diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-04-30 10:46:17 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-04-30 10:46:17 +0000 |
| commit | 42251d008c06ad0f475f116643c6583fc9a4eda7 (patch) | |
| tree | 0380ef1d4f7224c96612a8951988a59f33c6074e /phpBB/includes/functions_user.php | |
| parent | dc747b8d994b6f5d07182196ed9deed7959a7317 (diff) | |
| download | forums-42251d008c06ad0f475f116643c6583fc9a4eda7.tar forums-42251d008c06ad0f475f116643c6583fc9a4eda7.tar.gz forums-42251d008c06ad0f475f116643c6583fc9a4eda7.tar.bz2 forums-42251d008c06ad0f475f116643c6583fc9a4eda7.tar.xz forums-42251d008c06ad0f475f116643c6583fc9a4eda7.zip | |
Prepare to be yelled at and brace for the tide of bug reports: I had hoped we would not have to do this, but it seems that we have to.
-Route all avatar downloads through download.php - adrien
-Change the way inline attachments are delivered
-Fixes a few (unreported) bugs, notably avatar upload during group generation
-#10079
git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 70 |
1 files changed, 62 insertions, 8 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 02665810ac..055ab7c283 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1489,6 +1489,8 @@ function validate_email($email, $allowed_email = false) return false; } + + /** * Remove avatar */ @@ -1499,15 +1501,16 @@ function avatar_delete($mode, $row) // Check if the users avatar is actually *not* a group avatar if ($mode == 'user') { - if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 || strpos($row['user_avatar'], $row['user_id'] . '_') !== 0) + if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id']))) { return false; } } - - if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']))) + + $filename = get_avatar_filename($row[$mode . '_avatar']); + if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename)) { - @unlink($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])); + @unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename); return true; } @@ -1612,8 +1615,9 @@ function avatar_upload($data, &$error) { $file = $upload->remote_upload($data['uploadurl']); } - - $file->clean_filename('real', $data['user_id'] . '_'); + + $prefix = $config['avatar_salt'] . '_'; + $file->clean_filename('avatar', $prefix, $data['user_id']); $destination = $config['avatar_path']; @@ -1638,7 +1642,29 @@ function avatar_upload($data, &$error) $error = array_merge($error, $file->error); } - return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height')); + return array(AVATAR_UPLOAD, $data['user_id'] . '_' . substr(time(), -5) . '.' . $file->get('extension'), $file->get('width'), $file->get('height')); +} + +/** +* Generates avatar filename from the database entry +*/ +function get_avatar_filename($avatar_entry) +{ + global $config; + + + if ($avatar_entry[0] === 'g') + { + $avatar_group = true; + $avatar_entry = substr($avatar_entry, 1); + } + else + { + $avatar_group = false; + } + $ext = substr(strrchr($avatar_entry, '.'), 1); + $avatar_entry = intval($avatar_entry); + return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext; } /** @@ -1858,7 +1884,7 @@ function avatar_process_user(&$error, $custom_userdata = false) $userdata = ($custom_userdata === false) ? $user->data : $custom_userdata; // Delete old avatar if present - if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY) + if ($userdata['user_avatar'] && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete('user', $userdata); } @@ -1966,6 +1992,10 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow if (!$group_id) { $group_id = $db->sql_nextid(); + if ($sql_ary['group_avatar_type'] == AVATAR_UPLOAD) + { + group_correct_avatar($group_id, $sql_ary['group_avatar']); + } } // Set user attributes @@ -2016,6 +2046,30 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow return (sizeof($error)) ? $error : false; } + +/** +* Changes a group avatar's filename to conform to the naming scheme +*/ +function group_correct_avatar($group_id, $old_entry) +{ + global $config, $db, $phpbb_root_path; + + $group_id = (int)$group_id; + $ext = substr(strrchr($old_entry, '.'), 1); + $old_filename = get_avatar_filename($old_entry); + $new_filename = $config['avatar_salt'] . "_g$group_id.$ext"; + $new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext"; + + $avatar_path = $phpbb_root_path . $config['avatar_path']; + if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename)) + { + $sql = 'UPDATE ' . GROUPS_TABLE . ' + SET group_avatar = \'' . $db->sql_escape($new_entry) . "' + WHERE group_id = $group_id"; + $db->sql_query($sql); + } +} + /** * Group Delete */ |