diff options
Diffstat (limited to 'mod/profile')
-rw-r--r-- | mod/profile/actions/cropicon.php | 18 | ||||
-rw-r--r-- | mod/profile/actions/iconupload.php | 4 | ||||
-rw-r--r-- | mod/profile/icon.php | 7 | ||||
-rw-r--r-- | mod/profile/icondirect.php | 20 | ||||
-rw-r--r-- | mod/profile/start.php | 4 |
5 files changed, 19 insertions, 34 deletions
diff --git a/mod/profile/actions/cropicon.php b/mod/profile/actions/cropicon.php index 5bba84a8c..b0dc0fa61 100644 --- a/mod/profile/actions/cropicon.php +++ b/mod/profile/actions/cropicon.php @@ -1,7 +1,7 @@ <?php /** * Elgg profile plugin upload new user icon action - * + * * @package ElggProfile * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 * @author Curverider Ltd <info@elgg.com> @@ -28,28 +28,28 @@ $filehandler = new ElggFile(); $filehandler->owner_guid = $profile_owner->getGUID(); $filehandler->setFilename("profile/" . $profile_owner->username . "master" . ".jpg"); $filename = $filehandler->getFilenameOnFilestore(); - + $topbar = get_resized_image_from_existing_file($filename, 16, 16, true, $x1, $y1, $x2, $y2, TRUE); $tiny = get_resized_image_from_existing_file($filename, 25, 25, true, $x1, $y1, $x2, $y2, TRUE); $small = get_resized_image_from_existing_file($filename, 40, 40, true, $x1, $y1, $x2, $y2, TRUE); $medium = get_resized_image_from_existing_file($filename, 100, 100, true, $x1, $y1, $x2, $y2, TRUE); - + if ($small !== FALSE && $medium !== FALSE && $tiny !== FALSE) { $filehandler = new ElggFile(); $filehandler->owner_guid = $profile_owner->getGUID(); - $filehandler->setFilename("profile/" . $profile_owner->username . "medium.jpg"); + $filehandler->setFilename("profile/" . $profile_owner->guid . "medium.jpg"); $filehandler->open("write"); $filehandler->write($medium); $filehandler->close(); - $filehandler->setFilename("profile/" . $profile_owner->username . "small.jpg"); + $filehandler->setFilename("profile/" . $profile_owner->guid . "small.jpg"); $filehandler->open("write"); $filehandler->write($small); $filehandler->close(); - $filehandler->setFilename("profile/" . $profile_owner->username . "tiny.jpg"); + $filehandler->setFilename("profile/" . $profile_owner->guid . "tiny.jpg"); $filehandler->open("write"); $filehandler->write($tiny); $filehandler->close(); - $filehandler->setFilename("profile/" . $profile_owner->username . "topbar.jpg"); + $filehandler->setFilename("profile/" . $profile_owner->guid . "topbar.jpg"); $filehandler->open("write"); $filehandler->write($topbar); $filehandler->close(); @@ -58,14 +58,14 @@ if ($small !== FALSE && $medium !== FALSE && $tiny !== FALSE) { $profile_owner->x2 = $x2; $profile_owner->y1 = $y1; $profile_owner->y2 = $y2; - + $profile_owner->icontime = time(); system_message(elgg_echo("profile:icon:uploaded")); } else { register_error(elgg_echo("profile:icon:notfound")); } - + //forward the user back to the upload page to crop $url = "{$vars['url']}pg/profile/{$profile_owner->username}/edit/icon"; diff --git a/mod/profile/actions/iconupload.php b/mod/profile/actions/iconupload.php index a0cb24c3d..23d1967a6 100644 --- a/mod/profile/actions/iconupload.php +++ b/mod/profile/actions/iconupload.php @@ -1,7 +1,7 @@ <?php /** * Elgg profile plugin upload new user icon action - * + * * @package ElggProfile * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 * @author Curverider Ltd <info@elgg.com> @@ -41,7 +41,7 @@ foreach ($icon_sizes as $name => $size_info) { //@todo Make these actual entities. See exts #348. $file = new ElggFile(); $file->owner_guid = $profile_owner_guid; - $file->setFilename("profile/{$profile_username}{$name}.jpg"); + $file->setFilename("profile/{$profile_owner_guid}{$name}.jpg"); $file->open('write'); $file->write($resized); $file->close(); diff --git a/mod/profile/icon.php b/mod/profile/icon.php index da7667c8b..d7d7247c5 100644 --- a/mod/profile/icon.php +++ b/mod/profile/icon.php @@ -1,7 +1,7 @@ <?php /** * Elgg profile icon -* +* * @package ElggProfile * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 * @author Curverider Ltd <info@elgg.com> @@ -13,7 +13,6 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); // Get the owning user $user = page_owner_entity(); -$username = $user->username; // Get the size $size = strtolower(get_input('size')); @@ -30,13 +29,13 @@ if (!$user) { // Try and get the icon $filehandler = new ElggFile(); $filehandler->owner_guid = $user->getGUID(); -$filehandler->setFilename("profile/" . $username . $size . ".jpg"); +$filehandler->setFilename("profile/" . $user->getGUID() . $size . ".jpg"); $success = false; if ($filehandler->open("read")) { if ($contents = $filehandler->read($filehandler->size())) { $success = true; - } + } } if (!$success) { diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index 8a46786ab..c84955fa5 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -16,8 +16,6 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); global $CONFIG; - -$username = $_GET['username']; $joindate = (int)$_GET['joindate']; $guid = (int)$_GET['guid']; @@ -26,20 +24,6 @@ if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) { $size = "medium"; } -// security check on username string -if ( (strpos($username, '/')!==false) || - (strpos($username, '\\')!==false) || - (strpos($username, '"')!==false) || - (strpos($username, '\'')!==false) || - (strpos($username, '*')!==false) || - (strpos($username, '&')!==false) || - (strpos($username, ' ')!==false) ) { - // these characters are not allowed in usernames - exit; -} - - - $mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true); if ($mysql_dblink) { if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) { @@ -65,7 +49,7 @@ if ($mysql_dblink) { // first try to read icon directly $user_path = date('Y/m/d/', $joindate) . $guid; - $filename = $dataroot . $user_path . "/profile/" . $username . $size . ".jpg"; + $filename = "$dataroot$user_path/profile/{$guid}{$size}.jpg"; $contents = @file_get_contents($filename); if (!empty($contents)) { header("Content-type: image/jpeg"); @@ -86,4 +70,6 @@ if ($mysql_dblink) { // simplecache is not turned on or something went wrong so load engine and try that way require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); +$user = get_entity($guid); +set_input('username', $user->username); require_once(dirname(__FILE__).'/icon.php'); diff --git a/mod/profile/start.php b/mod/profile/start.php index 17a55e1f9..adac92aef 100644 --- a/mod/profile/start.php +++ b/mod/profile/start.php @@ -253,11 +253,11 @@ function profile_usericon_hook($hook, $entity_type, $returnvalue, $params){ $filehandler = new ElggFile(); $filehandler->owner_guid = $entity->getGUID(); - $filehandler->setFilename("profile/" . $username . $size . ".jpg"); + $filehandler->setFilename("profile/" . $entity->guid . $size . ".jpg"); if ($filehandler->exists()) { //$url = $CONFIG->url . "pg/icon/$username/$size/$icontime.jpg"; - return $CONFIG->wwwroot . 'mod/profile/icondirect.php?lastcache='.$icontime.'&username='.$entity->username.'&joindate=' . $entity->time_created . '&guid=' . $entity->guid . '&size='.$size; + return $CONFIG->wwwroot . 'mod/profile/icondirect.php?lastcache='.$icontime.'&joindate=' . $entity->time_created . '&guid=' . $entity->guid . '&size='.$size; } } } |