From 3850904d467fe0ca6cb8800a75f1b9e233bf8d90 Mon Sep 17 00:00:00 2001 From: marcus Date: Mon, 6 Jul 2009 11:03:28 +0000 Subject: * Closes #1104: Edit profile and edit icon links on pulldown menu for editable users. * Closes #545: Admins are now able to edit profiles and icons of other users. * CSRF protection added to icon upload and edit code. * Version bump. git-svn-id: https://code.elgg.org/elgg/trunk@3387 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/profile/actions/iconupload.php | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) (limited to 'mod/profile/actions/iconupload.php') diff --git a/mod/profile/actions/iconupload.php b/mod/profile/actions/iconupload.php index aec433bbd..3bfbe5ceb 100644 --- a/mod/profile/actions/iconupload.php +++ b/mod/profile/actions/iconupload.php @@ -9,11 +9,21 @@ * @copyright Curverider Ltd 2008-2009 * @link http://elgg.com/ */ - + + gatekeeper(); + action_gatekeeper(); + + $user = page_owner_entity(); + if (!$user) + $user = $_SESSION['user']; + // If we were given a correct icon if ( - isloggedin() + (isloggedin()) && + ($user) && + ($user->canEdit()) ) { + $topbar = get_resized_image_from_uploaded_file('profileicon',16,16, true); $tiny = get_resized_image_from_uploaded_file('profileicon',25,25, true); @@ -28,40 +38,40 @@ && $tiny !== false) { $filehandler = new ElggFile(); - $filehandler->owner_guid = $_SESSION['user']->getGUID(); - $filehandler->setFilename("profile/" . $_SESSION['user']->username . "large.jpg"); + $filehandler->owner_guid = $user->getGUID(); + $filehandler->setFilename("profile/" . $user->username . "large.jpg"); $filehandler->open("write"); $filehandler->write($large); $filehandler->close(); - $filehandler->setFilename("profile/" . $_SESSION['user']->username . "medium.jpg"); + $filehandler->setFilename("profile/" . $user->username . "medium.jpg"); $filehandler->open("write"); $filehandler->write($medium); $filehandler->close(); - $filehandler->setFilename("profile/" . $_SESSION['user']->username . "small.jpg"); + $filehandler->setFilename("profile/" . $user->username . "small.jpg"); $filehandler->open("write"); $filehandler->write($small); $filehandler->close(); - $filehandler->setFilename("profile/" . $_SESSION['user']->username . "tiny.jpg"); + $filehandler->setFilename("profile/" . $user->username . "tiny.jpg"); $filehandler->open("write"); $filehandler->write($tiny); $filehandler->close(); - $filehandler->setFilename("profile/" . $_SESSION['user']->username . "topbar.jpg"); + $filehandler->setFilename("profile/" . $user->username . "topbar.jpg"); $filehandler->open("write"); $filehandler->write($topbar); $filehandler->close(); - $filehandler->setFilename("profile/" . $_SESSION['user']->username . "master.jpg"); + $filehandler->setFilename("profile/" . $user->username . "master.jpg"); $filehandler->open("write"); $filehandler->write($master); $filehandler->close(); - $_SESSION['user']->icontime = time(); + $user->icontime = time(); system_message(elgg_echo("profile:icon:uploaded")); - trigger_elgg_event('profileiconupdate',$_SESSION['user']->type,$_SESSION['user']); + trigger_elgg_event('profileiconupdate',$user->type,$user); //add to river - add_to_river('river/user/default/profileiconupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid); + add_to_river('river/user/default/profileiconupdate','update',$user->guid,$user->guid); } else { system_message(elgg_echo("profile:icon:notfound")); @@ -75,7 +85,7 @@ //forward the user back to the upload page to crop - $url = "mod/profile/editicon.php"; + $url = "pg/profile/{$user->username}/editicon/"; if (isloggedin()) forward($url); -- cgit v1.2.3