diff options
Diffstat (limited to 'core/Controller/AvatarController.php')
| -rw-r--r-- | core/Controller/AvatarController.php | 62 |
1 files changed, 28 insertions, 34 deletions
diff --git a/core/Controller/AvatarController.php b/core/Controller/AvatarController.php index ac07129a04f..3b87bf15b2f 100644 --- a/core/Controller/AvatarController.php +++ b/core/Controller/AvatarController.php @@ -2,13 +2,16 @@ /** * @copyright Copyright (c) 2016, ownCloud, Inc. * + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @author Daniel Kesselberg <mail@danielkesselberg.de> * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> + * @author John Molakvoæ <skjnldsv@protonmail.com> + * @author Julien Veyssier <eneiluj@posteo.net> * @author Lukas Reschke <lukas@statuscode.ch> * @author Morris Jobke <hey@morrisjobke.de> * @author Roeland Jago Douma <roeland@famdouma.nl> * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Vincent Petry <pvince81@owncloud.com> + * @author Vincent Petry <vincent@nextcloud.com> * * @license AGPL-3.0 * @@ -25,11 +28,9 @@ * along with this program. If not, see <http://www.gnu.org/licenses/> * */ - namespace OC\Core\Controller; use OC\AppFramework\Utility\TimeFactory; -use OCP\Accounts\IAccountManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDisplayResponse; @@ -78,8 +79,6 @@ class AvatarController extends Controller { /** @var TimeFactory */ protected $timeFactory; - /** @var IAccountManager */ - private $accountManager; public function __construct($appName, IRequest $request, @@ -90,8 +89,7 @@ class AvatarController extends Controller { IRootFolder $rootFolder, ILogger $logger, $userId, - TimeFactory $timeFactory, - IAccountManager $accountManager) { + TimeFactory $timeFactory) { parent::__construct($appName, $request); $this->avatarManager = $avatarManager; @@ -102,7 +100,6 @@ class AvatarController extends Controller { $this->logger = $logger; $this->userId = $userId; $this->timeFactory = $timeFactory; - $this->accountManager = $accountManager; } @@ -124,21 +121,6 @@ class AvatarController extends Controller { $size = 64; } - $user = $this->userManager->get($userId); - if ($user === null) { - return new JSONResponse([], Http::STATUS_NOT_FOUND); - } - - $account = $this->accountManager->getAccount($user); - $scope = $account->getProperty(IAccountManager::PROPERTY_AVATAR)->getScope(); - - if ($scope !== IAccountManager::VISIBILITY_PUBLIC && $this->userId === null) { - // Public avatar access is not allowed - $response = new JSONResponse([], Http::STATUS_NOT_FOUND); - $response->cacheFor(1800); - return $response; - } - try { $avatar = $this->avatarManager->getAvatar($userId); $avatarFile = $avatar->getFile($size); @@ -151,8 +133,8 @@ class AvatarController extends Controller { return new JSONResponse([], Http::STATUS_NOT_FOUND); } - // Cache for 30 minutes - $response->cacheFor(1800); + // Cache for 1 day + $response->cacheFor(60 * 60 * 24); return $response; } @@ -173,7 +155,7 @@ class AvatarController extends Controller { if (!($node instanceof File)) { return new JSONResponse(['data' => ['message' => $this->l->t('Please select a file.')]]); } - if ($node->getSize() > 20*1024*1024) { + if ($node->getSize() > 20 * 1024 * 1024) { return new JSONResponse( ['data' => ['message' => $this->l->t('File is too big')]], Http::STATUS_BAD_REQUEST @@ -201,7 +183,7 @@ class AvatarController extends Controller { is_uploaded_file($files['tmp_name'][0]) && !\OC\Files\Filesystem::isFileBlacklisted($files['tmp_name'][0]) ) { - if ($files['size'][0] > 20*1024*1024) { + if ($files['size'][0] > 20 * 1024 * 1024) { return new JSONResponse( ['data' => ['message' => $this->l->t('File is too big')]], Http::STATUS_BAD_REQUEST @@ -211,8 +193,20 @@ class AvatarController extends Controller { $content = $this->cache->get('avatar_upload'); unlink($files['tmp_name'][0]); } else { + $phpFileUploadErrors = [ + UPLOAD_ERR_OK => $this->l->t('The file was uploaded'), + UPLOAD_ERR_INI_SIZE => $this->l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini'), + UPLOAD_ERR_FORM_SIZE => $this->l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'), + UPLOAD_ERR_PARTIAL => $this->l->t('The file was only partially uploaded'), + UPLOAD_ERR_NO_FILE => $this->l->t('No file was uploaded'), + UPLOAD_ERR_NO_TMP_DIR => $this->l->t('Missing a temporary folder'), + UPLOAD_ERR_CANT_WRITE => $this->l->t('Could not write file to disk'), + UPLOAD_ERR_EXTENSION => $this->l->t('A PHP extension stopped the file upload'), + ]; + $message = $phpFileUploadErrors[$files['error'][0]] ?? $this->l->t('Invalid file provided'); + $this->logger->warning($message, ['app' => 'core']); return new JSONResponse( - ['data' => ['message' => $this->l->t('Invalid file provided')]], + ['data' => ['message' => $message]], Http::STATUS_BAD_REQUEST ); } @@ -258,7 +252,7 @@ class AvatarController extends Controller { /** * @NoAdminRequired - * + * * @return JSONResponse */ public function deleteAvatar() { @@ -281,8 +275,8 @@ class AvatarController extends Controller { $tmpAvatar = $this->cache->get('tmpAvatar'); if (is_null($tmpAvatar)) { return new JSONResponse(['data' => [ - 'message' => $this->l->t("No temporary profile picture available, try again") - ]], + 'message' => $this->l->t("No temporary profile picture available, try again") + ]], Http::STATUS_NOT_FOUND); } @@ -319,8 +313,8 @@ class AvatarController extends Controller { $tmpAvatar = $this->cache->get('tmpAvatar'); if (is_null($tmpAvatar)) { return new JSONResponse(['data' => [ - 'message' => $this->l->t("No temporary profile picture available, try again") - ]], + 'message' => $this->l->t("No temporary profile picture available, try again") + ]], Http::STATUS_BAD_REQUEST); } |