Skip to content

Commit

Permalink
Fixed a bug where User Image Names not always compatible with OS (bug #…
Browse files Browse the repository at this point in the history 
…1002)
  • Loading branch information
@mystralkk
mystralkk committed May 3, 2020
1 parent 34167c0 commit 9fea562
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 31 deletions.
2 changes: 1 addition & 1 deletion public_html/admin/topic.php
View file
Expand Up @@ -884,7 +884,7 @@ function handleIconUpload($tid)
if (!empty($newIcon['name'])) {
$pos = strrpos($newIcon['name'], '.') + 1;
$fExtension = substr($newIcon['name'], $pos);
$filename = 'topic_' . $tid . '.' . $fExtension;
$filename = \Geeklog\FileSystem::normalizeFileName('topic_' . $tid . '.' . $fExtension);
}

// do the upload
Expand Down
45 changes: 18 additions & 27 deletions public_html/usersettings.php
View file
Expand Up @@ -871,10 +871,10 @@ function emailAddressExists($email, $uid)
/**
* Upload new photo, delete old photo
*
* @param string $delete_photo 'on': delete old photo
* @param string $deletePhoto 'on': delete old photo
* @return string filename of new photo (empty = no new photo)
*/
function handlePhotoUpload($delete_photo = '')
function handlePhotoUpload($deletePhoto = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24;

Expand Down Expand Up @@ -918,35 +918,26 @@ function handlePhotoUpload($delete_photo = '')
}

$filename = '';
if (!empty($delete_photo) && ($delete_photo === 'on')) {
$delete_photo = true;
} else {
$delete_photo = false;
}

$curphoto = DB_getItem($_TABLES['users'], 'photo',
"uid = {$_USER['uid']}");
if (empty($curphoto)) {
$delete_photo = false;
$deletePhoto = (!empty($deletePhoto) && ($deletePhoto === 'on'));
$currentPhoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (empty($currentPhoto)) {
$deletePhoto = false;
}

// see if user wants to upload a (new) photo
$newphoto = $_FILES['photo'];
if (!empty($newphoto['name'])) {
$pos = strrpos($newphoto['name'], '.') + 1;
$fextension = substr($newphoto['name'], $pos);
$filename = $_USER['username'] . '.' . $fextension;

if (!empty($curphoto) && ($filename != $curphoto)) {
$delete_photo = true;
} else {
$delete_photo = false;
}
$newPhoto = $_FILES['photo'];
if (!empty($newPhoto['name'])) {
$pos = strrpos($newPhoto['name'], '.') + 1;
$fExtension = substr($newPhoto['name'], $pos);

// Prevent a file name like '::ben.jpg' from being created
$filename = \Geeklog\FileSystem::normalizeFileName($_USER['username'] . '.' . $fExtension);
$deletePhoto = (!empty($currentPhoto) && ($filename !== $currentPhoto));
}

// delete old photo first
if ($delete_photo) {
USER_deletePhoto($curphoto);
if ($deletePhoto) {
USER_deletePhoto($currentPhoto);
}

// now do the upload
Expand Down Expand Up @@ -975,8 +966,8 @@ function handlePhotoUpload($delete_photo = '')
COM_output($display);
exit; // don't return
}
} elseif (!$delete_photo && !empty($curphoto)) {
$filename = $curphoto;
} elseif (!$deletePhoto && !empty($currentPhoto)) {
$filename = $currentPhoto;
}

return $filename;
Expand Down
3 changes: 2 additions & 1 deletion system/classes/FileSystem.php
View file
Expand Up @@ -58,7 +58,8 @@ public static function normalizeFileName($path)
{
$fileName = basename($path);
$fileName = preg_replace('@[\x00-\x1f\x5c\x7f<>:\"/|?*]@', '_', $fileName);
$dir = dirname($path);

return dirname($path) . DIRECTORY_SEPARATOR . $fileName;
return ($dir === '.') ? $fileName : $dir . DIRECTORY_SEPARATOR . $fileName;
}
}
4 changes: 2 additions & 2 deletions system/lib-article.php
View file
Expand Up @@ -2701,8 +2701,8 @@ function service_submit_story($args, &$output, &$svc_msg)
if ($file['error'] == 0) {
$num = str_replace('file', '', $k);
$pos = strrpos($file['name'], '.') + 1;
$fextension = substr($file['name'], $pos);
$ai_fnames[$num] = $sid . '_' . $num . '.' . $fextension;
$fExtension = substr($file['name'], $pos);
$ai_fnames[$num] = $sid . '_' . $num . '.' . $fExtension;
$filenames[] = $ai_fnames[$num];
$uploadFiles[$num] = $file;
}
Expand Down

0 comments on commit 9fea562

Please sign in to comment.