mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-01 14:10:37 +02:00
Code Issues Releases Wiki Activity

Fix avatar uploading permissions

Browse Source 
closes flarum/core#230
This commit is contained in:
Toby Zerner
2015-08-13 12:59:40 +09:30
parent 9c7fab5d8c
commit 6dd6942e17
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Core/Users/Commands/DeleteAvatarHandler.php
View File

@@ -42,7 +42,9 @@ class DeleteAvatarHandler
// Make sure the current user is allowed to edit the user profile.
// This will let admins and the user themselves pass through, and
// throw an exception otherwise.
$user->assertCan($actor, 'edit');
if ($actor->id !== $user->id) {
$user->assertCan($actor, 'edit');
}
$avatarPath = $user->avatar_path;
$user->changeAvatarPath(null);

4
src/Core/Users/Commands/UploadAvatarHandler.php
View File

@@ -48,7 +48,9 @@ class UploadAvatarHandler
// Make sure the current user is allowed to edit the user profile.
// This will let admins and the user themselves pass through, and
// throw an exception otherwise.
$user->assertCan($actor, 'edit');
if ($actor->id !== $user->id) {
$user->assertCan($actor, 'edit');
}
$tmpFile = tempnam(sys_get_temp_dir(), 'avatar');
$command->file->moveTo($tmpFile);