Load avatar in header via PHP by Niduroki · Pull Request #7749 · owncloud/core

Niduroki · 2014-03-15T20:31:28Z

Load the avatar in the header via PHP instead of JS.

I can't really test this, because I get #7707 when I try to upload an avatar and thus can't upload avatars …

@owncloud/designers @jbtbnl

jbtbnl · 2014-03-15T20:50:35Z

core/templates/layout.user.php

Div is not allowed to be in the body of span, I suppose you can change the span with id "expand" to a div to solve this.

It wasn't introduced by you but better solve it now :)

blizzz · 2014-04-04T17:21:06Z

@Kondou-ger any update?

Niduroki · 2014-04-05T09:17:48Z

@blizzz I'm still wating for @LukasReschke's opinion to escaping this, and another string. But looks like he forgot me 😄

LukasReschke · 2014-04-05T10:37:11Z

Nah, not forgotten. Just a lot of other stuff to do ;-)

MorrisJobke · 2014-06-02T08:58:43Z

State of this?

Niduroki · 2014-06-02T09:48:00Z

#7749 (comment) is the state of this

MorrisJobke · 2014-08-12T11:30:38Z

@LukasReschke Pingeling.

LukasReschke · 2014-09-17T09:59:31Z

Change to p(), use the UID instead of the displayname and take a look at @jbtbnl's comment then I'm fine with it.

Niduroki · 2014-09-19T01:31:24Z

@LukasReschke since you're not answering me in IRC to do this sort-of confidential I'll just spit this out (it's pretty specific – so if anyone can actually abuse this, good job …), regarding the "other string" from #7749 (comment).

How about escaping this: https://github.com/owncloud/core/blob/master/core/js/jquery.avatar.js#L74 ? LDAP Names that have a ?, # or & may screw this one up. How should we escape this? Is there a p() equivalent in JS?

LukasReschke · 2014-09-19T06:56:17Z

urlencode - but this us not exploitable there since the username !== displayname

Niduroki · 2014-10-19T15:35:29Z

Finally worked on this.
@LukasReschke @jbtbnl please re-review.

ghost · 2014-10-19T16:10:14Z

🚀 Test PASSed. 🚀
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng-simple/705/
🚀 Test PASSed. 🚀

* fix #7484 * use UID, css, and div instead of span

MorrisJobke · 2014-10-23T21:53:46Z

I squashed your commits and added the avatardiv-shown class, because this causes the display name to hide on small screens.

Works 👍

MorrisJobke · 2014-10-23T21:55:12Z

@wakeup @luckydonald @miicha @danbartram @oparoz Feel free to review this. Just check out this branch and set an avatar for the user in the personal settings. then check if it appears in the header and the display name hides on small screens.

scrutinizer-notifier · 2014-10-23T22:03:10Z

The inspection completed: 2 new issues, 1 updated code elements

danbartram · 2014-10-23T22:18:12Z

This works for me.

👍

ghost · 2014-10-23T23:21:20Z

🚀 Test PASSed. 🚀
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng-simple/1116/
🚀 Test PASSed. 🚀

Load avatar in header via PHP

jbtbnl reviewed Mar 15, 2014
View reviewed changes

jancborchardt added the Enhancement label Mar 16, 2014

Niduroki added the Avatars label Mar 23, 2014

Niduroki force-pushed the load_avatar_header_via_php branch from 9f11e5b to c2fe2da Compare August 30, 2014 13:43

LukasReschke added the 3 - To Review label Sep 9, 2014

scolebrook force-pushed the master branch from 4a4ea1d to 9dea79e Compare October 10, 2014 13:32

kondou and others added 2 commits October 23, 2014 23:17

Load avatar in header via PHP

729dffe

* fix #7484 * use UID, css, and div instead of span

add avatardiv-shown class to bring back mobile style

a10b255

MorrisJobke force-pushed the load_avatar_header_via_php branch from 9287c34 to a10b255 Compare October 23, 2014 21:52

MorrisJobke added a commit that referenced this pull request Oct 23, 2014

Merge pull request #7749 from owncloud/load_avatar_header_via_php

4b5a387

Load avatar in header via PHP

MorrisJobke merged commit 4b5a387 into master Oct 23, 2014

MorrisJobke deleted the load_avatar_header_via_php branch October 23, 2014 23:27

Conversation

Niduroki commented Mar 15, 2014

Uh oh!

jbtbnl Mar 15, 2014

Choose a reason for hiding this comment

Uh oh!

jbtbnl Mar 15, 2014

Choose a reason for hiding this comment

Uh oh!

blizzz commented Apr 4, 2014

Uh oh!

Niduroki commented Apr 5, 2014

Uh oh!

LukasReschke commented Apr 5, 2014

Uh oh!

MorrisJobke commented Jun 2, 2014

Uh oh!

Niduroki commented Jun 2, 2014

Uh oh!

MorrisJobke commented Aug 12, 2014

Uh oh!

LukasReschke commented Sep 17, 2014

Uh oh!

Niduroki commented Sep 19, 2014

Uh oh!

LukasReschke commented Sep 19, 2014

Uh oh!

Niduroki commented Oct 19, 2014

Uh oh!

ghost commented Oct 19, 2014

Uh oh!

MorrisJobke commented Oct 23, 2014

Uh oh!

MorrisJobke commented Oct 23, 2014

Uh oh!

scrutinizer-notifier commented Oct 23, 2014

Uh oh!

danbartram commented Oct 23, 2014

Uh oh!

ghost commented Oct 23, 2014

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants