From aa88eea9cf366c07b0a311adc5ee64f0ae86ff33 Mon Sep 17 00:00:00 2001
From: kondou <kondou@ts.unde.re>
Date: Sat, 31 Aug 2013 18:27:28 +0200
Subject: [PATCH] Sanitize displayname, respect data @ $element, fix routename,
clean after cropping, updateAvatar with displayname
---
core/avatar/controller.php | 4 ++--
core/js/jquery.avatar.js | 13 +++++++++++--
core/routes.php | 7 +++----
settings/css/settings.css | 3 ---
settings/js/personal.js | 3 ++-
5 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/core/avatar/controller.php b/core/avatar/controller.php
index 66ee7edafb..85ac251d09 100644
--- a/core/avatar/controller.php
+++ b/core/avatar/controller.php
@@ -25,8 +25,8 @@ class OC_Core_Avatar_Controller {
$size = 64;
}
- $ava = new \OC_Avatar();
- $image = $ava->get($user, $size);
+ $avatar = new \OC_Avatar();
+ $image = $avatar->get($user, $size);
if ($image instanceof \OC_Image) {
$image->show();
diff --git a/core/js/jquery.avatar.js b/core/js/jquery.avatar.js
index bd57a542fa..b4fa524f47 100644
--- a/core/js/jquery.avatar.js
+++ b/core/js/jquery.avatar.js
@@ -10,6 +10,8 @@
if (typeof(size) === 'undefined') {
if (this.height() > 0) {
size = this.height();
+ } else if (this.data('size') > 0) {
+ size = this.data('size');
} else {
size = 64;
}
@@ -19,10 +21,17 @@
this.width(size);
if (typeof(user) === 'undefined') {
- this.placeholder('x');
- return;
+ if (typeof(this.data('user')) !== 'undefined') {
+ user = this.data('user');
+ } else {
+ this.placeholder('x');
+ return;
+ }
}
+ // sanitize
+ user = user.replace(/\//g,'');
+
var $div = this;
//$.get(OC.Router.generate('core_avatar_get', {user: user, size: size}), function(result) { // TODO does not work "Uncaught TypeError: Cannot use 'in' operator to search for 'core_avatar_get' in undefined" router.js L22
diff --git a/core/routes.php b/core/routes.php
index d2ad699bd0..a0d06bf807 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -59,8 +59,10 @@ $this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{
->action('OC_Core_LostPassword_Controller', 'resetPassword');
// Avatar routes
+$this->create('core_avatar_get_tmp', '/avatar/tmp')
+ ->get()
+ ->action('OC_Core_Avatar_Controller', 'getTmpAvatar');
$this->create('core_avatar_get', '/avatar/{user}/{size}')
- ->defaults(array('user' => '', 'size' => 64))
->get()
->action('OC_Core_Avatar_Controller', 'getAvatar');
$this->create('core_avatar_post', '/avatar/')
@@ -69,9 +71,6 @@ $this->create('core_avatar_post', '/avatar/')
$this->create('core_avatar_delete', '/avatar/')
->delete()
->action('OC_Core_Avatar_Controller', 'deleteAvatar');
-$this->create('core_avatar_get_tmp', '/avatartmp/') //TODO better naming, so it doesn't conflict with core_avatar_get
- ->get()
- ->action('OC_Core_Avatar_Controller', 'getTmpAvatar');
$this->create('core_avatar_post_cropped', '/avatar/cropped')
->post()
->action('OC_Core_Avatar_Controller', 'postCroppedAvatar');
diff --git a/settings/css/settings.css b/settings/css/settings.css
index a2c3eaf626..7b147d5b96 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -37,9 +37,6 @@ td.name, td.password { padding-left:.8em; }
td.password>img,td.displayName>img, td.remove>a, td.quota>img { visibility:hidden; }
td.password, td.quota, td.displayName { width:12em; cursor:pointer; }
td.password>span, td.quota>span, rd.displayName>span { margin-right: 1.2em; color: #C7C7C7; }
-td.avatar img {
- margin-top: 6px;
-}
td.remove { width:1em; padding-right:1em; }
tr:hover>td.password>span, tr:hover>td.displayName>span { margin:0; cursor:pointer; }
diff --git a/settings/js/personal.js b/settings/js/personal.js
index a62b37d8d4..e2e9c69e43 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -34,6 +34,7 @@ function changeDisplayName(){
$('#oldDisplayName').text($('#displayName').val());
// update displayName on the top right expand button
$('#expandDisplayName').text($('#displayName').val());
+ updateAvatar();
}
else{
$('#newdisplayname').val(data.data.displayName);
@@ -82,7 +83,6 @@ function showAvatarCropper() {
}
function sendCropData() {
- $('#cropperbox').ocdialog('close');
var cropperdata = $('#cropper').data();
var data = {
x: cropperdata.x,
@@ -90,6 +90,7 @@ function sendCropData() {
w: cropperdata.w,
h: cropperdata.h
};
+ $('#cropperbox').remove();
$.post(OC.Router.generate('core_avatar_post_cropped'), {crop: data}, avatarResponseHandler);
}
--
GitLab