Bugtracker #3994 - tighten up image checking

2025-01-17 04:38:27 +01:00 · 2007-06-25 20:09:30 +00:00 · 2007-06-25 20:09:30 +00:00 · 38114fdcd6
commit 38114fdcd6
parent 9a3fc4d986
2 changed files with 15 additions and 10 deletions
--- a/e107_handlers/resize_handler.php
+++ b/e107_handlers/resize_handler.php
@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_handlers/resize_handler.php,v $
-|     $Revision: 1.3 $
-|     $Date: 2007-05-29 18:56:53 $
+|     $Revision: 1.4 $
+|     $Date: 2007-06-25 20:09:29 $
 |     $Author: e107steved $
 |
 | Mod to support GIF (for gd at least)
@ -56,7 +56,7 @@ function resize_image($source_file, $destination_file, $type = "upload", $model
 */ 
 	if ($image_stats == null) 
 	{
-	  echo "<b>DEBUG</b> image_stats are null<br />";
+//	  echo "<b>DEBUG</b> image_stats are null<br />";
 	  return false;
 	}
 	 
--- a/usersettings.php
+++ b/usersettings.php
@ -11,9 +11,9 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/usersettings.php,v $
-|     $Revision: 1.9 $
-|     $Date: 2007-06-13 22:13:58 $
-|     $Author: e107coders $
+|     $Revision: 1.10 $
+|     $Date: 2007-06-25 20:09:30 $
+|     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */

@ -130,7 +130,7 @@ if (isset($_POST['updatesettings']))
 	$signup_option_names = array("realname", "signature", "image", "timezone", "class");

 	foreach($signup_option_names as $key => $value)
-	{  // Check required signup fields 
+	{  // Check required signup fields
 		if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid)
 		{
 			$error .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n";
@ -153,7 +153,7 @@ if (isset($_POST['updatesettings']))
 	}
 	  $_POST['loginname'] = $temp_name;
 	}
-	
+

 // Password checks
 	$pwreset = "";
@ -194,7 +194,7 @@ if (isset($_POST['updatesettings']))
 	}

 	// Check for duplicate of email address
-	if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".$inp."' ")) 
+	if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".$inp."' "))
 	{
 	  	$error .= LAN_408."\\n";
 	}
@ -239,7 +239,12 @@ if (isset($_POST['updatesettings']))
 			{
 				// photograph uploaded
 				$user_sess = ($pref['avatar_upload'] ? $uploaded[1]['name'] : $uploaded[0]['name']);
-				resize_image(e_FILE."public/avatars/".$user_sess, e_FILE."public/avatars/".$user_sess, 180);
+				if (!resize_image(e_FILE."public/avatars/".$user_sess, e_FILE."public/avatars/".$user_sess, 180))
+				{
+					unset($message);
+					$error .= RESIZE_NOT_SUPPORTED."\\n";
+					@unlink(e_FILE."public/avatars/".$user_sess);
+				}
 			}
 		}
 	}