'mod/profile/icondirect.php?lastcache='.$icontime.'&username='.$entity->username.'&joindate=' . $entity->time_created . '&guid=' . $entity->guid . '&size='.$size;
+ return $CONFIG->wwwroot . 'mod/profile/icondirect.php?lastcache='.$icontime.'&joindate=' . $entity->time_created . '&guid=' . $entity->guid . '&size='.$size;
}
}
}