Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/22/2016 09:09:37 PM (7 years ago)
Author:
djpaul
Message:

Avatars: improve robustness of crop process by confirming crop data.

For trunk/2.8.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/classes/class-bp-attachment-avatar.php

    r10899 r11334  
    205205        }
    206206
     207        if ( ! bp_attachments_current_user_can( 'edit_avatar', $args ) ) {
     208            return false;
     209        }
     210
     211        if ( 'user' === $args['object'] ) {
     212            $avatar_dir = 'avatars';
     213        } else {
     214            $avatar_dir = sanitize_key( $args['object'] ) . '-avatars';
     215        }
     216
     217        $args['item_id'] = (int) $args['item_id'];
     218
    207219        /**
    208220         * Original file is a relative path to the image
    209221         * eg: /avatars/1/avatar.jpg
    210222         */
    211         $relative_path = $args['original_file'];
     223        $relative_path = sprintf( '/%s/%s/%s', $avatar_dir, $args['item_id'], basename( $args['original_file'] ) );
    212224        $absolute_path = $this->upload_path . $relative_path;
    213225
Note: See TracChangeset for help on using the changeset viewer.