diff --git a/phpBB/includes/avatar/driver/local.php b/phpBB/includes/avatar/driver/local.php index 4c15b5de2e..f9b7662e93 100644 --- a/phpBB/includes/avatar/driver/local.php +++ b/phpBB/includes/avatar/driver/local.php @@ -58,43 +58,41 @@ class phpbb_avatar_driver_local extends phpbb_avatar_driver $dh = @opendir($path); - if (!$dh) + if ($dh) { - return $avatar_list; - } - - while (($cat = readdir($dh)) !== false) { - if ($cat[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $cat) && is_dir("$path/$cat")) - { - if ($ch = @opendir("$path/$cat")) + while (($cat = readdir($dh)) !== false) { + if ($cat[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $cat) && is_dir("$path/$cat")) { - while (($image = readdir($ch)) !== false) + if ($ch = @opendir("$path/$cat")) { - // Match all images in the gallery folder - if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $image)) + while (($image = readdir($ch)) !== false) { - if (function_exists('getimagesize')) + // Match all images in the gallery folder + if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $image)) { - $dims = getimagesize($this->phpbb_root_path . $this->config['avatar_gallery_path'] . '/' . $cat . '/' . $image); + if (function_exists('getimagesize')) + { + $dims = getimagesize($this->phpbb_root_path . $this->config['avatar_gallery_path'] . '/' . $cat . '/' . $image); + } + else + { + $dims = array(0, 0); + } + $avatar_list[$cat][$image] = array( + 'file' => rawurlencode($cat) . '/' . rawurlencode($image), + 'filename' => rawurlencode($image), + 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $image))), + 'width' => $dims[0], + 'height' => $dims[1], + ); } - else - { - $dims = array(0, 0); - } - $avatar_list[$cat][$image] = array( - 'file' => rawurlencode($cat) . '/' . rawurlencode($image), - 'filename' => rawurlencode($image), - 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $image))), - 'width' => $dims[0], - 'height' => $dims[1], - ); } + @closedir($ch); } - @closedir($ch); } } + @closedir($dh); } - @closedir($dh); @ksort($avatar_list); diff --git a/phpBB/includes/avatar/driver/upload.php b/phpBB/includes/avatar/driver/upload.php index 84168722ec..cbc46e0e49 100644 --- a/phpBB/includes/avatar/driver/upload.php +++ b/phpBB/includes/avatar/driver/upload.php @@ -49,26 +49,69 @@ class phpbb_avatar_driver_upload extends phpbb_avatar_driver */ public function handle_form($template, $user_row, &$error, $submitted = false) { - if ($submitted) { - $error[] = 'TODO'; - return ''; - } - else - { - $can_upload = (file_exists($this->phpbb_root_path . $this->config['avatar_path']) && phpbb_is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; - if ($can_upload) - { - $template->assign_vars(array( - 'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false, - 'AV_UPLOAD_SIZE' => $this->config['avatar_filesize'], - )); + $can_upload = (file_exists($this->phpbb_root_path . $this->config['avatar_path']) && phpbb_is_writable($this->phpbb_root_path . $this->config['avatar_path']) && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; - return true; + if ($can_upload == false) + { + return false; + } + + if ($submitted) + { + include_once($this->phpbb_root_path . 'includes/functions_upload.' . $this->phpEx); + + $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false)); + + $url = request_var('av_upload_url', ''); + + if (!empty($_FILES['av_upload_file']['name'])) + { + $file = $upload->form_upload('av_upload_file'); } else { + $file = $upload->remote_upload($url); + } + + $prefix = $this->config['avatar_salt'] . '_'; + $file->clean_filename('avatar', $prefix, $user_row['user_id']); + + $destination = $this->config['avatar_path']; + + // Adjust destination path (no trailing slash) + if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\') + { + $destination = substr($destination, 0, -1); + } + + $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); + if ($destination && ($destination[0] == '/' || $destination[0] == "\\")) + { + $destination = ''; + } + + // Move file and overwrite any existing image + $file->move_file($destination, true); + + if (sizeof($file->error)) + { + $file->remove(); + $error = array_merge($error, $file->error); return false; } + + return array( + 'user_avatar' => $user_row['user_id'] . '_' . time() . '.' . $file->get('extension'), + 'user_avatar_width' => $file->get('width'), + 'user_avatar_height' => $file->get('height'), + ); } + + $template->assign_vars(array( + 'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false, + 'AV_UPLOAD_SIZE' => $this->config['avatar_filesize'], + )); + + return true; } } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 5d7dbe12d8..a815ec7987 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -570,7 +570,7 @@ class ucp_profile { $result = $avatar->handle_form($template, $user->data, $error, true); - if (empty($error)) + if ($result && empty($error)) { // Success! Lets save the result in the database $result['user_avatar_type'] = $driver;